Home > Articles > Cisco Network Technology > General Networking > Configuring the Cisco ASA IPSec VPN

Configuring the Cisco ASA IPSec VPN

Article Description

The security of data that is being transmitted over a network is one of the key responsibilities of a security engineer/administrator. One of the ways that this data can be secured is by using IP Security (IPsec). IPsec can be configured on the Cisco Adaptive Security Appliance (ASA) to secure data going between LAN devices (LAN-to-LAN) and between a LAN device and an IPsec client (e.g., Windows, Linux, or Mac clients). Sean Wilkins goes over the high-level basics of how IPsec operates and how it can be configured on a Cisco ASA.
Basic ASA IPsec VPN Configuration Examples

Basic ASA IPsec VPN Configuration Examples

For the purposes of this article, the examples will follow the topology shown in Figure 1. Because this article is not about ASA ACLs, it is assumed that ACLs will have existed to allow communications between PC1's network and PC2's network.

Figure 1 Example topology

Table 1 shows the commands that would be used to set up the common configuration elements regardless of whether using IKEv1 or IKEv2.

Table 3: Topology Common Configuration

1

Enter privileged EXEC mode.

asa1>enable

2

Enter global configuration mode.

asa1#configure terminal

3

Enter interface configuration mode.

asa1(config)#interface e0

4

Configure a name for the interface.

asa1(config-if)#nameif inside

5

Configure the security level for the interface.

asa1(config-if)#security-level 100

6

Configure an IP address.

asa1(config-if)#ip address 192.168.1.1 255.255.255.0

7

Enter interface configuration mode.

asa1(config-if)#interface e1

8

Configure a name for the interface.

asa1(config-if)#nameif outside

9

Configure the security level for the interface.

asa1(config-if)#security-level 0

10

Configure an IP address.

asa1(config-if)#ip address 10.10.10.1 255.255.255.0




1

Enter privileged EXEC mode.

asa2>enable

2

Enter global configuration mode.

asa2#configure terminal

3

Enter interface configuration mode.

asa2(config)#interface e0

4

Configure a name for the interface.

asa2(config-if)#nameif inside

5

Configure the security level for the interface.

asa2(config-if)#security-level 100

6

Configure an IP address.

asa2(config-if)#ip address 172.16.1.1 255.255.255.0

7

Enter interface configuration mode.

asa2(config-if)#interface e1

8

Configure a name for the interface.

asa2(config-if)#nameif outside

9

Configure the security level for the interface.

asa2(config-if)#security-level 0

10

Configure an IP address.

asa2(config-if)#ip address 10.10.10.2 255.255.255.0

6. IPsec IKEv1 Example | Next Section Previous Section