Config ASA VPN Client + 2 VPN L2L IPSec

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
Avatar utente
Wizard
Intergalactic subspace network admin
Messaggi: 3441
Iscritto il: ven 03 feb , 2006 10:04 am
Località: Emilia Romagna
Contatta:

Codice: Seleziona tutto

interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.111.1 255.255.255.0

access-list NAT0-INSIDE remark *** NAT0 PER VPN L2L ***
access-list NAT0-INSIDE extended permit ip 192.168.111.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list NAT0-INSIDE extended permit ip 192.168.111.0 255.255.255.0 192.168.111.220 255.255.255.254

access-list CRYPTO-ACL-RM remark *** CRYPTO ACL PER VPN L2L CON --- ***
access-list CRYPTO-ACL-RM extended permit ip 192.168.111.0 255.255.255.0 192.168.21.0 255.255.255.0
access-list CRYPTO-ACL-VM remark *** CRYPTO ACL PER VPN L2L CON --- ***
access-list CRYPTO-ACL-VM extended permit ip 192.168.111.0 255.255.255.0 192.168.23.0 255.255.255.0

access-list remote-admins_splitTunnel remark *** SPLIT TUNNEL PER VPN CLIENT ***
access-list remote-admins_splitTunnel standard permit 192.168.111.0 255.255.255.0

ip local pool remote-admins-pool 192.168.111.220-192.168.111.221 mask 255.255.255.0

global (outside) 1 interface
nat (inside) 0 access-list NAT0-INSIDE
nat (inside) 1 192.168.111.0 255.255.255.0

group-policy remote-admins internal
group-policy remote-admins attributes
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value remote-admins_splitTunnel

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route

crypto map outside_map 20 match address CRYPTO-ACL-RM
crypto map outside_map 20 set peer ---
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 30 match address CRYPTO-ACL-VM
crypto map outside_map 30 set peer ---
crypto map outside_map 30 set transform-set ESP-3DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside

crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
 
crypto isakmp nat-traversal  20
crypto isakmp disconnect-notify

tunnel-group DefaultRAGroup ipsec-attributes
 isakmp keepalive threshold 10 retry 2
tunnel-group IP_ADDRESS type ipsec-l2l
tunnel-group IP_ADDRESS ipsec-attributes
 pre-shared-key *
tunnel-group IP_ADDRESS type ipsec-l2l
tunnel-group IP_ADDRESS ipsec-attributes
 pre-shared-key *

 
tunnel-group remote-admins type ipsec-ra
tunnel-group remote-admins general-attributes
 address-pool remote-admins-pool
 default-group-policy remote-admins
 
tunnel-group remote-admins ipsec-attributes
 pre-shared-key *
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
levis
n00b
Messaggi: 13
Iscritto il: lun 21 mag , 2007 8:54 pm

Ti ringrazio.
Daro' un'occhiata asap.
A presto,
Levis
thehawk
Cisco power user
Messaggi: 101
Iscritto il: mer 25 ott , 2006 7:32 am

Approfondisco che sono molto interessato, grande Wizard
Rispondi