1-10
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring L2TP over IPsec
Configuring L2TP over IPsec
Detailed CLI Configuration Steps
Command Purpose
Step 1
crypto ipsec transform-set transform_name
ESP_Encryption_Type ESP_Authentication_Type
Example:
hostname(config)# crypto ipsec transform-set
my-transform-set esp-des esp-sha-hmac
Creates a transform set with a specific ESP
encryption type and authentication type.
Step 2
crypto ipsec transform-set trans_name mode transport
Example:
hostname(config)# crypto ipsec transform-set
my-transform-set mode transport
Instructs IPsec to use transport mode rather
than tunnel mode.
Step 3
vpn-tunnel-protocol tunneling_protocol
Example:
hostname(config)# group-policy DfltGrpPolicy attributes
hostname(config-group-policy)# vpn-tunnel-protocol
l2tp-ipsec
Specifies L2TP/IPsec as the vpn tunneling
protocol.
Step 4
dns value [none | IP_primary [IP_secondary]
Example:
hostname(config)# group-policy DfltGrpPolicy attributes
hostname(config-group-policy)# dns value 209.165.201.1
209.165.201.2
(Optional) Instructs the adaptive security
appliance to send DNS server IP addresses
to the client for the group policy.
Step 5
wins-server value [none | IP_primary [IP_secondary]]
Example:
hostname(config)# group-policy DfltGrpPolicy attributes
hostname (config-group-policy)# wins-server value
209.165.201.3 209.165.201.4
(Optional) Instructs the adaptive security
appliance to send WINS server IP addresses
to the client for the group policy.
Step 6
tunnel-group name type remote-access
Example:
hostname(config)# tunnel-group sales-tunnel type
remote-access
Creates a connection profile (tunnel group).
Step 7
default-group-policy name
Example:
hostname(config)# tunnel-group DefaultRAGroup
general-attributes
hostname(config-tunnel-general)# default-group-policy
DfltGrpPolicy
Links the name of a group policy to the
connection profile (tunnel group).
To Next Page
Loading...
