Clean up VPN users on ASA 5505

Unanswered Question

I have moved from the PIX to ASA world and while some things are similar, there are a few things that are quite a bit different. After using the VPNGROUP command to create VPN users, I have a very ugly config. Can someone help me clean this up? Everyone uses the same DNS/WINS servers, address pool, etc. User authentication is handled by the ASA.


group-policy user1 internal

group-policy user1 attributes

wins-server value 192.168.1.10

dns-server value 192.168.1.10

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

default-domain value superfancydomain.local

group-policy user2 internal

group-policy user2 attributes

wins-server value 192.168.1.10

dns-server value 192.168.1.10

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

default-domain value superfancydomain.local

group-policy user3 internal

group-policy user3 attributes

wins-server value 192.168.1.10

dns-server value 192.168.1.10

vpn-idle-timeout 30

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

default-domain value superfancydomain.local

tunnel-group user1 type ipsec-ra

tunnel-group user1 general-attributes

address-pool CFPOOL

default-group-policy user1

tunnel-group user1 ipsec-attributes

pre-shared-key *

isakmp ikev1-user-authentication none

tunnel-group user3 type ipsec-ra

tunnel-group user3 general-attributes

address-pool CFPOOL

default-group-policy user3

tunnel-group user3 ipsec-attributes

pre-shared-key *

isakmp ikev1-user-authentication none

tunnel-group user2 type ipsec-ra

tunnel-group user2 general-attributes

address-pool CFPOOL

default-group-policy user2

tunnel-group user2 ipsec-attributes

pre-shared-key *

isakmp ikev1-user-authentication none


Any help is most appreciated!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion