Thursday, March 16, 2017

configure remote access vpn server on cisco

*** information ***
asa ip: 192.168.58.100
vpn pool: 192.168.0.10- 192.168.0.100
user: test1
password: 12345678


*** asa configuration ***

interface Ethernet0/0
 nameif internet
 security-level 0
 ip address 192.168.58.100 255.255.255.0
!
interface Ethernet0/1
 nameif home
 security-level 0
 ip address 192.168.10.1 255.255.255.0 




same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

pager lines 24
mtu internet 1500
mtu home 1500
ip local pool testpool 192.168.0.10-192.168.0.100

crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface internet
crypto isakmp enable internet
crypto isakmp policy 1

 authentication pre-share
 encryption 3des
 hash sha
 group 2     
 lifetime 43200
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list

username test1 password 12345678 encrypted
tunnel-group testgroup type remote-access
tunnel-group testgroup general-attributes
 address-pool testpool
tunnel-group testgroup ipsec-attributes
 pre-shared-key password12345678
prompt hostname context




*** client***

linux
1- install vpnc as the vpn client

$ sudo apt-get install vpnc

2- to connect use command below
$ vpnc-connect --gateway 192.168.58.100 -id testgroup --username test1
on password prompt
- group password: password12345678
- user password: 12345678

*** show/test ***
- show active tunnel number
ciscoasa# show ipsec stats

IPsec Global Statistics
-----------------------
Active tunnels: 1
Previous tunnels: 1
Inbound
    Bytes: 10646
    Decompressed bytes: 10646
    Packets: 167
    Dropped packets: 0
    Replay failures: 0
    Authentications: 167
    Authentication failures: 0
    Decryptions: 167
    Decryption failures: 0
    Decapsulated fragments needing reassembly: 11
Outbound
    Bytes: 10695
    Uncompressed bytes: 10695
    Packets: 140
    Dropped packets: 0
    Authentications: 140
    Authentication failures: 0
    Encryptions: 140
    Encryption failures: 0
    Fragmentation successes: 0
        Pre-fragmentation successses: 0
        Post-fragmentation successes: 0
    Fragmentation failures: 0
        Pre-fragmentation failures: 0
        Post-fragmentation failures: 0
    Fragments created: 0
    PMTUs sent: 0
    PMTUs rcvd: 0
Protocol failures: 0
Missing SA failures: 0
System capacity failures: 0



- show route
ciscoasa#  show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.58.0 255.255.255.0 is directly connected, internet
C    192.168.10.0 255.255.255.0 is directly connected, home
S    192.168.0.10 255.255.255.255 [1/0] via 192.168.58.23, internet

No comments:

Post a Comment