12-12-2012 08:34 PM - edited 02-21-2020 06:33 PM
Hi All,
Am very new to ASA, and am learning on how to configure simple VPN access for a user to login to the corporate network and access the resource and get emails
I do not want to use CA certificate for authentication instead a very simple method is what i plan to start up with
Can any of you please provide me with the configuration step so i can test this out.
many thanks for this
cheers..
12-12-2012 11:16 PM
Hello,
please refer to this configuration guide:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnrmote.html
Best Regards,
Eugene
12-13-2012 12:40 AM
Thanks for the link, i have prepared the configuration based on what i study from the link and from few other sites can you please let me know if this will work
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp enable outside
ip local pool Scott_VPN_Pool 10.6.31.245-10.6.31.245 mask 255.255.255.0
crypto dynamic-map Statham 1 set transform-set esp-sha-hmac
crypto dynamic-map Statham 1 set reverse route
crypto map Stathammap 1 ipsec-isakmp dynamic Statham
crypto map Stathammap interface outside
crypto isakmp nat-traversal 20
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
access-list inside_nat0_outbound extended permit ip any 10.6.31.245 255.255.255.255
access-list SPLIT_DNS extended permit ip 10.0.0.0 255.0.0.0
nat (inside) 0 access-list inside_nat0_outbound
group-policy ASIA-xx internal
group-policy ASIA-xx attributes
dns-server value 10.6.1.245 10.6.1.246
vpn-tunnel-protocol IPSec
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_DNS
tunnel-group ASIA-xx type ipsec-ra
tunnel-group ASIA-xx general-attributes
address-pool Scott_VPN_Pool
default-group-policy ASIA-CEO
tunnel-group ASIA-xx ipsec-attributes
pre-shared-key xxxxx
username statham password xxxxxx
username statham attributes
vpn-group-policy ASIA-xx
thanks again for the support
cheers..
12-13-2012 12:55 AM
Hello,
I went quickly through your configuration.
1.
isakmp enable outside - i belive this command doesn't exist,
crypto isakmp enable outside - this should be enough
2.
you are specifiing default-group-policy ASIA-CEO,
but it is not at least at your configuration (ASIA-CEO group-policy)
3.
Also routing should be configured correctly.
Please rate helpful posts
Best Regards,
Eugene
12-13-2012 12:58 AM
Thank you very much Eugene, will test this and offcourse will rate this
many thanks
cheers..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: