Code Snippet below is from our ASA5510 firewall.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2008.08.13 11:10:36 =~=~=~=~=~=~=~=~=~=~=~=
: Saved
:
ASA Version 7.1(2)
!
hostname CCVA-ASA
!
!
!
access-list targetvpn extended permit ip 192.168.100.0 255.255.252.0 10.51.1.0 255.255.255.0
!
access-list targetnat extended permit ip 10.13.4.0 255.255.252.0 10.51.1.0 255.255.255.0
!
!
!
static (inside,outside) 192.168.100.0 access-list targetnat
!
!
!
crypto ipsec transform-set ccva esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
!
!
!
crypto map vpnccva 70 match address targetvpn
crypto map vpnccva 70 set peer 66.150.206.76
crypto map vpnccva 70 set transform-set ccva
!
!
crypto map vpnccva interface outside
!
isakmp identity address
isakmp enable outside
!
!
!
!
tunnel-group 66.150.206.76 type ipsec-l2l
tunnel-group 66.150.206.76 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 120 retry 10
!
tunnel-group-map enable rules
!
no vpn-addr-assign aaa
no vpn-addr-assign local
!
: end
Code Snippet below is from our PIX 515 at a different location.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2008.08.13 22:07:37 =~=~=~=~=~=~=~=~=~=~=~=
: Saved
:
PIX Version 7.2(3)
!
hostname DALPIX
!
!
!
access-list targetvpn extended permit ip 192.168.104.0 255.255.252.0 10.51.1.0 255.255.255.0
access-list targetnat extended permit ip 10.13.4.0 255.255.252.0 10.51.1.0 255.255.255.0
!
!
!
static (inside,outside) 192.168.104.0 access-list targetnat
!
!
!
crypto ipsec transform-set dallas esp-3des esp-md5-hmac
!
!
crypto map dalvpn 70 match address targetvpn
crypto map dalvpn 70 set peer 66.150.206.76
crypto map dalvpn 70 set transform-set dallas
!
crypto map dalvpn interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
!
!
!
tunnel-group 66.150.206.76 type ipsec-l2l
tunnel-group 66.150.206.76 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 120 retry 10
!
: end
|