Hanif Mulyadi

Pengalaman Pertama Membuat VPN Buncit -Tebet dengan Menggunakan ASA 5505 version 8.3


Buncit

ASA Version 8.3(1)
!
hostname Buncit
!
interface Vlan2
nameif outside
security-level 0
ip address 202.145.90.26 255.255.255.252
!
interface Vlan64
nameif vpn_voip
security-level 50
ip address 192.168.64.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/2
switchport access vlan 64
!
object network NETWORK_OBJ_192.168.87.0_24 subnet 192.168.87.0 255.255.255.0 (inside tujuan)
!
access-list outside_1_cryptomap extended permit ip 192.168.64.0 255.255.255.0 192.168.87.0 255.255.255.0
nat (vpn_voip,outside) source static any any destination static NETWORK_OBJ_192.168.87.0_24 NETWORK_OBJ_192.168.87.0_24
nat (vpn_voip,outside) source dynamic any interface
!
route outside 0.0.0.0 0.0.0.0 202.145.90.25 (ip Publik ISP- point to point ke Buncit)
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 202.123.76.2 (Ip publik Lawan)
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 3600
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 300
!
tunnel-group 202.123.76.2 type ipsec-l2l (Ip publik Lawan)
tunnel-group 202.123.76.2 ipsec-attributes (Ip publik Lawan)
pre-shared-key metro (Harus Sama dengan Lawannya)
!
policy-map global_policy
class inspection_default
inspect icmp
!
: end



ASA Tebet


ASA Version 8.3(1)
!
hostname Tebet
!
interface Vlan2
nameif outside
security-level 0
ip address 202.123.76.2 255.255.255.252
!
interface Vlan87
nameif dmz
security-level 50
ip address 192.168.87.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
shutdown
!
interface Ethernet0/2
switchport access vlan 87
!


object network NETWORK_OBJ_192.168.64.0_24 subnet 192.168.64.0 255.255.255.0 (IP inside tujuan)
!
access-list outside_1_cryptomap extended permit ip 192.168.87.0 255.255.255.0 192.168.64.0 255.255.255.0
nat (dmz,outside) source static any any destination static NETWORK_OBJ_192.168.64.0_24 NETWORK_OBJ_192.168.64.0_24 (IP inside tujuan)
nat (dmz,outside) source dynamic any interface
!
route outside 0.0.0.0 0.0.0.0 202.123.76.1 (IP Publik ISP -point to point ke ISP)
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 202.145.90.26
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 3600
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 300
!
tunnel-group 202.145.90.26 type ipsec-l2l (Ip publik Lawan)
tunnel-group 202.145.90.26 ipsec-attributes (Ip publik Lawan)
pre-shared-key metro (Harus Sama dengan Lawannya)
!
policy-map global_policy
class inspection_default
inspect icmp
!
: end