Wednesday, March 25, 2020

IPSec VPN Google cloud and Cisco ASA


IPSec VPN Google cloud and Cisco ASA with IKE1 Policy Based

Google VPN Uses below ciphers for IKEv1


Phase 1
Cipher role          Cipher
Encryption          AES-CBC-128
Integrity               HMAC-SHA1-96
Pseudo-Random Function (PRF) PRF-SHA1-96
Diffie-Hellman (DH)         modp_1024 (Group 2)
Phase 1 lifetime 36,600 seconds

Phase 2
Cipher role          Cipher
Encryption          AES-CBC-128
Integrity               HMAC-SHA1-96
PFS Algorithm (required)              modp_1024 (Group 2)
Diffie-Hellman (DH)         If you need to specify DH for your VPN gateway, use the same setting that you used for Phase 1.
Phase 2 lifetime 10,800 seconds

Go to Networking Hybrid Connectivity and click VPN
  

 


 
Configure Your Tunnel Configuration


 

On Cisco Side

crypto isakmp policy 200
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 36600

object-group network GCP_NETWORK
        network-object 10.7.0.0 255.255.240.0

access-list outside_cryptomap line 1 extended permit ip 192.168.0.0 255.255.0.0 object-group GCP_NETWORK

tunnel-group 10.10.10.101 type ipsec-l2l
tunnel-group 10.10.10.101 ipsec-attributes
        pre-shared-key **********
         isakmp keepalive threshold 10 retry 2

crypto ipsec transform-set GCP-TRN esp-aes esp-sha-hmac
     
crypto map GCP-VPN 1 match address outside_cryptomap
crypto map GCP-VPN 1 set  peer  10.10.10.101
crypto map GCP-VPN 1 set  transform-set  GCP-TRN

nat (inside,outside) 16 source static NETWORK_192.168.0.0_16 NETWORK_192.168.0.0_16 destination static GCP_NETWORK GCP_NETWORK

crypto map GCP-VPN interface outside




 

Posted by at 1 comment:
Subscribe to: Posts (Atom)