Summary:
​
Palo Alto:
1. Tunnel Interface
2. IKE, IPSEC, IKE Gateway, and IPSEC Tunnels
3. Static Route
4. Security Policy
​
ASA:
5. Configuration
​
​
Details:
​
1. Tunnel Interface
​
​
​
2. IKE, IPSEC, IKE Gateway, and IPSEC Tunnels
​
2.1 IKE Profile
2.2. IPSEC Profile
2.3 IKE Gateway
2.4 IPSEC Tunnel
3. Static Route
4. Security Policies
4.1 Traffic between two gateways
4.2 Actual traffic (already in place for GlobalProtect)
5. ASA Config
Right click R1 > Console:
​
==========================
conf t
hostname ASA
interface FastEthernet0/0
no shutdown
ip address 10.1.1.200 255.255.255.0
exit
interface Loopback0
ip address 172.16.4.200 255.255.255.0
exit
ip http server
ip http authentication local
username admin privilege 15 secret abc123
crypto isakmp policy 1
encr aes 256
hash sha
authentication pre-share
group 2
lifetime 86400
exit
crypto isakmp key a785sd$#!ADA6 address 10.1.1.100
crypto ipsec transform-set AES192SHA1 esp-aes 192 esp-sha-hmac
mode tunnel
exit
crypto ipsec profile IPsec-Profile-Palo
set transform-set AES192SHA1
set security-association lifetime seconds 86400
exit
interface tunnel 6
ip address 172.16.6.200 255.255.255.0
tunnel source 10.1.1.200
tunnel destination 10.1.1.100
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPsec-Profile-Palo
exit
ip route 172.16.2.0 255.255.255.0 172.16.6.100
end
wr
===========================================================
Test
