Network

CISCO ASA 5506-X

CHOMAN 2017. 12. 1. 17:47


VPN 설정 CLI



crypto ikev1 policy 10

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

 exit


crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANS-ESP-3DES-SHA mode transport

crypto dynamic-map outside_dyn_map 10 set ikev1 transform-set TRANS-ESP-3DES-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto ikev1 enable outside


ip local pool Address-pool 10.0.0.1-10.0.0.254 mask 255.255.255.0


group-policy L2TP-VPN internal

group-policy L2TP-VPN attributes

 vpn-tunnel-protocol l2tp-ipsec

 default-domain value cisco.com

 username takakocap password speed99 mschap

 exit


tunnel-group DefaultRAGroup general-attributes

address-pool Address-pool

default-group-policy L2TP-VPN

exit


tunnel-group DefaultRAGroup ipsec-attributes

ikev1 pre-shared-key test1234

exit


tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

authentication ms-chap-v2

exit


object network L2TP-Pool

subnet 10.0.0.0 255.255.255.0

exit


nat (inside,outside) source static any any destination static L2TP-Pool L2TP-Pool no-proxy-arp route-lookup

 


저작자표시