Cisco ASA Series Cli Configuration Manual page 1604
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring L2TP over IPsec
Command
Step 15
crypto isakmp nat-traversal seconds
Example:
hostname(config)# crypto isakmp enable
hostname(config)# crypto isakmp nat-traversal 1500
Step 16
strip-group
strip-realm
Example:
hostname(config)# tunnel-group DefaultRAGroup
general-attributes
hostname(config-tunnel-general)# strip-group
hostname(config-tunnel-general)# strip-realm
Step 17
username name password password mschap
Example:
hostname
(config)# username jdoe password j!doe1 mschap
Step 18
crypto isakmp policy priority
Example:
hostname(config)# crypto isakmp policy 5
Creating IKE Policies to Respond to Windows 7 Proposals
Windows 7 L2TP/IPsec clients send several IKE policy proposals to establish a VPN connection with
the ASA. Define one of the following IKE policies to facilitate connections from Windows 7 VPN native
clients.
Cisco ASA Series CLI Configuration Guide
1-12
Chapter 1
Configuring L2TP over IPsec
Purpose
(Optional) Enables NAT traversal so that
ESP packets can pass through one or more
NAT devices.
If you expect multiple L2TP clients behind
a NAT device to attempt L2TP over IPsec
connections to the adaptive security
appliance, you must enable NAT traversal.
To enable NAT traversal globally, check that
ISAKMP is enabled (you can enable it with
the crypto isakmp enable command) in
global configuration mode, and then use the
crypto isakmp nat-traversal command.
(Optional) Configures tunnel group
switching. The goal of tunnel group
switching is to give users a better chance at
establishing a VPN connection when they
authenticate using a proxy authentication
server. Tunnel group is synonymous with
connection profile.
This example shows creating a user with the
username
, the password
jdoe
mschap option specifies that the password is
converted to Unicode and hashed using
MD4 after you enter it.
This step is needed only if you are using a
local user database.
The crypto isakmp policy command creates
the IKE Policy for Phsase 1 and assigns it a
number. There are several different
configurable parameters of the IKE policy
that you can configure.
The isakamp policy is needed so the ASA
can complete the IKE negotiation.
See the
"Creating IKE Policies to Respond
to Windows 7 Proposals" section on
page 1-12
for configuration examples for
Windows 7 native VPN clients.
The
j!doe1.
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
