[cisco/head.htm]
[cisco/samples/ads/adsleft.htm]

 

ASA VPN Configuration

 

ASA Version 7.0(6)

!

hostname ASA5510

names

dns-guard

!

interface Ethernet0/0

 nameif outside

 security-level 0

 ip address x.x.x.198 255.255.255.224

!

interface Ethernet0/1

 nameif inside

 security-level 100

 ip address 10.0.0.4 255.255.0.0

!

interface Ethernet0/2

 nameif DMZ

 security-level 50

 ip address 172.16.252.254 255.255.0.0

!

interface Management0/0

 nameif management

 security-level 100

 ip address 192.168.1.1 255.255.255.0

 management-only

!

ftp mode passive

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.0.0 192.168

.198.0 255.255.255.0

access-list DMZ_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.

198.0 255.255.255.0

pager lines 24

logging enable

logging asdm informational

mtu management 1500

mtu inside 1500

mtu DMZ 1500

mtu outside 1500

ip local pool vpn198 192.168.198.10-192.168.198.254 mask 255.255.255.0

asdm image disk0:/asdm506.bin

no asdm history enable

arp timeout 14400

global (outside) 10 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 10 0.0.0.0 0.0.0.0

nat (DMZ) 0 access-list DMZ_nat0_outbound

nat (DMZ) 10 172.16.0.0 255.255.0.0

route outside 0.0.0.0 0.0.0.0 x.x.x.193 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

group-policy VPN198 internal

group-policy VPN198 attributes

 wins-server value 10.0.0.29 10.0.0.19

 dns-server value 10.0.0.29 10.0.0.19

 split-tunnel-policy tunnelall

 default-domain value chicagobotanic.org

 webvpn

vpn-group-policy VPN198

 webvpn

http server enable

http 192.168.1.0 255.255.255.0 management

http 10.0.0.0 255.255.0.0 inside

http x.x.x.208 255.255.255.255 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group VPN198 type ipsec-ra

tunnel-group VPN198 general-attributes

 address-pool vpn198

 default-group-policy VPN198

tunnel-group VPN198 ipsec-attributes

 pre-shared-key *

telnet 0.0.0.0 0.0.0.0 inside

telnet x.x.x.208 255.255.255.255 outside

telnet timeout 5

ssh x.x.x.208 255.255.255.255 outside

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd address 10.0.0.107-10.0.0.108 inside

dhcpd dns 4.2.2.1

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

dhcpd enable inside

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map global_policy

 class inspection_default

  inspect dns maximum-length 512

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

 

Post your questions, comments, feedbacks and suggestions

Related Topics


 

 [cisco/samples/ads/adsright.htm]

 
 [cisco/samples/footer.htm]