browser icon
You are using an insecure version of your web browser. Please update your browser!
Using an outdated browser makes your computer unsafe. For a safer, faster, more enjoyable user experience, please update your browser today or try a newer browser.

EZVPN Template ASA tűzfalra

Posted by on 2014/02/19

 

Hivatkozás:

http://staystack.blogspot.hu/2013_04_01_archive.html

EZVPN

 

Config Template:

aaa-server RADIUS protocol radius
reactivation-mode timed
aaa-server RADIUS (inside) host 172.27.13.1
key asd123

————
aaa authentication ssh console radauth LOCAL
aaa authentication serial console radauth LOCAL
—————
!IKE config:
————-
crypto isakmp identity address
crypto isakmp enable outside

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

!Tunnel-Group Policy:
———————-

tunnel-group ezVPN type remote-access
tunnel-group ezVPN general-attributes
!authentication-server-group RADIUS
default-group-policy ezVPN
tunnel-group ezVPN ipsec-attributes
pre-shared-key TEST

!Group Policies:
—————-
group-policy ezVPN internal
group-policy ezVPN attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT
address-pools value EZVPN

!SPLIT_TUNNEL is:
—————-
access-list SPLIT standard permit 172.27.13.0 255.255.255.0

!address-pool ezVPN is:
———————–
ip local pool EZVPN 192.168.111.1-192.168.111.254

!IPsec config:
—————–
crypto ipsec transform-set 3DES esp-3des esp-md5-hmac

crypto dynamic-map DYNAMIC 10 set transform-set 3DES
crypto dynamic-map DYNAMIC 10 set reverse-route

crypto map VPN 100 ipsec-isakmp dynamic DYNAMIC
crypto map VPN interface outside

!Authentication config:
————————
username VPN_USER password CISCO
username VPN_USER attributes
group-lock value ezVPN

cisco vpn client:
host 10.99.1.100
user: ezVPN
pass: TEST

username: VPN_USER
password: CISCO

Vélemény, hozzászólás?

Az email címet nem tesszük közzé. A kötelező mezőket * karakterrel jelöljük.