Cisco Cisco ASA 5520 Adaptive Security Appliance Guía Para Resolver Problemas
SPOKE1
access−list interesting extended permit ip
192.168.15.0 255.255.255.0 192.168.1.0 255.255.255.0
crypto ipsec transform−set myset esp−3des esp−sha−hmac
crypto ipsec security−association lifetime seconds 28800
crypto ipsec security−association lifetime kilobytes 4608000
crypto map mymap 10 match address interesting
crypto map mymap 10 set peer 10.198.16.141
crypto map mymap 10 set transform−set myset
crypto map mymap 10 set phase1−mode aggressive
crypto map mymap interface outside
crypto isakmp identity key−id SPOKE1
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre−share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel−group 10.198.16.141 type ipsec−l2l
tunnel−group 10.198.16.141 ipsec−attributes
pre−shared−key cisco123
SPOKE2
ip access−list extended interesting
permit ip 192.168.16.0 0.0.0.255 192.168.1.0 0.0.0.255
crypto isakmp policy 10
encr 3des
authentication pre−share
group 2
crypto isakmp peer address 10.198.16.141
set aggressive−mode password cisco456
set aggressive−mode client−endpoint fqdn SPOKE2
crypto ipsec transform−set myset esp−3des esp−sha−hmac
crypto map mymap 10 ipsec−isakmp
set peer 10.198.16.141
set transform−set myset
match address interesting
interface FastEthernet0/0
crypto map mymap
HUB VERIFICATION
Session Type: LAN−to−LAN Detailed
Connection : SPOKE2
Index : 59 IP Addr : 10.198.16.132
Protocol : IKE IPsec
Encryption : 3DES Hashing : SHA1
Bytes Tx : 400 Bytes Rx : 400
Login Time : 23:45:00 UTC Thu Oct 27 2011
Duration : 0h:00m:18s
IKE Tunnels: 1
IPsec Tunnels: 1
IKE: