Could someone from you help me to implement the configuration i have on a soho 91 router to ASA 5505.
I will remove 10.10.10.1/24 from my inside network since as far as i am concern it was only implemented like this for security reasons.
I will use dhcp for my clients on 10.0.0.0/24 network.
Also i would be grateful if you could explain to me how actually vpdn works in my scenario.. from what i see in the configuration , since i didn't visit the remote site (only the hq) ...remote clients connect to hq using dial-in connection ..they receive ip on the same network 10.0.0.0/24 to be able to work with a program that hq is using..is this a layer 2 tunneling method? can i implement something different using asa but still be able to use the 10.0.0.0/24 network? as far as i know to configure anyconnect you have to create a different subnet for the remote clients..this is not what i need since they have to be on the same subnet as the hq.. are there are any other methods/options i can use for vpn? The other site is using only ISP'S router and access the internet, nothing special.
Below is the configuration
Current configuration : 3447 bytes ! version 12.3
hostname test ! boot-start-marker boot-end-marker ! no logging buffered
! username Admin password 7 [x] username s password 7 [y] aaa new-model ! ! aaa authentication login default local aaa authentication login CON none aaa authentication ppp default local aaa session-id common ip subnet-zero ip name-server [name server] ip dhcp excluded-address 10.0.0.254 ! ip dhcp pool CLIENT network 10.0.0.0 255.255.255.0 default-router 10.0.0.254 domain-name [domain-name] dns-server 10.0.0.1 lease 0 2 ! ! ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! ! ! ! ! no crypto isakmp enable ! ! ! interface Ethernet0 description CRWS Generated text. Please do not delete this:10.0.0.254-255.255.255.0 ip address 10.0.0.254 255.255.255.0 secondary ip address 10.10.10.1 255.255.255.0 ip nat inside no ip mroute-cache no cdp enable hold-queue 32 in ! interface Ethernet1 ip address [public ipr] 255.255.255.252 ip access-group 111 in ip nat outside ip inspect myfw out no ip mroute-cache duplex auto no cdp enable ! interface Virtual-Template1 ip unnumbered Ethernet0 peer default ip address pool pptp ppp authentication chap ! ip local pool pptp 10.0.0.245 10.0.0.250 ip classless ip route 0.0.0.0 0.0.0.0 [public gateway] ip http server no ip http secure-server ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 10.0.0.1 80 interface Ethernet1 80 ! ! access-list 23 permit 10.0.0.0 0.0.0.255 access-list 23 permit 10.10.10.0 0.0.0.255 access-list 102 permit ip 10.0.0.0 0.0.0.255 any access-list 111 permit icmp any any administratively-prohibited access-list 111 permit icmp any any echo access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq bootps access-list 111 permit udp any eq domain any access-list 111 permit esp any any access-list 111 permit udp any any eq isakmp access-list 111 permit udp any any eq 10000 access-list 111 permit tcp any any eq www access-list 111 permit tcp any any eq 1723 access-list 111 permit tcp any any eq 139 access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 111 deny ip any any no cdp run ! control-plane ! ! line con 0 exec-timeout 120 0 no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all line vty 0 4 access-class 23 in exec-timeout 120 0 length 0 transport preferred all transport input all transport output all ! scheduler max-task-time 5000 ! end
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...