Wednesday, 19 February 2020

Cisco ASA Commands for IPsec VPN

  1. show vpn-sessiondb detail l2l
  2. show vpn-sessiondb anyconnect
  3. show crypto isakmp sa
  4. show crypto isakmp sa
  5. show run crypto ikev2
  6. more system:running-config
  7. show run crypto map
  8. show Version
  9. show vpn-sessiondb license-summary
  10. show crypto ipsec stats
  11. capture test interface inside match ip host x.x.x.x host y.y.y.y

  13. X-Source
  14. Y-Destination

  16. show capture test1

  18. no capture test1
Posted by at No comments:

Cisco ASA Site-to-Site IKEv1 IPsec VPN Dynamic Peer

Phase 1 Configuration:


ASA1 & ASA2
(config)# crypto ikev1 policy 10
(config-ikev1-policy)# authentication pre-share
(config-ikev1-policy)# encryption aes
(config-ikev1-policy)# hash sha
(config-ikev1-policy)# group 2
(config-ikev1-policy)# lifetime 3600
ASA1 & ASA2
(config)# crypto isakmp identity address 
(config)# crypto ikev1 enable OUTSIDE


ASA1(config)# tunnel-group DefaultL2LGroup ipsec-attributes 
ASA1(config-tunnel-ipsec)# ikev1 pre-shared-key MY_SHARED_KEY


ASA2(config)# tunnel-group 10.10.10.1 type ipsec-l2l
ASA2(config)# tunnel-group 10.10.10.1 ipsec-attributes
ASA2(config-tunnel-ipsec)# ikev1 pre-shared-key MY_SHARED_KEY



Phase 2 configuration




(config)# crypto ipsec ikev1 transform-set MY_TRANSFORM_SET esp-aes-256 esp-sha-hmac


ASA1(config)# access-list LAN1_LAN2 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0


ASA2(config)# access-list LAN2_LAN1 extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
Posted by at No comments:
Subscribe to: Posts (Atom)