{"id":53,"date":"2023-10-13T18:53:17","date_gmt":"2023-10-13T18:53:17","guid":{"rendered":"https:\/\/mycomputerland.com\/?p=53"},"modified":"2023-10-16T18:39:51","modified_gmt":"2023-10-16T18:39:51","slug":"configuring-site-to-site-vpn-between-cisco-asa-and-usg-pro","status":"publish","type":"post","link":"https:\/\/mycomputerland.com\/index.php\/2023\/10\/13\/configuring-site-to-site-vpn-between-cisco-asa-and-usg-pro\/","title":{"rendered":"Configuring Site-to-Site VPN Between Cisco ASA and USG Pro"},"content":{"rendered":"<div class=\"flex-1 overflow-hidden\">\n<div class=\"react-scroll-to-bottom--css-glrja-79elbk h-full dark:bg-gray-800\">\n<div class=\"react-scroll-to-bottom--css-glrja-1n7m0yu\">\n<div class=\"flex flex-col text-sm dark:bg-gray-800\">\n<div class=\"group final-completion w-full text-token-text-primary border-b border-black\/10 gizmo:border-0 dark:border-gray-900\/50 gizmo:dark:border-0 bg-gray-50 gizmo:bg-transparent dark:bg-[#444654] gizmo:dark:bg-transparent\" data-testid=\"conversation-turn-3\">\n<div class=\"p-4 justify-center text-base md:gap-6 md:py-6 m-auto\">\n<div class=\"flex flex-1 gap-4 text-base mx-auto md:gap-6 gizmo:gap-3 gizmo:md:px-5 gizmo:lg:px-1 gizmo:xl:px-5 md:max-w-2xl lg:max-w-[38rem] gizmo:md:max-w-3xl gizmo:lg:max-w-[40rem] gizmo:xl:max-w-[48rem] xl:max-w-3xl }\">\n<div class=\"relative flex w-[calc(100%-50px)] flex-col gizmo:w-full lg:w-[calc(100%-115px)] agent-turn\">\n<div class=\"flex-col gap-1 md:gap-3\">\n<div class=\"flex flex-grow flex-col gap-3 max-w-full\">\n<div class=\"min-h-[20px] flex flex-col items-start gap-3 whitespace-pre-wrap break-words overflow-x-auto\">\n<div class=\"markdown prose w-full break-words dark:prose-invert dark\">\n<p>Configuring a Site-to-Site VPN between a Cisco ASA firewall and a Ubiquiti USG Pro (Unified Security Gateway) involves several steps. This guide assumes that you have basic knowledge of both devices and have administrative access to both the Cisco ASA and USG Pro interfaces. Make sure to replace placeholders with your specific network details.<\/p>\n<p>Here are the general steps to configure the VPN:<\/p>\n<h3>Cisco ASA Configuration:<\/h3>\n<ol>\n<li>Log in to the Cisco ASA&#8217;s web interface or connect to it using SSH or Telnet.<\/li>\n<li>Navigate to Configuration mode using the following commands:\n<div class=\"bg-black rounded-md mb-4\">\n<div class=\"flex items-center relative text-gray-200 bg-gray-800 gizmo:dark:bg-token-surface-primary px-4 py-2 text-xs font-sans justify-between rounded-t-md\"><\/div>\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre hljs language-bash\"><span class=\"hljs-built_in\">enable<\/span><br \/>\nconfigure terminal<br \/>\n<\/code><\/div>\n<\/div>\n<\/li>\n<li>Define the ISAKMP (Internet Security Association and Key Management Protocol) policy. This is the phase 1 configuration:\n<div class=\"bg-black rounded-md mb-4\">\n<div class=\"flex items-center relative text-gray-200 bg-gray-800 gizmo:dark:bg-token-surface-primary px-4 py-2 text-xs font-sans justify-between rounded-t-md\"><code class=\"!whitespace-pre hljs language-bash\">crypto isakmp policy 10<br \/>\n encr aes<br \/>\n authentication pre-share<br \/>\n group 2<br \/>\n <span class=\"hljs-built_in\">hash<\/span> sha<br \/>\n lifetime 86400<br \/>\n<\/code><\/div>\n<\/div>\n<p>Customize the encryption, authentication, group, hash, and lifetime settings according to your security requirements.<\/li>\n<li>Create the pre-shared key for authentication:\n<div class=\"bg-black rounded-md mb-4\">\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre hljs language-css\">crypto isakmp key YOUR_SHARED_SECRET <span class=\"hljs-selector-tag\">address<\/span> USG_PRO_PUBLIC_IP<br \/>\n<\/code><\/div>\n<\/div>\n<p>Replace <code>YOUR_SHARED_SECRET<\/code> with a strong shared secret key and <code>USG_PRO_PUBLIC_IP<\/code> with the public IP address of the USG Pro.<\/li>\n<li>Define the transform-set for phase 2 (IPsec) configuration:\n<div class=\"bg-black rounded-md mb-4\">\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre hljs language-arduino\">crypto ipsec transform-set MY_TRANSFORM_SET esp-aes esp-sha-hmac<br \/>\n<\/code><\/div>\n<\/div>\n<p>Customize the encryption and authentication algorithms as needed.<\/li>\n<li>Create a crypto map:\n<div class=\"bg-black rounded-md mb-4\">\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre hljs language-python\">crypto <span class=\"hljs-built_in\">map<\/span> MY_CRYPTO_MAP <span class=\"hljs-number\">10<\/span> <span class=\"hljs-keyword\">match<\/span> address VPN_ACL<br \/>\ncrypto <span class=\"hljs-built_in\">map<\/span> MY_CRYPTO_MAP <span class=\"hljs-number\">10<\/span> <span class=\"hljs-built_in\">set<\/span> peer USG_PRO_PUBLIC_IP<br \/>\ncrypto <span class=\"hljs-built_in\">map<\/span> MY_CRYPTO_MAP <span class=\"hljs-number\">10<\/span> <span class=\"hljs-built_in\">set<\/span> transform-<span class=\"hljs-built_in\">set<\/span> MY_TRANSFORM_SET<br \/>\n<\/code><\/div>\n<\/div>\n<p>Replace <code>VPN_ACL<\/code> with an access control list specifying the traffic to be encrypted, and <code>USG_PRO_PUBLIC_IP<\/code> with the public IP address of the USG Pro.<\/li>\n<li>Apply the crypto map to the outside interface:\n<div class=\"bg-black rounded-md mb-4\">\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre hljs language-go\"><span class=\"hljs-keyword\">interface<\/span> outside<br \/>\n crypto <span class=\"hljs-keyword\">map<\/span> MY_CRYPTO_MAP<br \/>\n<\/code><\/div>\n<\/div>\n<\/li>\n<li>Save your configuration:\n<div class=\"bg-black rounded-md mb-4\">\n<div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre hljs language-arduino\">write memory<br \/>\n<\/code><\/div>\n<\/div>\n<\/li>\n<\/ol>\n<h3>Ubiquiti USG Pro Configuration:<\/h3>\n<ol>\n<li>Log in to the USG Pro&#8217;s web interface.<\/li>\n<li>Navigate to the &#8220;Settings&#8221; and then &#8220;Networks&#8221; section.<\/li>\n<li>Create a new network for the remote ASA site:\n<ul>\n<li>Click &#8220;Create New Network.&#8221;<\/li>\n<li>Set the name and subnet according to your network design.<\/li>\n<li>Set the purpose to &#8220;Remote Subnet.&#8221;<\/li>\n<\/ul>\n<\/li>\n<li>Navigate to the &#8220;Settings&#8221; and then &#8220;VPN&#8221; section.<\/li>\n<li>Create a new Site-to-Site VPN configuration:\n<ul>\n<li>Click &#8220;Create New VPN.&#8221;<\/li>\n<li>Choose &#8220;Site-to-Site VPN.&#8221;<\/li>\n<li>Enter the remote ASA&#8217;s public IP address and the pre-shared key.<\/li>\n<\/ul>\n<\/li>\n<li>Under &#8220;Local Subnets&#8221; and &#8220;Remote Subnets,&#8221; select the appropriate network objects created earlier.<\/li>\n<li>Save the configuration.<\/li>\n<li>Under &#8220;Site-to-Site VPN,&#8221; click &#8220;Connect&#8221; to establish the VPN tunnel.<\/li>\n<\/ol>\n<p>This should configure a site-to-site VPN between your Cisco ASA and Ubiquiti USG Pro. Ensure that your firewall rules and routing are appropriately configured to allow traffic through the VPN tunnel. Test the connectivity and monitor the VPN status to ensure it&#8217;s functioning as expected.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Configuring a Site-to-Site VPN between a Cisco ASA firewall and a Ubiquiti USG Pro (Unified Security Gateway) involves several steps. This guide assumes that you have basic knowledge of both devices and have administrative access to both the Cisco ASA and USG Pro interfaces. Make sure to replace placeholders with your specific network details. Here [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":54,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,7],"tags":[27,26,28],"class_list":{"0":"post-53","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cisco","8":"category-networking","9":"tag-cisco-asa","10":"tag-site-to-site-vpn","11":"tag-usg-pro"},"_links":{"self":[{"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/posts\/53"}],"collection":[{"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/comments?post=53"}],"version-history":[{"count":2,"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/posts\/53\/revisions"}],"predecessor-version":[{"id":57,"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/posts\/53\/revisions\/57"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/media\/54"}],"wp:attachment":[{"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/media?parent=53"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/categories?post=53"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycomputerland.com\/index.php\/wp-json\/wp\/v2\/tags?post=53"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}