第三篇 记思科ASA与Zenlayer云之间运行IPSEC+BGP

1、环境概述

        企业防火墙：ASA5525  9.14(4)23

        Zenlayer云网络

        通过在ASA与Zenlayer之间配置IPSEC，实现在ASA与Zenlayer之间运行BGP路由协议。ASA侧使用双链路到ISP，Zenlayer云提供单IP。目的实现主备切换，和BGP路由传递。

2、配置

           配置说明：只列出了重要步骤，并未列出全部的配置。

        （1）IPSEC相关配置

crypto ikev2 policy 10
 encryption aes
 integrity sha
 group 14
 prf sha
 lifetime seconds 86400

crypto ipsec ikev2 ipsec-proposal zenlayer
 protocol esp encryption aes
 protocol esp integrity sha-1

crypto ipsec profile zenlayer
 set ikev2 ipsec-proposal zenlayer
 set pfs group14
 set security-association lifetime seconds 43200

interface Tunnel3
 nameif To_Zenlayer_A
 ip address 与Zenlayer互联地址1 
 tunnel source interface outside1
 tunnel destination Zenlayer公网IP
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile zenlayer
!
interface Tunnel4
 nameif To_Zenlayer_S
 ip address 与Zenlayer互联地址2 
 tunnel source interface outside2
 tunn