A recent project came across my desk that involves replacement of a Cisco ASA 5505 with a Peplink Balance 20. I am interested in taking on this project, but have many curiosities related to VPN connectivity and implementing a Cisco-like router configuration on the Balance 20.
Of particular interest, the existing ASA has a site-to-site VPN that uses multiple ACLs and a Crypto Map configuration for connecting to multiple back-end networks (6 to be exact). Cisco ESP-AES-256-SHA tunnel with PSK, AES-256, and SHA1 is a no-brainer, but configuring the Crypto Mapping to the 6 back-end networks has me puzzled. In addition, the existing ASA router has “EXEMPT” firewall NAT rules that address the same 6 back-end networks.
Traditionally, I would place six back-end networks in the Remote Networks entry of the IPsec VPN profile and call it a day. For some reason that hasn’t worked. I made numerous attempts at creating “EXEMPT” NAT rules but still coming up empty.
Can anyone explain:
-
Is there a Peplink equivalent to Cisco Crypto Map entries and where to make them?
-
Is there ESP built in to VPN profiles on Peplink?
Thanks for any feedback!