If any one of the attributes is misconfigured, the IPsec tunnel fails to establish. IKE involves a combination of ISAKMP/Phase 1 and IPsec/Phase 2 attributes that are negotiated between peers. IP Security (IPsec)can use Internet Key Exchange (IKE) for key management and tunnel negotiation. Although this tutorial was tested on ASA5520, the configuration commands are exactly the same for the other ASA models with no difference.įigure 2 Cisco ASA-ASA IPsec Implementation Basic IP address configuration and connectivity exists and we will build IPsec configuration on top of this. The outside interface of ASA1 is assigned a dynamic IP address by the service provider over DHCP, while the outside interface of ASA2 is configured with a static IP address. Here we will focus on site-to-site IPsec implementation between two Cisco ASA 5520 appliances, as shown in Figure 2.
Cisco ASA 5520, a member of the Cisco ASA 5500 Series, is shown in Figure 1 below.įigure 1 Cisco Adaptive Security Appliance (ASA)
Cisco ASA 5500 Series appliances deliver IPsec and SSL VPN, firewall, and several other networking services on a single platform.
0 kommentar(er)
