ASA twsit and turns

Unanswered Question
May 26th, 2012
User Badges:

Guys we have an ASA to which lot of tunnels, VPn hget terminated......i have taken some config but cant get my head around


1-

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set my-set esp-des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map outside_dyn_map 222 set transform-set ESP-3DES-SHA ESP-3DES-MD5

crypto dynamic-map outside_dyn_map 222 set security-association lifetime seconds 86400


crypto map clientmap 5 match address CBB_VPN-ACL

crypto map clientmap 5 set peer X.158.X.200

crypto map clientmap 5 set transform-set ESP-3DES-SHA



2-


ip local pool ippool-client X.88.77.14 mask 255.255.255.240


3-

crypto map clientmap interface External

crypto isakmp identity address

crypto isakmp enable External

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 2

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 3

authentication pre-share

encryption des

hash md5

group 2

lifetime 1000

crypto isakmp policy 4

authentication pre-share

encryption des

hash sha

group 2

lifetime 26400

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 26400


4-

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

group-policy vpngroup-HP internal

group-policy vpngroup-HP attributes


5-


tunnel-group X.22.110.64 type ipsec-l2l

tunnel-group X.150.23.126 type ipsec-l2l

tunnel-group X.150.23.126 ipsec-attributes

pre-shared-key *


6-

username HP password jwhshwikb9p6L8r encrypted



Guys can someone plz tell me what 1 to 6 are doing.......i am confused and cant get my head around....


what is teh differenc ebetween l2l and site to site VPN as i have been told that there are site to site vpn (lan to lan) and remote access vpn as well


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Sat, 05/26/2012 - 05:31
User Badges:
  • Cisco Employee,

Here is a sample configuration for lan-to-lan tunnel, and it explains what each relevant vpn configuration does:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml


Here is a sample configuration for remote access vpn, and also explains what it does:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml


Here is the split tunnel explaination:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml


Hope the above helps all your question 1-6.

Actions

This Discussion