Configuration Examples for Remote Access IPsec VPNs
Detailed Steps
Command
Step 1
crypto map map-name seq-num ipsec-isakmp
dynamic dynamic-map-name
Example:
hostname(config)# crypto map mymap 1
ipsec-isakmp dynamic dyn1
hostname(config)#
Step 2
crypto map map-name interface
interface-name
Example:
hostname(config)# crypto map mymap
interface outside
hostname(config)#
Saving the Security Appliance Configuration
After performing the preceding configuration tasks, be sure to save your configuration changes as shown
in this example:
Command
write memory
Example:
hostname(config-if)# write memory
Building configuration...
Cryptochecksum: 0f80bf71 1623a231 63f27ccf 8700ca6d
11679 bytes copied in 3.390 secs (3893 bytes/sec)
[OK]
hostname(config-if)#
Configuration Examples for Remote Access IPsec VPNs
The following example shows how to configure a remote access IPsec/IKEv1 VPN:
hostname(config)# interface ethernet0
hostname(config-if)# ip address 10.10.4.200 255.255.0.0
hostname(config-if)# nameif outside
hostname(config-if)# no shutdown
hostname(config)# crypto ikev1 policy 1
hostname(config-ikev1-policy)# authentication pre-share
hostname(config-ikev1-policy)# encryption 3des
hostname(config-ikev1-policy)# hash sha
hostname(config-ikev1-policy)# group 2
hostname(config-ikev1-policy)# lifetime 43200
hostname(config)# crypto ikev1 outside
hostname(config)# ip local pool testpool 192.168.0.10-192.168.0.15
hostname(config)# username testuser password 12345678
Cisco ASA Series CLI Configuration Guide
1-14
Chapter 1
Purpose
Creates a crypto map entry that uses a dynamic crypto map.
Applies the crypto map to the outside interface.
Purpose
Saves the changes to the configuration.
Configuring Remote Access IPsec VPNs