! Courtesy of soundtraining.net ! www.soundtraining.net ! !Configuration of asa01 ! configure terminal hostname asa01 interface vlan 1 ip address 192.168.101.1 interface vlan 2 ip address 192.168.0.101 dhcpd option 3 ip 192.168.101.1 dhcpd domain soundtraining.local object network obj_any subnet 0.0.0.0 0.0.0.0 object network net-local subnet 192.168.101.0 255.255.255.0 object network net-remote subnet 192.168.102.0 255.255.255.0 access-list outside_1_map extended permit ip object net-local object net-remote tunnel-group 192.168.0.102 type ipsec-l2l tunnel-group 192.168.0.102 ipsec-attributes pre-shared-key ***** crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map outside_map 1 match address outside_1_map crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 192.168.0.102 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map interface outside nat (inside,outside) 1 source static net-local net-local destination static net-remote net-remote route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 ==================================================================================== !Configuration for asa02 ! ! Courtesy of soundtraining.net ! www.soundtraining.net configure terminal hostname asa02 interface vlan 1 ip address 192.168.102.1 interface vlan 2 ip address 192.168.0.102 dhcpd option 3 ip 192.168.102.1 dhcpd domain soundtraining.local object network obj_any subnet 0.0.0.0 0.0.0.0 object network net-local subnet 192.168.102.0 255.255.255.0 object network net-remote subnet 192.168.101.0 255.255.255.0 access-list outside_1_map extended permit ip object net-local object net-remote tunnel-group 192.168.0.101 type ipsec-l2l tunnel-group 192.168.0.101 ipsec-attributes pre-shared-key ***** crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map outside_map 1 match address outside_1_map crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 192.168.0.101 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map interface outside nat (inside,outside) 1 source static net-local net-local destination static net-remote net-remote route outside 0.0.0.0 0.0.0.0 192.168.0.1 1