additional IP Peer

Unanswered Question
May 17th, 2007

Hi,

can anyone give me a copy/sample of the config for ASA 5505 for additional IP peer.I got an existing connection (site-site-both ASA..here's my current config...

I need it for the home user using netgear...he got dynamic ip.

Config:

interface Vlan1

nameif inside

security-level 100

ip address x.x.x.x 255.255.255.0

!

interface Vlan11

nameif outside

security-level 0

ip address x.x.x.x 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 11

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd xxxxxxxx encrypted

ftp mode passive

dns server-group DefaultDNS

domain-name mynet.com

access-list 101 extended permit ip any x.x.x.x 255.255.255.0

access-list 102 extended permit ip any x.x.x.x 255.255.255.0

access-list 111 extended permit ip host x.x.x.x host y.y.y.y

pager lines 24

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

nat (inside) 0 access-list 101

access-group 111 in interface outside

route inside any 255.255.0.0 x.x.x.x. 1

route outside 0.0.0.0 0.0.0.0 y.y.y.y 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map outside_map 20 match address 102

crypto map outside_map 20 set peer x.x.x.x

crypto map outside_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group x.x.x.x type ipsec-l2l

tunnel-group x.x.x.x ipsec-attributes

pre-shared-key *

ssh timeout 5

console timeout 0

management-access inside

thanks,

Robert

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Wed, 05/23/2007 - 10:21

Groups and users are core concepts in the management of the security of VPNs and in the configuration of the security appliance. They specify attributes that determine users access to and use of the VPN. A group is a collection of users treated as a single entity. Users get their attributes from group policies. Tunnel groups identify the group policy for a specific connections. If you do not assign a particular group policy to a users, the default group policy for the connection applies.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

Actions

This Discussion