Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
2
Replies

add SSL VPN to existing site-site vpn?

redrobish
Level 1
Level 1

‎07-25-2007 12:06 AM

Hi,

I got a point-point connection bet both ASA 5505 (office A & office B) that's working quite well. Now I wanted to access thru vpn from my house so that I can connect to my office network. I want to add a config that will not affect the existing config...im just a newbie...

Can anyone help me with step by step procedure? or a sample config?

I hope to use SSL VPN Client 1.1.3 & dynamic DSL at home.

tia

Rob

here's my config:

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.10.1 255.255.255.0

!

interface Vlan11

nameif outside

security-level 0

ip address x.x.x.x 255.255.255.240

!

interface Ethernet0/0

switchport access vlan 11

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd xxx

ftp mode passive

dns server-group DefaultDNS

domain-name baket.com

access-list 101 extended permit ip any 192.168.10.0 255.255.255.0

access-list 102 extended permit ip any 192.168.10.0 255.255.255.0

access-list 111 extended permit ip host 0.0.0.0 host y.y.y.y

pager lines 24

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

access-group 111 in interface outside

route outside 0.0.0.0 0.0.0.0 y.y.y.y 1

route outside 192.168.10.0 255.255.255.0 y.y.y.y 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map outside_map 20 match address 102

crypto map outside_map 20 set peer x.x.x.x

crypto map outside_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group x.x.x.x type ipsec-l2l

tunnel-group x.x.x.x ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

management-access inside

Labels:
0 Helpful
2 Replies 2

purohit_810
Level 5
Level 5

‎07-28-2007 11:18 AM

Hi,

Do you have ASDM installed?

If yes, Follow this steps:

http://www.cisco.com/en/US/products/ps6120/products_getting_started_guide_chapter09186a0080838ea3.html

Regards,

Dharmesh Purohit

0 Helpful

redrobish
Level 1
Level 1
In response to purohit_810

‎07-29-2007 03:48 PM

Thanks for the help.

Do you think i will not affect my existing config? it's a live config...

tia

0 Helpful
Customers Also Viewed These Support Documents