Pagina 1 di 1

Config ASA VPN Client + 2 VPN L2L IPSec

Inviato: lun 19 gen , 2009 11:46 am
da Wizard

Codice: Seleziona tutto

interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.111.1 255.255.255.0

access-list NAT0-INSIDE remark *** NAT0 PER VPN L2L ***
access-list NAT0-INSIDE extended permit ip 192.168.111.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list NAT0-INSIDE extended permit ip 192.168.111.0 255.255.255.0 192.168.111.220 255.255.255.254

access-list CRYPTO-ACL-RM remark *** CRYPTO ACL PER VPN L2L CON --- ***
access-list CRYPTO-ACL-RM extended permit ip 192.168.111.0 255.255.255.0 192.168.21.0 255.255.255.0
access-list CRYPTO-ACL-VM remark *** CRYPTO ACL PER VPN L2L CON --- ***
access-list CRYPTO-ACL-VM extended permit ip 192.168.111.0 255.255.255.0 192.168.23.0 255.255.255.0

access-list remote-admins_splitTunnel remark *** SPLIT TUNNEL PER VPN CLIENT ***
access-list remote-admins_splitTunnel standard permit 192.168.111.0 255.255.255.0

ip local pool remote-admins-pool 192.168.111.220-192.168.111.221 mask 255.255.255.0

global (outside) 1 interface
nat (inside) 0 access-list NAT0-INSIDE
nat (inside) 1 192.168.111.0 255.255.255.0

group-policy remote-admins internal
group-policy remote-admins attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value remote-admins_splitTunnel

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route

crypto map outside_map 20 match address CRYPTO-ACL-RM
crypto map outside_map 20 set peer ---
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 30 match address CRYPTO-ACL-VM
crypto map outside_map 30 set peer ---
crypto map outside_map 30 set transform-set ESP-3DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside

crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
 
crypto isakmp nat-traversal  20
crypto isakmp disconnect-notify

tunnel-group DefaultRAGroup ipsec-attributes
 isakmp keepalive threshold 10 retry 2
tunnel-group IP_ADDRESS type ipsec-l2l
tunnel-group IP_ADDRESS ipsec-attributes
 pre-shared-key *
tunnel-group IP_ADDRESS type ipsec-l2l
tunnel-group IP_ADDRESS ipsec-attributes
 pre-shared-key *

 
tunnel-group remote-admins type ipsec-ra
tunnel-group remote-admins general-attributes
 address-pool remote-admins-pool
 default-group-policy remote-admins
 
tunnel-group remote-admins ipsec-attributes
 pre-shared-key *

Inviato: lun 19 gen , 2009 12:52 pm
da levis
Ti ringrazio.
Daro' un'occhiata asap.
A presto,
Levis

Inviato: ven 08 ott , 2010 7:44 pm
da thehawk
Approfondisco che sono molto interessato, grande Wizard