Repositorio IT - IT Repository: ASA RA VPN 8.3

ASA RA VPN 8.3

clear configure tunnel-group
clear configure group-policy RA_StoneHill
clear configure isakmp
clear configure ipsec
clear configure crypto
clear configure crypto ipsec ikev1

object network NETWORK_OBJ_192.168.2.0_24
subnet 192.168.2.0 255.255.255.0

object network NETWORK_OBJ_192.168.200.128_26
subnet 192.168.200.128 255.255.255.192

access-list RA_ATTESTGRP_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0

nat (inside,outside) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24
destination static NETWORK_OBJ_192.168.200.128_26 NETWORK_OBJ_192.168.200.128_26

ip local pool vpnpool 192.168.200.150-192.168.200.190 mask 255.255.255.0

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-A
ES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-A
ES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside

crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400

group-policy RA_ATTESTGRP internal
group-policy RA_ATTESTGRP attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RA_ATTESTGRP_splitTunnelAcl
default-domain value urb.local

tunnel-group RA_ATTESTGRP type remote-access
tunnel-group RA_ATTESTGRP general-attributes
address-pool vpnpool
default-group-policy RA_ATTESTGRP
tunnel-group RA_ATTESTGRP ipsec-attributes
ikev1 pre-shared-key *****

No comments:

Subscribe to: Post Comments (Atom)