Sunday 28 September 2014

vpnsetup ipsec-remote-access steps

ASA5510(config)# vpnsetup ipsec-remote-access steps

Steps to configure a remote access IKE/IPSec connection with examples:

1. Configure Interfaces

        interface GigabitEthernet0/0
         ip address 10.10.4.200 255.255.255.0
         nameif outside
         no shutdown

        interface GigabitEthernet0/1
         ip address 192.168.0.20 255.255.255.0
         nameif inside
         no shutdown

2. Configure ISAKMP policy

        crypto isakmp policy 65535
         authentication pre-share
         encryption aes
         hash sha

3. Setup an address pool

        ip local pool client-pool 192.168.1.1-192.168.1.254

4. Configure authentication method

        aaa-server MyRadius protocol radius
        aaa-server MyRadius host 192.168.0.254
         key $ecretK3y

5. Define tunnel group

        tunnel-group client type remote-access
        tunnel-group client general-attributes
         address-pool client-pool
         authentication-server-group MyRadius
        tunnel-group client ipsec-attributes
         pre-shared-key VpnUs3rsP@ss

6. Setup ipsec parameters

        crypto ipsec transform-set myset esp-aes esp-sha-hmac

7. Setup dynamic crypto map

        crypto dynamic-map dynmap 1 set transform-set myset
        crypto dynamic-map dynmap 1 set reverse-route

8. Create crypto map entry and associate dynamic map with it

        crypto map mymap 65535 ipsec-isakmp dynamic dynmap

9. Attach crypto map to interface

        crypto map mymap interface outside

10. Enable isakmp on interface

        crypto isakmp enable outside

Posted by at No comments:

vpnsetup site-to-site steps

ASA5510(config)# vpnsetup site-to-site steps

Steps to configure a site-to-site IKE/IPSec connection with examples:

1. Configure Interfaces

        interface GigabitEthernet0/0
         ip address 10.10.4.200 255.255.255.0
         nameif outside
         no shutdown

        interface GigabitEthernet0/1
         ip address 192.168.0.20 255.255.255.0
         nameif inside
         no shutdown

2. Configure ISAKMP policy

        crypto isakmp policy 10
         authentication pre-share
         encryption aes
         hash sha

3. Configure transform-set

        crypto ipsec transform-set myset esp-aes esp-sha-hmac

4. Configure ACL

        access-list L2LAccessList extended permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0

5. Configure Tunnel group

        tunnel-group 10.20.20.1 type ipsec-l2l
        tunnel-group 10.20.20.1 ipsec-attributes
         pre-shared-key P@rtn3rNetw0rk

6. Configure crypto map and attach to interface

        crypto map mymap 10 match address L2LAccessList
        crypto map mymap 10 set peer 10.10.4.108
        crypto map mymap 10 set transform-set myset
        crypto map mymap 10 set reverse-route
        crypto map mymap interface outside

7. Enable isakmp on interface

        crypto isakmp enable outside

Posted by at No comments:
Subscribe to: Posts (Atom)