Configuring lan-to-lan connection profiles – Cisco ASA 5505 User Manual

Page 1443

Advertising
background image

67-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring Connection Profiles

Configuring LAN-to-LAN Connection Profiles

An IPsec LAN-to-LAN VPN connection profile applies only to LAN-to-LAN IPsec client connections.
While many of the parameters that you configure are the same as for IPsec remote-access connection
profiles, LAN-to-LAN tunnels have fewer parameters. The following sections show you how to
configure a LAN-to-LAN connection profile:

Specifying a Name and Type for a LAN-to-LAN Connection Profile, page 67-17

Configuring LAN-to-LAN Connection Profile General Attributes, page 67-17

Configuring LAN-to-LAN IPsec IKEv1 Attributes, page 67-18

Default LAN-to-LAN Connection Profile Configuration

The contents of the default LAN-to-LAN connection profile are as follows:

tunnel-group DefaultL2LGroup type ipsec-l2l

tunnel-group DefaultL2LGroup general-attributes

no accounting-server-group

default-group-policy DfltGrpPolicy

tunnel-group DefaultL2LGroup ipsec-attributes

no ikev1 pre-shared-key

peer-id-validate req

no chain

no ikev1 trust-point

isakmp keepalive threshold 10 retry 2

LAN-to-LAN connection profiles have fewer parameters than remote-access connection profiles, and
most of these are the same for both groups. For your convenience in configuring the connection, they are
listed separately here. Any parameters that you do not explicitly configure inherit their values from the
default connection profile.

Specifying a Name and Type for a LAN-to-LAN Connection Profile

To specify a name and a type for a connection profile, enter the tunnel-group command, as follows:

hostname(config)# tunnel-group tunnel_group_name type tunnel_type

For a LAN-to-LAN tunnel, the type is ipsec-l2l.; for example, to create the LAN-to-LAN connection
profile named docs, enter the following command:

hostname(config)# tunnel-group docs type ipsec-l2l

hostname(config)#

Configuring LAN-to-LAN Connection Profile General Attributes

To configure the connection profile general attributes, do the following steps:

Step 1

Enter tunnel-group general-attributes mode by specifying the general-attributes keyword:

hostname(config)# tunnel-group_tunnel-group-name general-attributes

hostname(config-tunnel-general)#

The prompt changes to indicate that you are now in config-general mode, in which you configure the
tunnel-group general attributes.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals