Contact our honeypot department if you are desperate to get blacklisted.

Monday, June 27, 2011

Cisco ASA Remote Access VPN for IPSEC client

Here's a basic template for Remote Access VPN using the Cisco IPSEC VPN client. It includes a pool for address assignment, and an ACL to provide remote clients access to a few RDP servers. This also features PPPoE dialer for the WAN interface. 

interface Vlan1
 description LAN
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
 description OUTSIDE
 nameif outside
 security-level 0
 ip address pppoe setroute
!
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
!
object-group network remoteVPNGroup
 network-object 172.16.0.0 255.255.255.0
object-group network insideNetworks
 network-object 10.0.0.0 255.255.255.0
object-group network RDP-Servers
 network-object host 10.0.0.6
 network-object host 10.0.0.14
 !
access-list inside_nat0_outbound extended permit ip object-group RDP-Servers object-group remoteVPNGroup
!
ip local pool RAGenPool 172.16.0.2-172.16.0.30 mask 255.255.255.0
!
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.0.0.0 255.255.255.0
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
!
crypto isakmp policy n
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 43200
!
group-policy RAGeneral internal
group-policy RAGeneral attributes
 vpn-tunnel-protocol IPSec
 group-lock value RAGeneral
 split-tunnel-policy tunnelall
 address-pools value RAGenPool
 !
username testuser password ************** encrypted
username testuser attributes
 vpn-group-policy RAGeneral
 group-lock value RAGeneral
username superadmin password ********** encrypted privilege 15
!
tunnel-group RAGeneral type ipsec-ra
tunnel-group RAGeneral general-attributes
 address-pool RAGenPool
 default-group-policy RAGeneral
tunnel-group RAGeneral ipsec-attributes
 pre-shared-key * 
!
vpdn group PPPOE-WAN request dialout pppoe
vpdn group PPPOE-WAN localname my_ppp_username
vpdn group PPPOE-WAN ppp authentication pap
vpdn username my_ppp_username password *********
Posted by Unknown at 8:52 PM
Labels: , , ,