Hello Guys
I want to achieve vpn connectivity between Cisco 4g Router C819HG and Cisco ASA 5520 with 8.2 code , as i read documentation i saw this router is supports ezvpn , I have this 4g router with dynamic Private IP and Cisco ASA with static Public IP , Can Anyone please share how can we achieve this task
I already made configuration But not tested , Please ignore IP address scheme .
Router
======
aaa new-model
!
aaa authentication login rtr-remote local
aaa authorization network rtr-remote local
aaa session-id common
!
username Cisco password 0 *****
username admin password 0 *************
userbane cgc password 0 ******************
!
crypto isakmp policy 1
encryption 3des
authentication pre-share
group 2
lifetime 480
!
ip local pool dynpool 192.168.2.10 192.168.2.50
!
crypto isakmp client configuration group rtr-remote
key secret-password
dns 212.77.192.59 212.77.192.60
domain company.com
pool dynpool
!
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
!
crypto ipsec security-association lifetime seconds 86400
!
crypto dynamic-map dynmap 1
set transform-set vpn1
reverse-route
!
crypto map static-map 1 ipsec-isakmp dynamic dynmap
crypto map dynmap isakmp authorization list rtr-remote
crypto map dynmap client configuration address respond
crypto ipsec client ezvpn ezvpnclient
connect auto
group 2 key secret-password
mode client
peer 78.100.x.x 255.255.255.248
!
interface fastethernet 4
crypto ipsec client ezvpn ezvpnclient outside
crypto map static-map
!
interface vlan 1
crypto ipsec client ezvpn ezvpnclient inside
=====
ASA
=====
!Configuration (Easy VPN Server)
! Assumes local subnet = 10.223.0.0/24
! Assumes remote subnet = 192.168.2.0/24
! isakmp policies
crypto isakmp enable outside
crypto isakmp policy 10
encryption 3des
authentication pre-share
group 2
lifetime 480
! NAT exemptions
access-list NONAT extended permit ip 10.223.0.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list SD_NONAT
! Defines the remote subnet
access-list EZVPN_ACL remark ACL for EZ VPN Remote
access-list EZVPN_ACL extended permit ip 10.223.0.0 255.255.255.0 192.168.2.0 255.255.255.0
! Group policy defines the configuration applied to the EZ VPN Remote client
group-policy EZVPN_GP internal
group-policy EZVPN_GP attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN_ACL
nem enable
webvpn
! Tunnel group is used for initial authentication and to apply group policy
tunnel-group EZVPN_TG type ipsec-ra
tunnel-group EZVPN_TG general-attributes
default-group-policy EZVPN_GP
tunnel-group EZVPN_TG ipsec-attributes
pre-shared-key <group password here>
! EZ VPN remote user account password
username EZVPN_ACL password <user password here>
crypto dynamic-map DYNAMIC-MAP 5 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 65530 ipsec-isakmp dynamic DYNAMIC-MAP