01-19-2006 01:53 AM - edited 02-21-2020 02:12 PM
I have a problem with vpn client access and local ip pool. In Pix version 6.3x when i created ip local pool an object was also created under Hosts/Network and there was no problem to give this object (ip pool) access outside_access_in , but
in my ASA 7.04 there are no object created under Hosts/Networks. I have tried to use a filter (Filter_Av_10) under "Group-Policy" but i can´t get any traffic trough (see configuration below). It´s only working when i give the network 10.1.1.0/25 (ip pool) access outside_access_in (in Security Policy), is this the right way to do this?.
Could someone please explain this to me.
access-list Inside_access_in extended permit ip any any
access-list Outside_access_in extended permit icmp any any echo-reply
access-list Outside_access_in extended permit ip 10.1.1.0 255.255.255.128 192.0.0.0 255.255.255.0
access-list Filter_Av_10 extended permit ip 10.1.1.0 255.255.255.128 192.0.0.0 255.255.255.0
access-list easyv_av_butiker_splitTunnelAcl standard permit 192.0.0.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip 192.0.0.0 255.255.255.0 10.1.1.0 255.255.255.128
global (Outside) 10 interface
global (DMZ) 10 interface
nat (DMZ) 10 192.0.3.0 255.255.255.0
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 10 192.0.0.0 255.255.255.0
access-group Outside_access_in in interface Outside
access-group DMZ_access_in in interface DMZ
access-group Inside_access_in in interface Inside
access-group management_access_in in interface management
group-policy easyv_av_butiker internal
group-policy easyv_av_butiker attributes
vpn-filter value Filter_Av_10
split-tunnel-policy tunnelspecified
split-tunnel-network-list value easyv_av_butiker_splitTunnelAcl
webvpn
username xxx password xxx encrypted privilege 15
username xxx password xxx encrypted privilege 0
username xxx attributes
vpn-group-policy easyv_av_butiker
webvpn
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
isakmp enable Outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group easyv_av_butiker type ipsec-ra
tunnel-group easyv_av_butiker general-attributes
address-pool pool_10
default-group-policy easyv_av_butiker
tunnel-group easyv_av_butiker ipsec-attributes
pre-shared-key *
/Regards
01-25-2006 06:48 AM
To define the VPN Clients' IP address pool, perform the following tasks
Define the VPN Client's Local IP Address Pool
Reference the Local IP Address Pool to Reference IKE
Specify Gateway-initiated IKE Mode Configuration
The configuration given in the following url will give an idea to confiure VPN client.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide