12-12-2012 08:34 PM - edited 02-21-2020 06:33 PM
Hi All,
Am very new to ASA, and am learning on how to configure simple VPN access for a user to login to the corporate network and access the resource and get emails
I do not want to use CA certificate for authentication instead a very simple method is what i plan to start up with
Can any of you please provide me with the configuration step so i can test this out.
many thanks for this
cheers..
12-12-2012 11:16 PM
Hello,
please refer to this configuration guide:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpnrmote.html
Best Regards,
Eugene
12-13-2012 12:40 AM
Thanks for the link, i have prepared the configuration based on what i study from the link and from few other sites can you please let me know if this will work
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp enable outside
ip local pool Scott_VPN_Pool 10.6.31.245-10.6.31.245 mask 255.255.255.0
crypto dynamic-map Statham 1 set transform-set esp-sha-hmac
crypto dynamic-map Statham 1 set reverse route
crypto map Stathammap 1 ipsec-isakmp dynamic Statham
crypto map Stathammap interface outside
crypto isakmp nat-traversal 20
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
access-list inside_nat0_outbound extended permit ip any 10.6.31.245 255.255.255.255
access-list SPLIT_DNS extended permit ip 10.0.0.0 255.0.0.0
nat (inside) 0 access-list inside_nat0_outbound
group-policy ASIA-xx internal
group-policy ASIA-xx attributes
dns-server value 10.6.1.245 10.6.1.246
vpn-tunnel-protocol IPSec
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_DNS
tunnel-group ASIA-xx type ipsec-ra
tunnel-group ASIA-xx general-attributes
address-pool Scott_VPN_Pool
default-group-policy ASIA-CEO
tunnel-group ASIA-xx ipsec-attributes
pre-shared-key xxxxx
username statham password xxxxxx
username statham attributes
vpn-group-policy ASIA-xx
thanks again for the support
cheers..
12-13-2012 12:55 AM
Hello,
I went quickly through your configuration.
1.
isakmp enable outside - i belive this command doesn't exist,
crypto isakmp enable outside - this should be enough
2.
you are specifiing default-group-policy ASIA-CEO,
but it is not at least at your configuration (ASIA-CEO group-policy)
3.
Also routing should be configured correctly.
Please rate helpful posts
Best Regards,
Eugene
12-13-2012 12:58 AM
Thank you very much Eugene, will test this and offcourse will rate this
many thanks
cheers..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide