Filter
Top Products
69-14
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 69 Configuring Remote Access IPsec VPNs
Configuration Examples for Remote Access IPsec VPNs
Detailed Steps
Saving the Security Appliance Configuration
After performing the preceding configuration tasks, be sure to save your configuration changes as shown
in this example:
Configuration Examples for Remote Access IPsec VPNs
The following example shows how to configure a remote access IPsec/IKEv1 VPN:
hostname(config)# interface ethernet0
hostname(config-if)# ip address 10.10.4.200 255.255.0.0
hostname(config-if)# nameif outside
hostname(config-if)# no shutdown
hostname(config)# crypto ikev1 policy 1
hostname(config-ikev1-policy)# authentication pre-share
hostname(config-ikev1-policy)# encryption 3des
hostname(config-ikev1-policy)# hash sha
hostname(config-ikev1-policy)# group 2
hostname(config-ikev1-policy)# lifetime 43200
hostname(config)# crypto ikev1 enable outside
hostname(config)# ip local pool testpool 192.168.0.10-192.168.0.15
hostname(config)# username testuser password 12345678
Command Purpose
Step 1
crypto map map-name seq-num ipsec-isakmp
dynamic dynamic-map-name
Example:
hostname(config)# crypto map mymap 1
ipsec-isakmp dynamic dyn1
hostname(config)#
Creates a crypto map entry that uses a dynamic crypto map.
Step 2
crypto map map-name interface
interface-name
Example:
hostname(config)# crypto map mymap
interface outside
hostname(config)#
Applies the crypto map to the outside interface.
Command Purpose
write memory
Example:
hostname(config-if)# write memory
Building configuration...
Cryptochecksum: 0f80bf71 1623a231 63f27ccf 8700ca6d
11679 bytes copied in 3.390 secs (3893 bytes/sec)
[OK]
hostname(config-if)#
Saves the changes to the configuration.