IPSec VPN Google cloud and Cisco ASA with IKE1 Policy Based
Google VPN Uses below ciphers for IKEv1
Phase 1
Cipher role Cipher
Encryption AES-CBC-128
Integrity HMAC-SHA1-96
Pseudo-Random
Function (PRF) PRF-SHA1-96
Diffie-Hellman
(DH) modp_1024 (Group 2)
Phase 1
lifetime 36,600 seconds
Phase 2
Cipher role Cipher
Encryption AES-CBC-128
Integrity HMAC-SHA1-96
PFS
Algorithm (required) modp_1024
(Group 2)
Diffie-Hellman
(DH) If you need to specify DH for
your VPN gateway, use the same setting that you used for Phase 1.
Phase 2
lifetime 10,800 seconds
Go to Networking Hybrid Connectivity and click VPN
Configure Your Tunnel Configuration
On Cisco Side
crypto
isakmp policy 200
authentication pre-share
encryption aes
hash sha
group 2
lifetime 36600
object-group network GCP_NETWORK
network-object 10.7.0.0 255.255.240.0
access-list
outside_cryptomap line 1 extended permit ip 192.168.0.0 255.255.0.0
object-group GCP_NETWORK
tunnel-group 10.10.10.101 type ipsec-l2l
tunnel-group 10.10.10.101 ipsec-attributes
pre-shared-key **********
isakmp keepalive threshold 10 retry 2
crypto ipsec transform-set GCP-TRN
esp-aes esp-sha-hmac
crypto map GCP-VPN
1 match address outside_cryptomap
crypto map GCP-VPN
1 set peer 10.10.10.101
crypto map GCP-VPN
1 set transform-set GCP-TRN
nat
(inside,outside) 16 source static NETWORK_192.168.0.0_16 NETWORK_192.168.0.0_16
destination static GCP_NETWORK GCP_NETWORK
crypto map
GCP-VPN interface outside
