Dynamic VPN (aka, remote VPN) template access-list vpn_dyn perm ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list vpn_dyn perm ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0 ip local pool remote_users 192.168.1.1-192.168.1.254 group-policy remote internal group-policy remote attributes vpn-idle-timeout none vpn-session-timeout none split-tunnel-policy tunnelspecified split-tunnel-network-list value vpn_dyn crypto ipsec transform-set AES-SHA-HMAC esp-aes-256 esp-sha-hmac crypto dynamic-map dynmap 10 set transform-set AES-SHA-HMAC crypto map public_map 10000 ipsec-isakmp dynamic dynmap crypto map public_map interface outside crypto isakmp identity address crypto isakmp enable outside isakmp identity address isakmp policy 5 authentication pre-share isakmp policy 5 encryption aes-256 isakmp policy 5 hash sha isakmp policy 5 group 2 isakmp policy 5 lifetime 28800 tunnel-group remote type ipsec-ra tunnel-group remote general-attributes address-pool remote_users default-group-policy remote tunnel-group remote ipsec-attributes pre-shared-key mypresharedkey Don't forget to setup nonat for 192.168.1.0 255.255.255.0 LAN-to-LAN (peer to peer) VPN Sample Config:
Reset VPN tunnel
|
CiscoASA >