Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
1
Replies

ASA configuration

The_guroo_2
Level 2
Level 2

‎05-26-2012 01:18 AM

Guys we have an ASA to which lot of tunnels, VPn hget terminated......i have taken some config but cant get my head around

1-

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set my-set esp-des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map outside_dyn_map 222 set transform-set ESP-3DES-SHA ESP-3DES-MD5

crypto dynamic-map outside_dyn_map 222 set security-association lifetime seconds 86400

crypto map clientmap 5 match address CBB_VPN-ACL

crypto map clientmap 5 set peer X.158.X.200

crypto map clientmap 5 set transform-set ESP-3DES-SHA

2-

ip local pool ippool-client X.88.77.14 mask 255.255.255.240

3-

crypto map clientmap interface External

crypto isakmp identity address

crypto isakmp enable External

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 2

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 3

authentication pre-share

encryption des

hash md5

group 2

lifetime 1000

crypto isakmp policy 4

authentication pre-share

encryption des

hash sha

group 2

lifetime 26400

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 26400

4-

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

group-policy vpngroup-HP internal

group-policy vpngroup-HP attributes

5-

tunnel-group X.22.110.64 type ipsec-l2l

tunnel-group X.150.23.126 type ipsec-l2l

tunnel-group X.150.23.126 ipsec-attributes

pre-shared-key *

6-

username HP password jwhshwikb9p6L8r encrypted

Guys can someone plz tell me what 1 to 6 are doing.......i am confused and cant get my head around....

what is teh differenc ebetween l2l and site to site VPN as i have been told that there are site to site vpn (lan to lan) and remote access vpn as well

Thanks

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-26-2012 05:31 AM

Here is a sample configuration for lan-to-lan tunnel, and it explains what each relevant vpn configuration does:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml

Here is a sample configuration for remote access vpn, and also explains what it does:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

Here is the split tunnel explaination:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

Hope the above helps all your question 1-6.

0 Helpful
Customers Also Viewed These Support Documents