Cisco asa l2tp over ipsec configuration details

Source: Internet
Author: User

Cisco asa l2tp over ipsec configuration explanation 1 create a VPN address pool ciscoasa (config) # ip local pool vpnpool 192.168.151.11-192.168.151.15 mask 255.0000000002 configure the Ipsec Encryption Algorithm as 3DES and SHA ciscoasa (config) # crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac3 configure IPSec transport mode as transport, the default is tunnel mode (L2TP only supports transport) Ciscoasa (config) # crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport4 use a transport group to define a dynamic Encryption Policy Ciscoasa (confi G) # crypto dynamic-map outside_dyn_map 10 set transform-set TRANS_ESP_3DES_SHA5 defines the encryption ing and applies it to the Internet interface (outside) # crypto map outside_map 10 ipsec-isakmp dynamic networking # crypto map outside_map interface outside 6 enable the isakmp policy on the Internet interface support Ciscoasa) # crypto isakmp policy 10 ciscoasa (config-isakmp-policy) # authentication pre-share ciscoasa (con Fig-isakmp-policy) # encryption 3des ciscoasa (config-isakmp-policy) # hash sha ciscoasa (config-isakmp-policy) # group 2 ciscoasa (config-isakmp-policy) # lifetime 86400 ciscoasa (config-isakmp-policy) # exit 8 set nat traversal ciscoasa (config) # crypto isakmp nat-traversal 10 9 configure the default internal group policy ciscoasa (config) # group-policy DefaultRAGroup internal 10 configure the default internal group policy attribute ciscoasa (config) # group-policy DefaultRAGroup attributes Ciscoasa (config-group-policy) # vpn-tunnel-protocol IPSec l2tp-ipsec ciscoasa (config-group-policy) # default-domain value cisco.com ciscoasa (config-group-policy) # dns-server value 202.96.209.20.note: to configure L2TP over IPsec as the vpn tunnel protocol, you must add IPSec, only l2tp-ipsec, vpn is not available 11 create a local user, and configure the password for the user, and specify the encryption algorithm ciscoasa (config) # username frank password frank mschap 12 to create the default tunnel group. You must use defaultRAGroup. L2TP does not support other groups, and define the authentication method as local. Ciscoasa (config) # tunnel-group DefaultRAGroup general-attributesciscoasa (config-tunnel-general) # authentication-server-group LOCALciscoasa (config-tunnel-general) # default-group-policy DefaultRAGroupciscoasa (config-tunnel-general) # address-pool vpnpoolciscoasa (config-tunnel-general) # exit 13 define the user's group policy ciscoasa (config-tunnel-general) # username frank attributesciscoasa (config-username) # vpn-group-policy DefaultRAGroupciscoasa (config-username) # vpn-tunnel-protocol IPSec l2tp-ipsecciscoasa (config-username) # exit14 configure the ipsec properties for the default tunnel group and configure the default tunnel group authentication mode as ms-chap-v2 ciscoasa (config) # tunnel-group DefaultRAGroup ppp-attributes ciscoasa (config-ppp) # authentication ms-chap-v2 ciscoasa (config-ppp) # exit15 the client needs to modify the registry [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ yyagent] "AssumeUDPEncapsulationContextOnSendRule" = dword: 00000002 16 to create a VPN connection to the work area on the client, set vpn attributes

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.