In this video you will learn how to configure Site-To-Site VPN on Cisco ASA firewalls. The method is "Route-Based VPN" which works similar to GRE tunnels.
Nice work. I have a question. From Site-B(config)#route Site_A 192.168.1.0 255.255.255.0 10.10.10.1, what if we want to allow only three IP addresses, say 192.168.1.2, 192.168.1.12 and 192.168.1.27 from the subnet 192.168.1.0/24 to access the network (for security purposes), do we have to use access-list for that? If yes, how can we define the access-list to permit only those three IPs? This is a very important question to me. Thanks for paying attention.
could you please make a video for site to site vpn VTI with route tracking/SLA monitoring if primary VPN tunnel get down, the secondary to pass the traffic.
Thanks James. What if I have more than one subnet on either side of tha LANs? And What if the destination subnets are more than one security-level behind? Example: one subnet behind "inside" and other behind "dmz"
The other FW should point it to the VTI. For example let's say your DMZ in site A is 192.168.10.0/24. On the other side you will have to say "route VTI 192.168.10.0 255.255.255.0 "
So ACLs are not needed in a route-based VPN? What if you wanted to do port filtering in a Route Based VPN?
Nice work. I have a question. From Site-B(config)#route Site_A 192.168.1.0 255.255.255.0 10.10.10.1, what if we want to allow only three IP addresses, say 192.168.1.2, 192.168.1.12 and 192.168.1.27 from the subnet 192.168.1.0/24 to access the network (for security purposes), do we have to use access-list for that? If yes, how can we define the access-list to permit only those three IPs? This is a very important question to me. Thanks for paying attention.
Thanks James
Thank you
Great exactly what i needed thanks❤
Was this done. A video for site to site vpn VTI with route tracking/SLA monitoring if primary VPN tunnel get down, the secondary to pass the traffic.
What is a command " crypto ipsec profile Site_B "? I do not have like this.
could you please make a video for site to site vpn VTI with route tracking/SLA monitoring if primary VPN tunnel get down, the secondary to pass the traffic.
It's in my list... hopefully before Christmas!
Thanks James. What if I have more than one subnet on either side of tha LANs? And What if the destination subnets are more than one security-level behind?
Example: one subnet behind "inside" and other behind "dmz"
The other FW should point it to the VTI. For example let's say your DMZ in site A is 192.168.10.0/24. On the other side you will have to say "route VTI 192.168.10.0 255.255.255.0 "
Also, can you do one using ikev2?
Hello for your default route "route Outside 0.0.0.0 0.0.0.0 203.205.206.1" , where is 203.205.206.1 on your diagram?
Internet router which is the next hop