Configuring Remote Access IPSec VPNs
Remote access VPNs let single users connect to a central site through a secure connection over a TCP/IP
network such as the Internet.
This chapter describes how to build a remote access VPN connection. It includes the following sections:
•
•
•
•
•
•
•
•
•
Summary of the Configuration
This chapter uses the following configuration to explain how to configure a remote access connection.
Later sections provide step-by-step instructions.
hostname(config)# interface ethernet0
hostname(config-if)# ip address 10.10.4.200 255.255.0.0
hostname(config-if)# nameif outside
hostname(config)# no shutdown
hostname(config)# isakmp policy 1 authentication pre-share
hostname(config)# isakmp policy 1 encryption 3des
hostname(config)# isakmp policy 1 hash sha
hostname(config)# isakmp policy 1 group 2
hostname(config)# isakmp policy 1 lifetime 43200
hostname(config)# isakmp enable outside
hostname(config)# ip local pool testpool 192.168.0.10-192.168.0.15
hostname(config)# username testuser password 12345678
hostname(config)# crypto ipsec transform set FirstSet esp-3des esp-md5-hmac
hostname(config)# tunnel-group testgroup type ipsec-ra
hostname(config)# tunnel-group testgroup general-attributes
hostname(config-general)# address-pool testpool
hostname(config)# tunnel-group testgroup ipsec-attributes
hostname(config-ipsec)# pre-shared-key 44kkaol59636jnfx
hostname(config)# crypto dynamic-map dyn1 1 set transform-set FirstSet
OL-10088-01
Summary of the Configuration, page 32-1
Configuring Interfaces, page 32-2
Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface, page 32-3
Configuring an Address Pool, page 32-4
Adding a User, page 32-4
Creating a Transform Set, page 32-4
Defining a Tunnel Group, page 32-5
Creating a Dynamic Crypto Map, page 32-6
Creating a Crypto Map Entry to Use the Dynamic Crypto Map, page 32-7
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
32
32-1