VPNaaS - Cisco ASA Firewall
Introduzione
Questa procedura è rivolta ai service provider/partner che vogliono attivare il servizio per se o per i propri clienti.
Di seguito i semplici passaggi di attivazione del servizio VPN su Public Cloud
Prerequisiti
Per realizzare la VPN occorre avere accesso al Firewall Cisco ASA in modalità "Privileged EXEC"
Guida passo-passo
Configurazione Cisco ASA
ciscoasa> ena
Password: **********
ciscoasa#
ciscoasa# conf t
ciscoasa(config)#
! Inserire la Configurazione !
Configurazione
object network NET_LOCAL
subnet $Local Subnet es: 192.168.52.0 255.255.255.0
object-group network NET_CLOUD
network-object $Remote Subnet es: 192.168.168.0 255.255.255.0
access-list VPN-CLOUD extended permit ip object NET_LOCAL object-group NET_CLOUD
nat (inside,Outside) source static NET_LOCAL NET_LOCAL destination static NET_CLOUD NET_CLOUD no-proxy-arp route-lookup
crypto ipsec ikev1 transform-set esp-aes256-sha esp-aes-256 esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto ipsec df-bit clear-df Outside
crypto map CLOUD_MAP 10 match address VPN-CLOUD
crypto map CLOUD_MAP 10 set pfs
crypto map CLOUD_MAP 10 set peer $SERVICE_IP IPv4
crypto map CLOUD_MAP 10 set ikev1 transform-set esp-aes256-sha
crypto map CLOUD_MAP 10 set security-association lifetime seconds 86400
crypto map CLOUD_MAP interface Outside
crypto isakmp identity address
crypto ikev1 enable Outside
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
tunnel-group $SERVICE_IP type ipsec-l2l
tunnel-group $SERVICE_IP ipsec-attributes
ikev1 pre-shared-key $PRE_SHARED
NOTE:
$Local Subnet = rete/i locale/i
$Remote Subnet = rete/i remota/e
$PRE_SHARED = pre-shared key
$SERVICE_IP = ip vpn service public cloud
Configurazione testata con Cisco Adaptive Security Appliance Software Version 9.1(4)
Sommario
Articoli collegati