Set up site-to-site tunnel with Cisco ASA

This document help to configure site-to-site tunnel between UTunnel Server and Cisco ASA. Make sure that you have administrator access to Cisco ASA and UTunnel dashboard before you proceed.

1. Login to dashboard.utunnel.io and go to Site-to-Site tab.

Set up site-to-site tunnel with Cisco ASA navigate to site-to-site tab

2. Click on CREATE TUNNEL button.
Set up site-to-site tunnel with Cisco ASA  create tunnel

Select Tunnel with non-UTunnel server and key in the Cisco ASA endpoint details as described below.

Tunnel Name: A name for this tunnel.
Local Server: Select the desired UTunnel server from the server list.
Remote IP: Enter the Cisco ASA endpoint IP address.
PSK: Either create a new PSK for the tunnel or enter the one that you have obtained from the remote endpoint.

Click Create Tunnel to create the tunnel.

3. Once the tunnel is created, click on the + icon to define the remote and local networks that should participate in the tunnel.

Set up site-to-site tunnel with Cisco ASA define remote and local networks

That's it, UTunnel side configuration is completed.

5. Now login to Cisco ASA to complete the remote side configuration.

Set up site-to-site tunnel with Cisco ASA login to Cisco ASA

 

6. Navigate to Wizards > VPN Wizards > Site-to-site VPN Wizard and click Next button.

Set up site-to-site tunnel with Cisco ASA site-to-site VPN wizard

7. Key in UTunnel server IP address to the Peer IP Address field and click Next.

Set up site-to-site tunnel with Cisco ASA type in Peer IP address

8. Now configure the Local Network and Remote Network. Type in the networks behind Cisco ASA to the Local Network field and networks behind the UTunnel server to the Remote Network field.
Set up site-to-site tunnel with Cisco ASA configure remote network and local network fields

9. Key in the Pre-shared Key and proceed.

Set up site-to-site tunnel with Cisco ASA key in pre-shared key

10. Enable NAT Exempt and Click Next.

Set up site-to-site tunnel with Cisco ASA enable NAT exempt

11. Now, you need to setup connection profiles. For that, Navigate to Configuration > Site-to-Site VPN > Connection Profiles. Select the profile available for the tunnel you just created and Click Edit option.

Set up site-to-site tunnel with Cisco ASA setup connection profiles

12. Uncheck Enable IKE v1 option under IPsec Enabling section. Keep only Enable IKE v2 enabled. Then click on IPsec Proposal button available for IPsec Proposal option under Encryption Algorithms section.

Set up site-to-site tunnel with Cisco ASA fill out connection profile

13. Select the proposal AES-256-1 that enforces AES-256 encryption and SHA-256 integrity hash. Click OK then.

Set up site-to-site tunnel with Cisco ASA select AES-256-1

14. Click on Manage option available for IKE Policy under Encryption Algorithms section.

Set up site-to-site tunnel with Cisco ASA configure IKE policy

15. Set DH Group to 14 and click OK.Set up site-to-site tunnel with Cisco ASA set DH Group to 14

16. Expand the Advanced menu and select Crypto Map Entry. Key in the PSK as show in the below image.
Set up site-to-site tunnel with Cisco ASA key in the pre-shared key

17. Set Idle timeout to UnlimitedSet up site-to-site tunnel with Cisco ASA set idle timeout to Unlimited

Now go back to the UTunnel dashboard and start the tunnel.

Popular Support Articles

How to Create Site-to-Site Tunnel with UniFi OS

Setup site-to-site tunnel with AWS Virtual Private Gateway

Setup site-to-site tunnel with Sophos XG Firewall