Cisco Asa ISAKMP Phase1

• Cisco Asa ISAKMP Phase1

Configuring an Address Pool

• ciscoasa(config)# ip local pool vpn-roadwarrior-pool 172.28.28.10-172.28.28.30 mask 255.255.255.0

User anlegen

• ciscoasa(config)# username thomas password oimel
• ciscoasa(config)# username david password suxer
• ciscoasa(config)# username janning password schmeich

Transformset

• ciscoasa(config)# crypto ipsec ikev1 transform-set AES256-MD5 esp-aes-256 esp-md5-hmac

Typ der Tunnelgruppe festlegen

• ciscoasa(config)# tunnel-group vpn-roadwarrior type remote-access

Attribute der Tunnelgruppe festlegen

• ciscoasa(config)# tunnel-group vpn-roadwarrior general-attributes

Addresspool zuweisen

• ciscoasa(config-tunnel-general)# address-pool vpn-roadwarrior-pool

PSK festlegen

• ciscoasa(config)# tunnel-group vpn-roadwarrior ipsec-attributes
• ciscoasa(config-tunnel-ipsec)# ikev1 pre-shared-key sau-geheim

Zusammenfassen dyn-vpn-roadwarrior Transformset AES256-MD5 und Policy Cisco Asa ISAKMP Phase1

• ciscoasa(config)# crypto dynamic-map dyn-vpn-roadwarrior 10 set ikev1 transform-set AES256-MD5

Enables Reverse Route Injection

• ciscoasa(config)# crypto dynamic-map dyn-vpn-roadwarrior 10 set reverse-route

Creates a crypto map entry that uses a dynamic crypto

• ciscoasa(config)# crypto map my-vpn-roadwarrior-map 10 ipsec-isakmp dynamic dyn-vpn-roadwarrior

=Anwende der crypto map auf das outside interface

• ciscoasa(config)# crypto map my-vpn-roadwarrior-map interface if-outside

Speichern

• ciscoasa(config)# copy running-config startup-config

Quellen

• http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_remote_access.html
• http://www.databasemart.com/HowTo/Cisco_VPN_Remote_Access_Setup_ASA5500.aspx