COMPUTER TIPS
How to configure Remote Access VPN using ASA?
Remote Access VPN (Easy VPN) provides a secure tunnel over the public network to the off-site users. Easy VPN is a proper client-server model, that is why we will try to perform maximum configurations on the sever end and use Cisco VPN client software at user end to establish connection.
Basic steps for Easy VPN Configuration:
1- First configure the ASA interface
Interface name
Security level
IP address
Enable crypto isakmp on ASA
2- Configure IP pool
Pool name
Range of IP addresses to be used in pool
3- Configure user accounts
Username
Password
3- First define the ISAKMP Policy.
Authentication
Hash
Encryption
Group
4- Establish IPsec transform set.
Esp-des
Esp-md5-hmac
Esp-aes
Asp-sha-hmac
5- Configure tunnel group
Group name
Group policies
6- Now apply crypto map on the outside interface.
- Used to verify the outgoing interface traffic
Configuration of ASA
ASA(config)#interface GigabitEthernet 0/1ASA(config-if)# no shutdownASA(config-if)# nameif outsideASA(config-if)# ip address 20.1.1.50 255.0.0.0ASA(config-if)#exitASA(config)# crypto isakmp enable outside
(To enable crypto isakmp on ASA)
ASA(config)# ip local poolname 30.1.1.1-30.1.1.50
(define IP pool)
ASA(config)# route outside 0 0 20.0.0.0
ASA(config)# username Mark password Cisco(define username and password)Now defined the IKE polices on ASA
ASA-(config)#crypto isakmp policy 10
(10 is isakmp policy number)
ASA(config-isakmp)#encryption des
(enable encryption des)
ASA(config-isakmp)#hash md5
(enable algorithm md5 for hashing)
ASA(config-isakmp)#authentication pre-share
(enable Pre-shared method)
ASA(config-isakmp)#group 2
(enable diffie-Helman group 2)
ASA(config-isakmp)#exit
(Exit from crypto isakmp mode)
ASA(config)#crypto ipsec transform-set ts2 esp-des esp-md5-hmac
(Here encryption type is des and hashing technique is md5-hmac)
ASA(config)# crypto dynamic-map dmap 10 set transform-set ts2
(apply the transform set)
ASA(config)#crypto map imap 10 ipsec-isakmp dynamic dmap
(call dynamic-map in crypto map name imap)
ASA(config)# tunnel-group marketing type ipsec-ra
(create a group for marketing department)
ASA(config)# tunnel-group marketing general-attributes
ASA(config-general)# address-pool poolname
ASA(config-general)# exitASA(config)# tunnel-group marketing ipsec-attributesASA(config-ipsec)# pre-shared-key CiscoASA(config-ipsec)# exit
ASA-B(config)# crypto map imap interface outside
(Apply crypto map on outside interface)
Now to verify the secure tunnel, dial connection from user end using Cisco VPN client.
Break or recover the router passwordSuggested Reading
Routing Information Protocol (RIP) Configuration
How to configure site-to-site VPN tunnel using ASA? New
How to protect EIGRP router from receiving unsigned routing updates?
How to configure BGP between two different autonomous systems?
How to configure virtual link between different areas in OSPF?
How to perform unequal-cost load balancing using EIGRP?
How to configure Site-to-Site IPsec VPN?
How configure EIGRP authentication to prevent unauthorized access?
How to configure BGP with weight attribute?
How to perform configuration and convergence between RIP and IGRP protocols?
Interior Gateway Routing Protocol (IGRP) Configuration
Extended IP Access Control List
Enhanced Interior Gateway Routing Protocol (EIGRP) Configuration
Useful Router commands and configuration Common Frame Relay Configuration
Home | Previous Page | Site Map | About Us
