hi ,
iam facing trouble in configuring remote access vpn on cisco asa 5510 on dynamic ip and site to site vpn configuration with sonicwall nsa 240 running on static ip.
following is the configuration i have made for remote access vpn
User Access Verification
Password:
Type help or '?' for a list of available commands.
ajmfw> en
Password: ********
ajmfw# show run
: Saved
:
ASA Version 7.0(8)
!
hostname ajmfw
domain-name pix.ajm.local
enable password rRiL7GeK5Rz8u8fp encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.10.101 255.255.255.0
management-only
!
ftp mode passive
clock timezone GST 4
object-group service rdp tcp
port-object range 3389 3389
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.60.0 255.255.255.240
access-list ajmmobile_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool ajmpool 192.168.60.1-192.168.60.10 mask 255.255.255.0
no failover
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy ajmmobile internal
group-policy ajmmobile attributes
wins-server value 192.168.1.100
dns-server value 192.168.1.100 213.42.20.20
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ajmmobile_splitTunnelAcl
default-domain value ajmdubai.local
webvpn
username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
username youmna password aCnHruhwBOyHXsvR encrypted
username netcare password m9piWoZJb5Cm5Vy1 encrypted privilege 0
username netcare attributes
vpn-group-policy ajmmobile
webvpn
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp nat-traversal 20
tunnel-group ajmmobile type ipsec-ra
tunnel-group ajmmobile general-attributes
address-pool ajmpool
default-group-policy ajmmobile
tunnel-group ajmmobile ipsec-attributes
pre-shared-key *
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 195.229.241.222 213.42.20.20
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
please respond asap
