Below is the minimal configuration needed to implement remote access VPN's on a Cisco ASA 5505 running 8.4. Please keep in mind that the names that I used in my configuration is of my dog but it's best practice to use a name that describes what / who its for.
Enable ISAKMP on the interface:
ASA-2(config)# crypto ikev1 enable outside
ASA-2(config)# crypto ikev1 policy 1
ASA-2(config-ikev1-policy)# encryption 3des
ASA-2(config-ikev1-policy)# authentication pre-share
ASA-2(config-ikev1-policy)# hash md5
Setup your Group Policies & Tunnel Policies
ASA-2(config)# group-policy oscar_GP internal
ASA-2(config)# group-policy oscar_GP attributes
ASA-2(config-group-policy)# vpn-tunnel-protocol ikev1
ASA-2(config-group-policy)# address-pools value oscar_pool
*******************
ASA-2(config)# tunnel-group oscar_tg type remote-access
ASA-2(config)# tunnel-group oscar_tg general-attributes
ASA-2(config-tunnel-general)# default-group-policy oscar_GP
ASA-2(config-tunnel-general)# authentication-server-group LOCAL
ASA-2(config)# tunnel-group oscar_tg ipsec-attributes
ASA-2(config-tunnel-ipsec)# ikev1 pre-shared-key C1sc0
*******************
ASA-2(config)# crypto ipsec ikev1 transform-set oscar_trans esp-3des esp-md5-hmac
ASA-2(config)# ip local pool oscar_pool 10.1.2.140-10.1.2.145 mask 255.255.255.0
ASA-2(config)# crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set oscar_trans
ASA-2(config)#username oscar password omEMDQBc9noujG1X encrypted privilege 15
ASA-2(config)# crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
ASA-2(config)# crypto map outside_map interface outside
thx
ReplyDelete