ASA IKEv1 IPsec site-to-site VPN cli
ASA IKEv1 IPsec site-to-site VPN cli Configure Site B for ASA Versions 8.4 and Later in ASA Versions 8.4 and later, support for both IKEv1 and Internet Key Exchange version 2 (IKEv2) was introduced Phase 1 (IKEv1) Enter this command into the CLI in order to enable IKEv1 on the outside interface: crypto ikev1 enable outside Create an IKEv1 policy that defines the algorithms/methods to be used for hashing, authentication, Diffie-Hellman group, lifetime, and encryption: crypto ikev1 policy 1 !The 1 in the above command refers to the Policy suite priority (1 highest, 65535 lowest) authentication pre-share encryption aes hash sha group 2 lifetime 86400 Create a tunnel group under the IPsec attributes and configure the peer IP address and the tunnel pre-shared key: tunnel-group 192.168.1.1 type ipsec-l2l tunnel-group 192.168.1.1 ipsec-attributes ikev1 pre-shared-key cisco ! Note the IKEv1 keyword at the beginning of the pre-shared-key command. Phase 2 (IPse