[cisco/samples/ads/adsleft.htm]
|
ASA VPN Configuration
ASA Version 7.0(6) ! hostname ASA5510 names dns-guard ! interface Ethernet0/0 nameif outside security-level
0 ip address
x.x.x.198 255.255.255.224 ! interface Ethernet0/1 nameif inside security-level
100 ip address
10.0.0.4 255.255.0.0 ! interface Ethernet0/2 nameif DMZ security-level
50 ip address
172.16.252.254 255.255.0.0 ! interface Management0/0 nameif
management security-level
100 ip address
192.168.1.1 255.255.255.0 management-only ! ftp mode passive access-list inside_nat0_outbound extended permit ip
10.0.0.0 255.255.0.0 192.168 .198.0 255.255.255.0 access-list DMZ_nat0_outbound extended permit ip
172.16.0.0 255.255.0.0 192.168. 198.0 255.255.255.0 pager lines 24 logging enable logging asdm informational mtu management 1500 mtu inside 1500 mtu DMZ 1500 mtu outside 1500 ip local pool vpn198 192.168.198.10-192.168.198.254
mask 255.255.255.0 asdm image disk0:/asdm506.bin no asdm history enable arp timeout 14400 global (outside) 10 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 10 0.0.0.0 0.0.0.0 nat (DMZ) 0 access-list DMZ_nat0_outbound nat (DMZ) 10 172.16.0.0 255.255.0.0 route outside 0.0.0.0 0.0.0.0 x.x.x.193 1 timeout xlate 3: timeout conn timeout sunrpc 0: timeout mgcp-pat 0: timeout uauth 0: group-policy VPN198 internal group-policy VPN198 attributes wins-server
value 10.0.0.29 10.0.0.19 dns-server
value 10.0.0.29 10.0.0.19 split-tunnel-policy
tunnelall default-domain
value chicagobotanic.org webvpn vpn-group-policy VPN198 webvpn http server enable http 192.168.1.0 255.255.255.0 management http 10.0.0.0 255.255.0.0 inside http x.x.x.208 255.255.255.255 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup
linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des
esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set transform-set
ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic
outside_dyn_map crypto map outside_map interface outside isakmp enable outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 tunnel-group VPN198 type ipsec-ra tunnel-group VPN198 general-attributes address-pool
vpn198 default-group-policy
VPN198 tunnel-group VPN198 ipsec-attributes pre-shared-key
* telnet 0.0.0.0 0.0.0.0 inside telnet x.x.x.208 255.255.255.255 outside telnet timeout 5 ssh x.x.x.208 255.255.255.255 outside ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd address 10.0.0.107-10.0.0.108 inside dhcpd dns 4.2.2.1 dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd enable management dhcpd enable inside ! class-map inspection_default match
default-inspection-traffic ! ! policy-map global_policy class
inspection_default inspect
dns maximum-length 512 inspect
ftp inspect
h323 h225 inspect
h323 ras inspect
rsh inspect
rtsp inspect
esmtp inspect
sqlnet inspect
skinny inspect
sunrpc inspect
xdmcp inspect
sip inspect
netbios inspect
tftp !
Post your questions, comments, feedbacks and suggestions Related Topics
|
[cisco/samples/ads/adsright.htm]
|