Cisco ASA - L2L IPSec VPN
object-group network [[Site 2 Name]] network-object [[Site 2 Allowed IP Subnet & Subnet Mask]] object-group network [[Site 1 Name]] network-object [[Site 1 IP Subnet & Subnet Mask]] access-list [[Outside Access List Name]] extended permit ip object-group [[Site 2 Name]] object-group [[Site 1 Name]] access-list [[Access Lists Name for allowed IP]] extended permit ip object-group [[Site 1 Name]] object-group [[Site 2 Name]] access-list inside-nonat extended permit ip extended permit ip object-group [[Site 1 Name]] object-group [[Site 2 Name]] access-list PATH_EXCEPTION extended permit ip extended permit ip object-group [[Site 1 Name]] object-group [[Site 2 Name]] nat0 ([[Inside Interface Name Site 1]]) 0 access-list inside-nonat access-group [[Outside Access List Name]] in interface [[Outside Interface Name]] sysopt connection tcpmss 1300 crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto ipsec df-bit clear-df [[Outside Interface Name]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] match address [[Access Lists Name for allowed IP]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] set peer [[Site 2 Tunnel-group IP Address]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] set pfs group1 crypto map [[Crypto Map Name]] [[Crypto Map Number]] set transform-set aes-sha crypto map [[Crypto Map Name]] interface [[Outside Interface Name]] crypto isakmp enable [[Outside Interface Name]] crypto isakmp policy [[Crypto Map Number]] authentication pre-share encryption aes hash sha group 2 lifetime 86400 tunnel-group [[Site 2 Tunnel-group IP Address]] type ipsec-l2l tunnel-group [[Site 2 Tunnel-group IP Address]] ipsec-attributes pre-shared-key [[Pre-Shared-Key 8 Charactors or more]] class-map PATH_EXCEPTION match access-list PATH_EXCEPTION class-map inspection_default match default-inspection-traffic ______________________________________________________________________________________________________________________________ Site 2 object-group network [[Site 2 Name]] network-object [[Site 2 Allowed IP Subnet & Subnet Mask]] object-group network [[Site 1 Name]] network-object [[Site 1 IP Subnet & Subnet Mask]] access-list [[Outside Access List Name]] extended permit ip object-group [[Site 1 Name]] object-group [[Site 2 Name]] access-list [[Access Lists Name for allowed IP]] extended permit ip object-group [[Site 2 Name]] object-group [[Site 1 Name]] access-list inside-nonat extended permit ip extended permit ip object-group [[Site 2 Name]] object-group [[Site 1 Name]] access-list PATH_EXCEPTION extended permit ip extended permit ip object-group [[Site 2 Name]] object-group [[Site 1 Name]] nat ([[Inside Interface Name Site 2]]) 0 access-list inside-nonat access-group [[Outside Access List Name]] in interface [[Outside Interface Name]] sysopt connection tcpmss 1300 crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto ipsec df-bit clear-df [[Outside Interface Name]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] match address [[Access Lists Name for allowed IP]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] set peer [[Site 1 Tunnel-group IP Address]] crypto map [[Crypto Map Name]] [[Crypto Map Number]] set pfs group1 crypto map [[Crypto Map Name]] [[Crypto Map Number]] set transform-set aes-sha crypto map [[Crypto Map Name]] interface [[Outside Interface Name]] crypto isakmp enable [[Outside Interface Name]] crypto isakmp policy [[Crypto Map Number]] authentication pre-share encryption aes hash sha group 2 lifetime 86400 tunnel-group [[Site 1 Tunnel-group IP Address]] type ipsec-l2l tunnel-group [[Site 1 Tunnel-group IP Address]] ipsec-attributes pre-shared-key [[Pre-Shared-Key 8 Charactors or more]] class-map PATH_EXCEPTION match access-list PATH_EXCEPTION class-map inspection_default match default-inspection-traffic



Site 2 Name:
Site 2 Allowed IP Subnet & Subnet Mask:
Site 1 Name:
Site 1 IP Subnet & Subnet Mask:
Outside Access List Name:
Access Lists Name for allowed IP:
Inside Interface Name Site 1:
Outside Interface Name:
Crypto Map Name:
Crypto Map Number:
Site 2 Tunnel-group IP Address:
Pre-Shared-Key 8 Charactors or more:
Inside Interface Name Site 2:
Site 1 Tunnel-group IP Address:


Use this code to post the full script to your own page:



Use this code to post only the variables to your own page: