ASA-ikev2-l2l


ON ASA2

  

1. access-list 101 extended permit ip host 10.1.2.1 host 10.1.1.1

2. crypto ikev2 policy 1

                  encryption aes-256 3des

  integrity sha512 sha256 sha

  group 2

  prf sha384 md5

  lifetime seconds 86400

3. tunnel-group 1.1.1.1 type ipsec-l2l

tunnel-group 1.1.1.1 ipsec-attributes

                  ikev2 remote-authentication pre-shared-key *****

                  ikev2 local-authentication pre-shared-key *****

4. crypto ipsec ikev2 ipsec-proposal TSET

                  protocol esp encryption 3des

                  protocol esp integrity md5

5. crypto map CMAP 10 match address 101

crypto map CMAP 10 set peer 1.1.1.1

crypto map CMAP 10 set ikev2 ipsec-proposal TSET

6. crypto map CMAP interface out

7. crypto ikev2 enable out

  

  ON ASA1

  

1. access-list 101 extended permit ip host 10.1.1.1 host 10.1.2.1

2. crypto ikev2 policy 1

                  encryption aes-256 30es

  integrity sha512 sha256 sha

  group 2

prf sha384 md5

  lifetime seconds 86400

3. tunnel-group 2.2.2.2 type ipsec-l2l

tunnel-group 2.2.2.2 ipsec-attributes

                  ikev2 remote-authentication pre-shared-key *****

                  ikev2 local-authentication pre-shared-key *****

4. crypto ipsec ikev2 ipsec-proposal TSET

                  protocol esp encryption 3des

                  protocol esp integrity md5

5. crypto map CMAP 10 match address 101
    crypto map CMAP 10 set peer 2.2.2.2
     crypto map CMAP 10 set ikev2 ipsec-proposal TSET

6. crypto map CMAP interface out

7. crypto ikev2 enable out