Cisco ASA: LAN-to-LAN VPN

Phase I

(just need to match on both sides, not tight to VPN profile)

Assuming:

crypto isakmp enable outside

Pre 8.3 version

crypto isakmp policy 5
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400

Post 8.2 version

crypto ikev1 policy 5
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400

Phase II

Assuming:

crypto map mymap interface outside

Crypto map:

crypto map mymap 2 match address CPAC
crypto map mymap 2 set pfs
crypto map mymap 2 set peer 70.33.230.190
crypto map mymap 2 set transform-set ESP-AES-256-SHA ESP-AES-128-SHA
crypto map mymap 2 set security-association lifetime seconds 86400
crypto map mymap 2 set nat-t-disable

Tunnel group:

tunnel-group 70.33.230.190 type ipsec-l2l
tunnel-group 70.33.230.190 ipsec-attributes
pre-shared-key *****

Access list for the peer:

access-list CPAC extended permit ip 192.168.17.32 255.255.255.224 host 10.150.232.51

Pre 8.3 version

access-list NONAT extended permit ip 192.168.17.32 255.255.255.224 host 10.150.232.51

Assuming:

nat (inside) 0 access-list NONAT

Post 8.2 version

object network obj-local
subnet 192.168.17.32 255.255.255.224
object network obj-remote
host 10.150.232.51
nat (inside,outside) 1 source static obj-local obj-local destination static obj-remote obj-remote