Cisco ASA 7.0-8.2 - L2L IPSec VPN
Site 1
object-group network [[Site 1 Name]] network-object [[Site 1 IP Subnet & Subnet Mask]] object-group network [[Site 2 Name]] network-object [[Site 2 Allowed IP Subnet & Subnet Mask]] access-list [[Outside Access List Name]] extended permit ip object-group [[Site 2 Name]] object-group [[Site 1 Name]] access-list [[Crypto Map ACL]] extended permit ip object-group [[Site 1 Name]] object-group [[Site 2 Name]] access-list inside-nonat extended permit ip extended permit ip object-group [[Site 1 Name]] object-group [[Site 2 Name]] nat0 ([[Inside Interface Name]]) 0 access-list inside-nonat access-group [[Outside Access List Name]] in interface [[Outside Interface Name]] sysopt connection tcpmss 1300 crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto ipsec df-bit clear-df [[Outside Interface Name]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] match address [[Crypto Map ACL]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] set peer [[Site 2 Public IP]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] set pfs group1 crypto map [[Crypto Map Name]] [[Crypto Map Number]] set transform-set aes-sha crypto map [[Crypto Map Name]] interface [[Outside Interface Name]] crypto isakmp enable [[Outside Interface Name]] crypto isakmp policy 99 authentication pre-share encryption aes hash sha group 2 lifetime 86400 tunnel-group [[Site 2 Public IP]] type ipsec-l2l tunnel-group [[Site 2 Public IP]] ipsec-attributes pre-shared-key [[Pre-Shared-Key 8 Charactors or more]] Site 2
object-group network [[Site 2 Name]] network-object [[Site 2 Allowed IP Subnet & Subnet Mask]] object-group network [[Site 1 Name]] network-object [[Site 1 IP Subnet & Subnet Mask]] access-list [[Outside Access List Name]] extended permit ip object-group [[Site 1 Name]] object-group [[Site 2 Name]] access-list [[Crypto Map ACL]] extended permit ip object-group [[Site 2 Name]] object-group [[Site 1 Name]] access-list inside-nonat extended permit ip extended permit ip object-group [[Site 2 Name]] object-group [[Site 1 Name]] nat ([[Inside Interface Name]]) 0 access-list inside-nonat access-group [[Outside Access List Name]] in interface [[Outside Interface Name]] sysopt connection tcpmss 1300 crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto ipsec df-bit clear-df [[Outside Interface Name]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] match address [[Crypto Map ACL]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] set peer [[Site 1 Public IP]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] set pfs group1 crypto map [[Crypto Map Name]] [[Crypto Map Number]] set transform-set aes-sha crypto map [[Crypto Map Name]] interface [[Outside Interface Name]] crypto isakmp enable [[Outside Interface Name]] crypto isakmp policy 99 authentication pre-share encryption aes hash sha group 2 lifetime 86400 tunnel-group [[Site 1 Public IP]] type ipsec-l2l tunnel-group [[Site 1 Public IP]] ipsec-attributes pre-shared-key [[Pre-Shared-Key 8 Charactors or more]]



Site 1 Name:
Site 1 IP Subnet & Subnet Mask:
Site 1 Public IP:
Site 2 Name:
Site 2 Allowed IP Subnet & Subnet Mask:
Site 2 Public IP:
Outside Access List Name:
Outside Interface Name:
Inside Interface Name:
Crypto Map Name:
Crypto Map Number:
Crypto Map ACL:
Pre-Shared-Key 8 Charactors or more:


Use this code to post the full script to your own page:



Use this code to post only the variables to your own page: