07-25-2007 12:06 AM
Hi,
I got a point-point connection bet both ASA 5505 (office A & office B) that's working quite well. Now I wanted to access thru vpn from my house so that I can connect to my office network. I want to add a config that will not affect the existing config...im just a newbie...
Can anyone help me with step by step procedure? or a sample config?
I hope to use SSL VPN Client 1.1.3 & dynamic DSL at home.
tia
Rob
here's my config:
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Vlan11
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 11
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd xxx
ftp mode passive
dns server-group DefaultDNS
domain-name baket.com
access-list 101 extended permit ip any 192.168.10.0 255.255.255.0
access-list 102 extended permit ip any 192.168.10.0 255.255.255.0
access-list 111 extended permit ip host 0.0.0.0 host y.y.y.y
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
access-group 111 in interface outside
route outside 0.0.0.0 0.0.0.0 y.y.y.y 1
route outside 192.168.10.0 255.255.255.0 y.y.y.y 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 20 match address 102
crypto map outside_map 20 set peer x.x.x.x
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
07-28-2007 11:18 AM
Hi,
Do you have ASDM installed?
If yes, Follow this steps:
Regards,
Dharmesh Purohit
07-29-2007 03:48 PM
Thanks for the help.
Do you think i will not affect my existing config? it's a live config...
tia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide