VPNaaS - Cisco ASA Firewall
- Simone Borghi
- Elisa Bondavalli
- Davide Zanichelli
Owned by Simone Borghi
Introduzione
Questa procedura è rivolta ai service provider/partner che vogliono attivare il servizio per se o per i propri clienti.
Di seguito i semplici passaggi di attivazione del servizio VPN su Public Cloud
Prerequisiti
Per realizzare la VPN occorre avere accesso al Firewall Cisco ASA in modalità "Privileged EXEC"
Guida passo-passo
Configurazione Cisco ASA
ciscoasa> ena
Password: **********
ciscoasa#
ciscoasa# conf t
ciscoasa(config)#
! Inserire la Configurazione !Configurazione
object network NET_LOCAL
subnet $Local Subnet es: 192.168.52.0 255.255.255.0
object-group network NET_CLOUD
network-object $Remote Subnet es: 192.168.168.0 255.255.255.0
access-list VPN-CLOUD extended permit ip object NET_LOCAL object-group NET_CLOUD
nat (inside,Outside) source static NET_LOCAL NET_LOCAL destination static NET_CLOUD NET_CLOUD no-proxy-arp route-lookup
crypto ipsec ikev1 transform-set esp-aes256-sha esp-aes-256 esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto ipsec df-bit clear-df Outside
crypto map CLOUD_MAP 10 match address VPN-CLOUD
crypto map CLOUD_MAP 10 set pfs
crypto map CLOUD_MAP 10 set peer $SERVICE_IP IPv4
crypto map CLOUD_MAP 10 set ikev1 transform-set esp-aes256-sha
crypto map CLOUD_MAP 10 set security-association lifetime seconds 86400
crypto map CLOUD_MAP interface Outside
crypto isakmp identity address
crypto ikev1 enable Outside
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
tunnel-group $SERVICE_IP type ipsec-l2l
tunnel-group $SERVICE_IP ipsec-attributes
ikev1 pre-shared-key $PRE_SHARED
NOTE:
$Local Subnet = rete/i locale/i
$Remote Subnet = rete/i remota/e
$PRE_SHARED = pre-shared key
$SERVICE_IP = ip vpn service public cloud
Configurazione testata con Cisco Adaptive Security Appliance Software Version 9.1(4)
Sommario
Articoli collegati
Filter by label
There are no items with the selected labels at this time.