Hi, I have a project that needs to provide my vendor VPN client access. Here are the simple requirements.
1. They want to use just group name/password in Cisco clients without being prompted for username/password because they'll have an automated script using .PCF file that I'll provide to them.
2. They only want limited access to one server 192.168.1 51 via ports 1433, 135 and 445.
Here is the short config but this config doesn't meet the requirements. Please tell me how to modify this to meet two requirements.
ASA 7(2)1
interface ethernet0
ip address 10.10.4.200 255.255.0.0
nameif outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp enable outside
ip local pool testpool 192.168.0.10-192.168.0.15
username testuser password 12345678
crypto ipsec transform set FirstSet esp-3des esp-md5-hmac
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
address-pool testpool
tunnel-group testgroup ipsec-attributes
pre-shared-key xxx
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside