Create a Site-to-Site VPN Tunnel Between ASAs
Use the following procedure to create a site-to-site VPN tunnel between two ASAs or an ASA with an Extranet device:
Procedure
Step 1 | In the left pane, click . | ||
Step 2 | Click > Site-to-Site VPN with the ASA label. | ||
Step 3 | In the Configuration Name field, enter a name for the site-to-site VPN configuration you create. | ||
Step 4 | Select one of the options to create a new Policy Based or Route Based site-to-site VPN. | ||
Step 5 | In the Peer Devices section, do the following: | ||
Step 6 | (Applicable to Route Based) In the Tunnel Details, the VTI Address fields are automatically filled once the peer devices are configured in the previous step. If necessary, you can manually enter an IP address that will be used as the new VTI. | ||
Step 7 | In the IKE Settings section, choose the IKE versions to use during Internet Key Exchange (IKE) negotiations and specify the privacy configurations: For more information on the IKE policies, see Configuring the Global IKE Policy. Based on the configuration made by the user, Security Cloud Control suggests the IKE settings. You can either continue with the recommended IKE configuration settings or define a new one.
| ||
Step 8 | In the IPSec Settings section, based on the configuration made by the user, Security Cloud Control suggests the IKEv2 proposals. You can either continue with the recommended IKE configuration settings or define a new one. For more information on the IPSec settings, see the Configuring IPsec Proposals. | ||
Step 9 | In the Finish section, read the configuration and continue further only if you’re satisfied with your configuration, click Submit. |
See the Deploy Configuration Changes section to deploy site-to-site VPN configuration on the devices associated with the new tunnel.