Accessliste anlegen

• ciscoasa(config)# access-list acl-asa-toc extended permit ip 172.18.122.0 255.255.255.0 192.168.122.0 255.255.255.0

Phase 1

ciscoasa(config)# crypto isakmp policy 10

Authentifizierung mit PSK

• ciscoasa(config-ikev1-policy)# authentication pre-share

Verschlüsselung

• ciscoasa(config-ikev1-policy)# encryption aes-256

Hash Algorithmus

• ciscoasa(config-ikev1-policy)# hash md5

Diffie-Hellmann-Gruppe

• ciscoasa(config-ikev1-policy)# group 5

Lifetime

• ciscoasa(config-ikev1-policy)# lifetime 28800

Festlegen das die IP als ID funkiert

• ciscoasa(config)# crypto isakmp identity address

isakmp auf outside interface freischalten

• ciscoasa(config)# crypto isakmp enable if-outside

Transformset festlegen

• ciscoasa(config)# crypto ipsec transform-set AES256-MD5 esp-aes-256 esp-md5-hmac

Zusammenfassen

• ciscoasa(config)# crypto map vpn-asa-toc 10 match address acl-asa-toc

• ciscoasa(config)# crypto map vpn-asa-toc 10 set peer 192.168.252.5

• ciscoasa(config)# crypto map vpn-asa-toc 10 set transform-set AES256-MD5

• ciscoasa(config)# crypto map vpn-asa-toc interface if-outside

WARNING: crypto map has incomplete entries

• ciscoasa(config)# tunnel-group 192.168.252.5 type ipsec-l2l

• ciscoasa(config)# tunnel-group 192.168.252.5 ipsec-attributes

• ciscoasa(config-tunnel-ipsec)# pre-shared-key streng-geheim