ASA

In this tutorial I am going to show you how we can configure site to site VPN on two IOS routers. In this example I have used 3750 Router in emulated environment. VPN stands for Virtual Private Network, in which you extend your corporate network across internet in secure fashion. In VPN it has different types and two main types are as follows: Site-to-Site VPN Remote Access VPN Site-to-Site is manly used to do connectivity between HQ and branches. Whereas, Remote Access is mainly used by mobile user, software is installed and proper credentials provided so that they can connect to Corporate Network from anywhere and can access anything they are authorized for. Following is diagram with related information we need to start with. So there are following steps your need to do on both routers in order to make them communicate over the Service Provider Network Securely. Step 1: IKE Phase 1 Step 2: IKE Phase key Step 3: IKE Phase 2 (transform-set) Step 4: Interested traffic (wh

Initially there was no mechanism for determining whether a route is up or down on the Cisco ASA security appliance. And routes will stay in routing table even if the link is down. But with Cisco ASA software version 7.2(1) track availability and installing backup routes was added. In above diagram, two different ISPs, ISP_A and ISP_B respectively are used for failover purposes. And Cisco ASA is configured in such a way that if ISA_A fails ASA will immediately divert all traffic to ISP_B. Basically, we configure SLA to keep tracking one particular IP in our case 150.1.2.2 in ISP_A and if SLA tracking couldn’t reach this at any point of time it start diverting all traffic to ISP_B. ! ! hostname ASA1 enable password 8Ry2YjIyt7RRXU24 encrypted names ! interface Ethernet0/0  nameif outside  security-level 0  ip address 136.1.0.12 255.255.255.0 ! interface Ethernet0/1  nameif inside  security-level 100  ip address 136.1.121.12 255.255.255.0 ! ! !  Last step is to add route

Router ASA RIP v2 ! key chain RIP   key 1       key-string cisco ! router rip   version 2   network 136.1.0.0   network 150.1.0.0   no auto-summary ! interface FastEthernet0/0   ip address 136.1.121.1 255.255.255.0   ip rip authentication mode md5   ip rip authentication key-chain RIP end ! ! router rip   network 10.0.0.0   network 136.1.0.0   version 2   no auto-summary ! interface Ethernet0/1   description ** Inside   Interface **   nameif inside   security-level 100   ip address 136.1.121.12 255.255.255.0   rip authentication mode md5   rip authentication key <removed> key_id 1 OSPF v2 Simple ! router ospf 1   router-id 150.1.3.3   log-adjacency-changes   area 0 authentication   network 136.1.0.0 0.0.0.255 area 0   network 150.1.3.3 0.0.0.0 area 0 ! interface FastEthernet0/0   ip address 136.1.0.3 255.255.255.0   ip ospf authentication-key cisco end ! MD5-Hash ! interface FastEthernet0/0   ip address 136.1.124.4 255.255.255.0   ip ospf authentication message-digest   ip o

Step 1: Setting up hostname ciscoasa(config)# hostname XYZ01 XYZ01(config)# Step 2: Configuring IP addresses on the interfaces XYZ01(config)# interface ethernet 0/0 XYZ01(config-if)# nameif inside XYZ01(config-if)# security-level 100 XYZ01(config-if)# ip address 192.168.1.1 255.255.255.0 XYZ01(config-if)# no shut XYZ01(config)# interface ethernet 0/1 XYZ01(config-if)# nameif outside XYZ01(config-if)# security-level 0 XYZ01(config-if)# ip address 10.1.1.1 255.255.255.252 XYZ01(config-if)# no shut Step 3: Verifying Interfaces XYZ01# show interface ip brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 192.168.1.1 YES manual up up Ethernet0/1 10.1.1.1 YES manual up up Ethernet0/2 unassigned YES unset administratively down up Ethernet0/3 unassigned YES CONFIG administratively down up Ethernet0/4 unassign