Hi, I have a project that needs to provide my vendor VPN client access. Here are the simple requirements.

1. They want to use just group name/password in Cisco clients without being prompted for username/password because they'll have an automated script using .PCF file that I'll provide to them.

2. They only want limited access to one server 192.168.1 51 via ports 1433, 135 and 445.

Here is the short config but this config doesn't meet the requirements. Please tell me how to modify this to meet two requirements.

ASA 7(2)1

interface ethernet0

ip address 10.10.4.200 255.255.0.0

nameif outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 43200

isakmp enable outside

ip local pool testpool 192.168.0.10-192.168.0.15

username testuser password 12345678

crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

tunnel-group testgroup type ipsec-ra

tunnel-group testgroup general-attributes

address-pool testpool

tunnel-group testgroup ipsec-attributes

pre-shared-key xxx

crypto dynamic-map dyn1 1 set transform-set FirstSet

crypto dynamic-map dyn1 1 set reverse-route

crypto map mymap 1 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside