ASA Site-To-Site VPN Packet Tracer Lab







This Packet Tracer lab has been provided to help you gain a better understanding of Cisco ASA security appliance. Specify the configuring and troubleshooting of the ASA Site-To-Site VPN capability.  The ability to configure and troubleshoot a Site-To-Site VPN using the Cisco ASA security appliance has become an essential part of a network engineer’s job as many networks today encompass multiple sites.

The inclusion of the ASA 5505 in the latest version 6.1.1 of Cisco’s Packet Tracer has allowed students studding for Cisco certification to model networks employing basic security using the ASA. The functionality of the ASA 5505 is limited in the above version of Packet Tracer due to two factors. First there is only a basic license available, this limits the DMZ capability. Second the command set is limited; there is no IP protocol available within the access-list command only TCP, UDP and ICMP. The Nat command is limited to dynamic and static which does not allow the user to separate VPN traffic from the Nat process. Additionally the show commands are limited and there is no debug command, this limits the ability to troubleshoot issues.

Before we begin our lab we need to get a better understanding of site-to site VPNs, and why do we need them? If we have two sites that are geography separated and we need to communicate between them we have two choices. First we can purchases a dedicated line between the two sites but this is very costly. Second we can use the Internet that we already have access to and employ a VPN. A site-to-site VPN is a Virtual Private Network that allow us to tunnel through the internet creating a private network connection been our two sites.

Tunneling makes it possible to use a public TCP/IP network, such as the Internet, to create secure connections between remote users and a private corporate network. Each secure connection is called a tunnel.

The ASA uses the ISAKMP and IPsec tunneling standards to build and manage tunnels. ISAKMP and IPsec accomplish the following:

  • Negotiate tunnel parameters
  • Establish tunnels
  • Authenticate users and data
  • Manage security keys
  • Encrypt and decrypt data
  • Manage data transfer across the tunnel
  • Manage data transfer inbound and outbound as a tunnel endpoint or router

The ASA functions as a bidirectional tunnel endpoint. It can receive plain packets from the private network, encapsulate them, create a tunnel, and send them to the other end of the tunnel where they are unencapsulated and sent to their final destination. It can also receive encapsulated packets from the public network, unencapsulate them, and send them to their final destination on the private network.

Learning Objectives:

  • Configure ISAKMP Policy
  • Creating an IKEv1 Transform Set
  • Configure an ACL for interesting traffic
  • Define a Tunnel Group
  • Create a Crypto Map and Apply It to an Interface

  ASA SITE-TO-SITE VPN (191.1 KiB, 9,183 hits)

  Packet Tracer 6.2 (54.9 MiB, 1,211 hits)
You do not have permission to download this file.

If you have found this lab helpful please help us keep this site running.

 

You can leave a response, or trackback from your own site.

4 Responses to “ASA Site-To-Site VPN Packet Tracer Lab”

  1. Fabian says:

    Hello,

    Thanks for lab, I keep getting this error though:

    WARNING: crypto map has incomplete entries.
    I’ve copied and pasted your config and still getting this error. Can you help?

    Thanks

  2. loza10 says:

    How can we configure NAT exemption so we can still get out to the internet (freeccnalab.com webserver) and also still use the vpn? Every time I configure NAT rules, the VPN breaks because it doesn’t match the interesting traffic anymore.

  3. ctusa2003am says:

    Hi,
    I downloaded the above site to site vpn config but do not see the configuration has any VPN specific statements.
    Maybe I am missing something.Please let me know, if I am not reading it right.
    Thanks,
    Ashok

Leave a Reply

What is 12 + 13 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

*

Powered by WordPress | Designed by: backlinks | Thanks to internet marketing, etiketten drucken and index backlink