Cisco ASA Series Cli Configuration Manual page 1609
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring L2TP over IPsec
Command
Step 1
Detailed CLI Configuration Steps, page 1-14
Step 1
show run crypto ikev1
Example:
hostname(config)# show run crypto ikev1
Step 2
crypto ikev1 policy number
Example:
hostname(config)# crypto ikev1 policy number
hostname(config-ikev1-policy)#
Step 3
authentication
Example:
hostname(config-ikev1-policy)# authentication pre-share
Step 4
encryption type
Example:
hostname(config-ikev1-policy)# encryption
{3des|aes|aes-256}
Step 5
hash
Example:
hostname(config-ikev1-policy)# hash sha
Step 6
group
Example:
hostname(config-ikev1-policy)# group 5
Step 7
lifetime
Example:
hostname(config-ikev1-policy)# lifetime 86400
Configuration Example for L2TP over IPsec Using ASA 8.2.5
The following example shows configuration file commands that ensure ASA compatibility with a native
VPN client on any operating system:
ip local pool sales_addresses 209.165.202.129-209.165.202.158
group-policy sales_policy internal
group-policy sales_policy attributes
wins-server value 209.165.201.3 209.165.201.4
dns-server value 209.165.201.1 209.165.201.2
Configuring L2TP over IPsec
Purpose
Follow the
Detailed CLI Configuration
Steps
procedure through step
the additional steps in this table to configure
the IKE policy for Windows 7 native VPN
clients.
Displays the attributes and the number of
any existing IKE policies.
Allows you to configure an IKE policy. The
number argument specifies the number of
the IKE policy you are configuring. This
number was listed in the output of the
command.
run crypto ikev1
Sets the authentication method the ASA
uses to establish the identity of each IPsec
peer to use preshared keys.
Choose a symmetric encryption method that
protects data transmitted between two IPsec
peers. For Windows 7 choose either 3des,
aes, for 128-bit AES, or aes-256.
Choose the hash algorithm that ensures data
integrity. For Windows 7, specify sha for the
SHA-1 algorithm.
Choose the Diffie-Hellman group identifier.
You can specify 5 for aes, aes-256, or 3des
encryption types. You can specify 2 only for
3des encryption types.
Specify the SA lifetime in seconds. For
Windows 7, specify 86400 seconds to
represent 24 hours.
Cisco ASA Series CLI Configuration Guide
Step
18. Add
show
1-17
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
