--------------------------------------------------------------------------
global (outside) 1 interface
access-list splittunnelacl standard permit 192.168.160.0 255.255.255.0
access-list nonat-vpnacl extended permit ip 192.168.160.0 255.255.255.0 192.168.165.0 255.255.255.0
ip local pool vpnpool 192.168.165.10-192.168.165.200 mask 255.255.255.0
nat (inside) 0 access-list nonat-vpnacl
nat (inside) 1 0.0.0.0 0.0.0.0
group-policy "vpn-group-policy" internal
group-policy "vpn-group-policy" attributes
dns-server value 192.168.160.x - specify the dns server ipaddress
default-domain value "somenetwork.somewhere.com"
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittunnelacl
crypto ipsec transform-set my-set esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set my-set
crypto dynamic-map dynmap 10 set reverse-route
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 1000
tunnel-group "vpn-tunnel-group" type ipsec-ra
tunnel-group "vpn-tunnel-group" general-attributes
address-pool vpnpool
default-group-policy "vpn-group-policy"
tunnel-group "vpn-tunnel-group" ipsec-attributes
pre-shared-key "yourtunnelgrouppassword-enterhere"
Those terms within " " - change it according to your requirement along with ipaddress ranges.
No comments:
Post a Comment