RSS

VPN site to Site on CIsco ASA

22.00 | Label:

asa

Membuat vpn site to site di cisco asa firewall
contoh Router ASA jakarta:
Langkah pertama setting ip WAN address di asa

 
int eth0/0
Description ASAjakarta to ISP A
ip add 10.10.10.2 255.255.255.252
nameif outside
no sh

Langkah pertama setting ip LAN address di asa
 
int eth0/0
Description ASAjakarta to LAN
ip add 192.168.10.1 255.255.255.0
nameif inside
no sh

Configurasi IKE menggunakan pre-share
 
conf t
isakmp enable outside

Menentukan IKE Policy
 
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000

Menentukan Peer Address neighbor
 
isakmp key 123456 address 10.10.10.4 netmask 255.255.255.252
isakmp identity address

Configurasi IPsec
 
access list 101 permit ip 192.168.10.0 255.255.255.0 172.16.1.0 255.255.255.0

Membuat IPSec transform
 
crypto ipsec transform-set pusat esp-des esp-md5-hmac
crypto map jakarta 1 ipsec-isakmp 
crypto map jakarta 1 match address 101
crypto map jakarta 1 set peer 10.10.10.4
cyrpto map jakarta 1 set transform-set pusat

Menentukan crypto map di interface outside
 
crypto map jakarta interface outside

Nat 0 untuk mencegah fasilitas nat mentranslasikan lalu lintas yang memenuhi peraturan accesslist 101
 
nat (inside) 0 access-lit 101

===============================================================================
===============================================================================

contoh Router ASA Palembang:
Langkah pertama setting ip WAN address di asa
 
int eth0/0
Description ASAjakarta to ISP B
ip add 10.10.10.4 255.255.255.252
nameif outside
no sh

Langkah pertama setting ip LAN address di asa
 
int eth0/0
Description ASAjakarta to LAN
ip add 172.16.1.1 255.255.255.0
nameif inside
no sh

Configurasi IKE menggunakan pre-share
 
conf t
isakmp enable outside

Menentukan IKE Policy
 
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000

Menentukan Peer Address neighbor
 
isakmp key 123456 address 10.10.10.2 netmask 255.255.255.252
isakmp identity address

Configurasi IPsec
 
access list 121 permit ip 172.16.1.0 255.255.255.0 192.168.10.0 255.255.255.0

Membuat IPSec transform
 
crypto ipsec transform-set cabang esp-des esp-md5-hmac
crypto map Palembang 1 ipsec-isakmp 
crypto map Palembang 1 match address 121
crypto map Palembang 1 set peer 10.10.10.4
cyrpto map Palembang 1 set transform-set cabang

Menentukan crypto map di interface outside
 
crypto map Palembang interface outside

Nat 0 untuk mencegah fasilitas nat mentranslasikan lalu lintas yang memenuhi peraturan accesslist 121
 
nat (inside) 0 access-lit 121

Selesai lumayan buat contekan kalau lupa :D

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Diposting oleh Unknown

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)