VPN client on ASA
This section describes how to configure remote access VPNs and includes the following topics:
•
Configuring Interfaces •
Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface•
Configuring an Address Pool•
Adding a User •
Creating a Transform Set•
Defining a Tunnel Group•
Creating a Dynamic Crypto Map •
Creating a Crypto Map Entry to Use the Dynamic Crypto Map Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
isakmp enable outside
Configuring an Address Pool
ip local pool testpool 192.168.0.10-192.168.0.15
Creating Split ACL
access-list SPLIT st permit ip 10.10.10.0 255.255.255.0
Creating Group policy: Later we will call this policy in tunnel group
group-policy MYVPNgroup-policy MYVPN internal
group-policy MYVPN attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT
Creating a Transform Set
crypto ipsec transform set FirstSet esp-3des esp-md5-hmac
Defining a Tunnel Group
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
address-pool testpool
default-group-policy MYVPN ********* This one is for split tunnel
tunnel-group testgroup ipsec-attributes
pre-shared-key cisco123
Creating a Dynamic Crypto Map
crypto dynamic-map dyn1 1 set transform-set FirstSet
Creating a Crypto Map Entry to Use the Dynamic Crypto Map
crypto map mymap 65530 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
Ref: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70847-local-lan-pix-asa.html
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/vpnrmote.html#wp1084002
0 comments:
Post a Comment