Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Cisco asa l2tp over ipsec configuration details

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Cisco ASA L2TP over IPSEC configuration details

1 create a × × address pool

Ciscoasa (config) # ip local pool * * pool 192.168.151.11-192.168.151.15 mask 255.255.255.0

2 configure Ipsec encryption algorithm to 3DES and SHA

Ciscoasa (config) # crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac

3 configure IPSec transport mode to transport, default to tunnel mode (L2TP only supports transport)

Ciscoasa (config) # crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

4 use transport groups to define dynamic encryption policies

Ciscoasa (config) # crypto dynamic-map outside_dyn_map 10 set transform-set TRANS_ESP_3DES_SHA

5 define crypto map and apply it to public network interface (outside)

# crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map

# crypto map outside_map interface outside

6 enable isakmp policy support on the public network interface

Ciscoasa (config) crypto isakmp enable outside

7 define isakmp policy

Ciscoasa (config) # crypto isakmp policy 10

Ciscoasa (config-isakmp-policy) # authentication pre-share

Ciscoasa (config-isakmp-policy) # encryption 3des

Ciscoasa (config-isakmp-policy) # hash sha

Ciscoasa (config-isakmp-policy) # group 2

Ciscoasa (config-isakmp-policy) # lifetime 86400

Ciscoasa (config-isakmp-policy) # exit

8 set nat traversal

Ciscoasa (config) # crypto isakmp nat-traversal 10

9 configure default internal group policy

Ciscoasa (config) # group-policy DefaultRAGroup internal

10 configure default internal group policy properties

Ciscoasa (config) # group-policy DefaultRAGroup attributes

Ciscoasa (config-group-policy) # *-tunnel-protocol IPSec l2tp-ipsec

Ciscoasa (config-group-policy) # default-domain value cisco.com

Ciscoasa (config-group-policy) # dns-server value 202.96.209.133

Note: if you configure L2TP over IPsec as a * tunnel protocol, you must add IPSec. Only L2tp color sectional tunnel cannot be dialed.

11 create a local user, configure a password for the user, and indicate the encryption algorithm

Ciscoasa (config) # username frank password frank mschap

12 to create a default tunnel group, be sure to use defaultRAGroup,L2TP that does not support other groups, and define the authentication method as local.

Ciscoasa (config) # tunnel-group DefaultRAGroup general-attributes

Ciscoasa (config-tunnel-general) # authentication-server-group LOCAL

Ciscoasa (config-tunnel-general) # default-group-policy DefaultRAGroup

Ciscoasa (config-tunnel-general) # address-pool * * pool

Ciscoasa (config-tunnel-general) # exit

13 make the group policy that the user belongs to

Ciscoasa (config-tunnel-general) # username frank attributes

Ciscoasa (config-username) # *-group-policy DefaultRAGroup

Ciscoasa (config-username) # *-tunnel-protocol IPSec l2tp-ipsec

Ciscoasa (config-username) # exit

14 configure the ipsec attribute of the default tunnel group, and configure the default tunnel group authentication method as ms-chap-v2

Ciscoasa (config) # tunnel-group DefaultRAGroup ppp-attributes

Ciscoasa (config-ppp) # authentication ms-chap-v2

Ciscoasa (config-ppp) # exit

15 client Settings

Win 7 needs to modify the registry

[HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ PolicyAgent]

"AssumeUDPEncapsulationContextOnSendRule" = dword:00000002

16 create a connection to the work area × × connection on the client, and set the properties of *

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration policy tunneling encryption attributes user support customer client interface mode mode algorithm transmission authentication dynamic zone only address password vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Shulou Tech Info Apple Huawei Shulou Information Shulou Technology OPPO Reno MySQL MariaDB vpn Redmi NVidia Microsoft macOS Docker Xiaomi Linux Shulou Tech Info Apple Huawei Shulou Information Shulou Technology OPPO Reno MySQL MariaDB vpn Redmi NVidia Microsoft macOS Docker Xiaomi Linux

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report