Quick-n-easy VPN configuration script via AWS :)
Creating a VPN router script can be a lengthy process. Say you have a popular Cisco ASA node and would like to connect it upto AWS VPC using a VGW (two tunnels by default).
The AWS console makes it easy to create VPC, VGW, Customer Gateway and VPN tunnels on the console. Need to attach your VGW to your VPC hosting the EC2 instance.
After all are done, go to "Create VPN Connection" screen, highlight the VPN and download the configuration scripts after selecting the choices from the Vendor/Platform/Software version. :)
ASA 5500 series/9.x
Some script excerpts:
crypto isakmp identity addresscrypto ikev1 enablecrypto ikev1 policy 201 encryption aes authentication pre-share group 2 lifetime 28800 hash shaexit!! The tunnel group sets the Pre Shared Key used to authenticate the! tunnel endpoints.!tunnel-group type ipsec-l2l tunnel-group ipsec-attributes ikev1 pre-shared-key!! This option enables IPSec Dead Peer Detection, which causes semi-periodic! messages to be sent to ensure a Security Association remains operational.! isakmp keepalive threshold 10 retry 10exit!tunnel-group 54.85.7.229 type ipsec-l2ltunnel-group 54.85.7.229 ipsec-attributes ikev1 pre-shared-key!! This option enables IPSec Dead Peer Detection, which causes semi-periodic! messages to be sent to ensure a Security Association remains operational.! isakmp keepalive threshold 10 retry 10exit
posted by SasaSam @ 2:49 PM
0 comments
