Create a Site-to-Site VPN Tunnel Between Secure Firewall ASA
Use the following procedure to create a site-to-site VPN tunnel between two ASAs or an ASA with an Extranet device:
Procedure
Step 1 | In the left pane, click . | ||||
Step 2 | Click the Create Tunnel ( | ||||
Step 3 | |||||
Step 4 | In the Peer Selection area, provide the following information:
| ||||
Step 5 | Click Next. | ||||
Step 6 | In the Peer Details area, provide the following information:
| ||||
Step 7 | Click Next. | ||||
Step 8 | (Applicable to Route Based) In the Tunnel Details, the VTI Address fields are automatically filled once the peer devices are configured in the previous step. If necessary, you can manually enter an IP address that will be used as the new VTI. | ||||
Step 9 | In the IKE Settings area, choose the IKE versions to use during Internet Key Exchange (IKE) negotiations and specify the privacy configurations: For more information on the IKE policies, see About Global IKE Policies.
| ||||
Step 10 | Click Next. | ||||
Step 11 | In the IPSec Settings area, specify the IPSec configurations for peer 1 and peer 2. The corresponding IKEV proposals are available depending on the selection that is made in the IKE Settings step. For more information on the IPSec settings, see the About Global IKE Policies.
| ||||
Step 12 | In the Finish area, review the configuration and continue further only if you’re satisfied with the configuration. By default, the Deploy changes to ASA immediately check box is checked to deploy the configurations immediately to the ASA device after clicking Submit. If you want to review and deploy the configurations manually later, then uncheck this check box. |