vpn name - "nameofvpn"
access-list nonatacl permit ip 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0
ip local pool "nameofvpnpool" 192.168.200.1-192.168.200.30
nat (inside) 0 access-list nonatacl
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 20 set transform-set myset
crypto map mymap 20 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication LOCAL
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup "nameofvpn" address-pool "nameofvpnpool "
vpngroup "nameofvpn" dns-server 192.16b.100.x - ip address of internal/external dns server
vpngroup "nameofvpn" default-domain test1.test.com
vpngroup "nameofvpn" split-tunnel nonatacl
vpngroup "nameofvpn" idle-time 1800
vpngroup "nameofvpn" password "vpngrouppassword"
Those terms within " " - change it according to your requirement along with ipaddress ranges
No comments:
Post a Comment