Cisco Cisco ASA 5512-X Adaptive Security Appliance 技术手册
Configure IKEv1 IPsec Site−to−Site Tunnels with
the ASDM or CLI on the ASA
the ASDM or CLI on the ASA
Document ID: 119141
Contributed by Venkata Aditya B and Rahul Govindan, Cisco TAC
Engineers.
Jul 10, 2015
Engineers.
Jul 10, 2015
Contents
Introduction
Prerequisites
Requirements
Components Used
Configure
Network Diagram
Configure Via the ASDM VPN Wizard
Configure Via the CLI
Configure Site B for ASA Versions 8.4 and Later
Configure Site A for ASA Versions 8.2 and Earlier
Group Policy
Verify
ASDM
CLI
Phase 1
Phase 2
Troubleshoot
ASA Versions 8.4 and Later
ASA Versions 8.3 and Earlier
Prerequisites
Requirements
Components Used
Configure
Network Diagram
Configure Via the ASDM VPN Wizard
Configure Via the CLI
Configure Site B for ASA Versions 8.4 and Later
Configure Site A for ASA Versions 8.2 and Earlier
Group Policy
Verify
ASDM
CLI
Phase 1
Phase 2
Troubleshoot
ASA Versions 8.4 and Later
ASA Versions 8.3 and Earlier
Introduction
This document describes how to configure an Internet Key Exchange version 1 (IKEv1) IPsec site−to−site
tunnel between a Cisco 5515−X Series Adaptive Security Appliance (ASA) that runs software Version 9.2.x
and a Cisco 5510 Series ASA that runs software Version 8.2.x.
tunnel between a Cisco 5515−X Series Adaptive Security Appliance (ASA) that runs software Version 9.2.x
and a Cisco 5510 Series ASA that runs software Version 8.2.x.
Prerequisites
Requirements
Cisco recommends that these requirements be met before you attempt the configuration that is described in
this document:
this document:
The end−to−end IP connectivity must be established.
•
These protocols must be allowed:
User Datagram Protocol (UDP) 500 and 4500 for the IPsec control plane
♦
Encapsulating Security Payload (ESP) IP Protocol 50 for the IPsec data plane
♦
•