Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
0
Replies

VPN Between Cisco 4g Router with Dynamic private ip And cisco ASA 5520 Static Private ip

Nishad Dadhaniya
Level 1
Level 1

‎06-08-2015 06:49 AM

Hello Guys

I want to achieve vpn connectivity between Cisco 4g Router C819HG and Cisco ASA 5520 with 8.2 code , as i read documentation i saw this router is supports ezvpn , I have this 4g router with dynamic Private IP and Cisco ASA with static Public IP , Can Anyone please share how can we achieve this task
 

I already made configuration But not tested , Please ignore IP address scheme .

 

   

    Router
    ======
     
    aaa new-model
    !
    aaa authentication login rtr-remote local
    aaa authorization network rtr-remote local
    aaa session-id common
    !
    username Cisco password 0 *****
    username admin password 0 *************
    userbane cgc password 0 ******************
    !
    crypto isakmp policy 1
    encryption 3des
    authentication pre-share
    group 2
    lifetime 480
    !
    ip local pool dynpool 192.168.2.10 192.168.2.50
     
    !
    crypto isakmp client configuration group rtr-remote
    key secret-password
    dns 212.77.192.59 212.77.192.60
    domain company.com
    pool dynpool
    !
    crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
    !
    crypto ipsec security-association lifetime seconds 86400
    !
    crypto dynamic-map dynmap 1
    set transform-set vpn1
    reverse-route
    !
    crypto map static-map 1 ipsec-isakmp dynamic dynmap
    crypto map dynmap isakmp authorization list rtr-remote
    crypto map dynmap client configuration address respond
     
    crypto ipsec client ezvpn ezvpnclient
    connect auto
    group 2 key secret-password
    mode client
    peer 78.100.x.x 255.255.255.248
    !
     
    interface fastethernet 4
    crypto ipsec client ezvpn ezvpnclient outside
    crypto map static-map
    !
    interface vlan 1
    crypto ipsec client ezvpn ezvpnclient inside
     
     
    =====
    ASA
    =====
    !Configuration (Easy VPN Server)
     
    ! Assumes local subnet = 10.223.0.0/24
    ! Assumes remote subnet = 192.168.2.0/24
     
    ! isakmp policies
    crypto isakmp enable outside
    crypto isakmp policy 10
    encryption 3des
    authentication pre-share
    group 2
    lifetime 480
     
    ! NAT exemptions
    access-list NONAT extended permit ip 10.223.0.0 255.255.255.0 192.168.2.0 255.255.255.0
    nat (inside) 0 access-list SD_NONAT
     
    ! Defines the remote subnet
    access-list EZVPN_ACL remark ACL for EZ VPN Remote
    access-list EZVPN_ACL extended permit ip 10.223.0.0 255.255.255.0 192.168.2.0 255.255.255.0
     
    ! Group policy defines the configuration applied to the EZ VPN Remote client
    group-policy EZVPN_GP internal
    group-policy EZVPN_GP attributes
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value EZVPN_ACL
     nem enable
     webvpn
     
    ! Tunnel group is used for initial authentication and to apply group policy
    tunnel-group EZVPN_TG type ipsec-ra
    tunnel-group EZVPN_TG general-attributes
    default-group-policy EZVPN_GP
    tunnel-group EZVPN_TG ipsec-attributes
    pre-shared-key <group password here>
     
    ! EZ VPN remote user account password
    username EZVPN_ACL password <user password here>
     
    crypto dynamic-map DYNAMIC-MAP 5 set transform-set ESP-AES-128-SHA
    crypto map OUTSIDE_MAP 65530 ipsec-isakmp dynamic DYNAMIC-MAP
1 person had this problem
Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents