Configuring interfaces – Cisco ASA 5505 User Manual

Page 1578

Advertising
background image

73-2

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 73 Configuring LAN-to-LAN IPsec VPNs

Configuring Interfaces

hostname(config)# interface ethernet0/0

hostname(config-if)# ip address 10.10.4.100 255.255.0.0

hostname(config-if)# nameif outside

hostname(config-if)# no shutdown

hostname(config)# crypto ikev1 policy 1

hostname(config-ikev1-policy)# authentication pre-share

hostname(config-ikev1-policy)# encryption 3des

hostname(config-ikev1-policy)# hash sha

hostname(config-ikev1-policy)# group 2

hostname(config-ikev1-policy)# lifetime 43200

hostname(config)# crypto ikev1 enable outside

hostname(config)# crypto ikev2 policy 1

hostname(config-ikev2-policy)# encryption 3des

hostname(config-ikev2-policy)# group 2

hostname(config-ikev12-policy)# prf sha

hostname(config-ikev2-policy)# lifetime 43200

hostname(config)# crypto ikev2 enable outside

hostname(config)# crypto ipsec ikev1 transform-set FirstSet esp-3des esp-md5-hmac

hostname(config)# crypto ipsec ikev2 ipsec-proposal secure

hostname(config-ipsec-proposal)# protocol esp encryption 3des aes des

hostname(config-ipsec-proposal)# protocol esp integrity sha-1

hostname(config)# access-list l2l_list extended permit ip 192.168.0.0 255.255.0.0

150.150.0.0 255.255.0.0

hostname(config)# tunnel-group 10.10.4.108 type ipsec-l2l

hostname(config)# tunnel-group 10.10.4.108 ipsec-attributes

hostname(config-tunnel-ipsec)# ikev1 pre-shared-key 44kkaol59636jnfx

hostname(config)# crypto map abcmap 1 match address l2l_list

hostname(config)# crypto map abcmap 1 set peer 10.10.4.108

hostname(config)# crypto map abcmap 1 set ikev1 transform-set FirstSet

hostname(config)# crypto map abcmap 1 set ikev2 ipsec-proposal secure

hostname(config)# crypto map abcmap interface outside

hostname(config)# write memory

Configuring Interfaces

An ASA has at least two interfaces, referred to here as outside and inside. Typically, the outside interface
is connected to the public Internet, while the inside interface is connected to a private network and is
protected from public access.

To begin, configure and enable two interfaces on the ASA. Then, assign a name, IP address and subnet
mask. Optionally, configure its security level, speed, and duplex operation on the security appliance.

To configure interfaces, perform the following steps, using the command syntax in the examples:

Step 1

To enter Interface configuration mode, in global configuration mode enter the interface command with
the default name of the interface to configure. In the following example the interface is ethernet0.

hostname(config)# interface ethernet0/0

hostname(config-if)#

Step 2

To set the IP address and subnet mask for the interface, enter the ip address command. In the following
example the IP address is 10.10.4.100 and the subnet mask is 255.255.0.0.

hostname(config-if)# ip address 10.10.4.100 255.255.0.0

hostname(config-if)#

Step 3

To name the interface, enter the nameif command, maximum of 48 characters. You cannot change this
name after you set it. In the following example the name of the ethernet0 interface is outside.

hostname(config-if)# nameif outside

Advertising