VPN site-to-site between Vyatta and Cisco ASA

VPN site-to-site between Vyatta and Cisco ASA

vyatta 6.5

Diagram:

 

 

Step 1: Configure IPSEC VPN on Cisco ASA by ASDM

 

Step 2: Configure group policy on Cisco ASA

Step 3: Configure IPSEC VPN on Vyatta Firewall

vyatta@vyatta# show vpn
ipsec {
esp-group ESP-1 {
lifetime 86400
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption aes256
hash sha1
}
}
ike-group IKE-1 {
lifetime 86400
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
site-to-site {
peer x.x.x.x {
authentication {
mode pre-shared-secret
pre-shared-secret secretkeys
}
default-esp-group ESP-1
ike-group IKE-1
local-address y.y.y.y
tunnel 2 {
allow-nat-networks disable
allow-public-networks disable
local {
prefix 10.10.10.0/24
}
remote {
prefix 10.65.1.0/24
}
}

}
}
}
[edit]
vyatta@vyatta#

Step 4: On vyatta, Show vpn status by Web interface and command

 

 

Step 5: Check VPN status on Cisco ASA by ASDM

 

That’s all. Thanks for using ithelpblog.com.

Tags:  

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>