Chicago ASA:
|
Chicago#shwo running ! hostname Chicago !outside interface configuration interface GigabitEthernet0/0 nameif outside security-level 0 ip address 209.165.200.225 255.255.255.224 !inside interface configuration interface GigabitEthernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !Management interface configuration interface Management0/0 nameif mgmt |
|
security-level 100 ip address 172.18.82.64 255.255.255.0 !NAT Exempt Access-list to bypass traffic from 192.168.1.0/24 to 10.10.1.0/24 access-list inside_nat0_outbound remark To Bypass NAT from 192.168.1.0/24 to 10.10.1.0/24 access-list inside_nat0_outbound extended permit 192.168.1.0 255.255.255.0 10.10.1.0 255.255.255.0 nat (inside) 0 access-list inside_nat0_outbound !Encrytption Access-list to encrypt the traffic from 192.168.1.0/24 to 10.10.1.0/24 access-list outside_cryptmap_1 remark To Encrypt Traffic from 192.168.1.0/24 to 10.10.1.0/24 access-list outside_cryptmap_1 extended permit 192.168.1.0 255.255.255.0 10.10.1.0 255.255.255.0 ! route outside 0.0.0.0 0.0.0.0 209.165.200.231 1 ! http server enable http 172.18.82.0 255.255.255.0 mgmt !Transform set specify encryption and hashing algorithm crypto ipsec transform AES-SHA esp-aes-256 esp-sha-hmac !Crypto map configuration crypto map outside_map_1 match address outside_cryptomap_1 crypto map outside_map_1 set peer 209.165.201.1 crypto map outside_map_1 set transform-set AES-SHA crypto map outside_map_1 interface outside !ISAKMP configuration crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 !NAT-T configuration crypto isakmp nat-traversal 50 !L2L tunnel-group configuration tunnel-group 209.165.201.1 type ipsec-l2l tunnel-group 209.165.201.1 ipsec-attributes pre-shared-key cisco123 |
New York ASA:
|
NewYork#shwo running ! hostname NewYork !outside interface configuration.The outside address is translated to 209.165.201.1 by PAT interface GigabitEthernet0/0 nameif outside security-level 0 ip address 10.10.10.1 255.255.255.0 !inside interface configuration interface GigabitEthernet0/1 nameif inside security-level 100 ip address 10.10.1.1 255.255.255.0 !Management interface configuration interface Management0/0 nameif mgmt |
|
security-level 100 ip address 172.18.101.164 255.255.255.0 !NAT Exempt Access-list to bypass traffic from 10.10.1.0/24 to 192.168.1.0/24 access-list inside_nat0_outbound remark To Bypass NAT from 10.10.1.0/24 to 192.168.1.0/24 access-list inside_nat0_outbound extended permit 10.10.1.0 255.255.255.0 192.168.1.0 255.255.255.0 nat (inside) 0 access-list inside_nat0_outbound !Encrytption Access-list to encrypt the traffic from 10.10.1.0/24 to 192.168.1.0/24 access-list outside_cryptmap_1 remark To Encrypt Traffic from 10.10.1.0/24 to 192.168.1.0/24 access-list outside_cryptmap_1 extended permit 10.10.1.0 255.255.255.0 192.168.1.0 255.255.255.0 ! route outside 0.0.0.0 0.0.0.0 10.10.10.2 1 ! http server enable http 172.18.101.0 255.255.255.0 mgmt !Transform set specify encryption and hashing algorithm crypto ipsec transform AES-SHA esp-aes-256 esp-sha-hmac !Crypto map configuration crypto map outside_map_1 match address outside_cryptomap_1 crypto map outside_map_1 set peer 209.165.200.225 crypto map outside_map_1 set transform-set AES-SHA crypto map outside_map_1 interface outside !ISAKMP configuration crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 !NAT-T configuration crypto isakmp nat-traversal 50 !L2L tunnel-group configuration tunnel-group 209.165.200.225 type ipsec-l2l tunnel-group 209.165.200.225 ipsec-attributes pre-shared-key cisco123 |