34-6
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 34 Configuring Easy VPN Services on the ASA 5505
Specifying the Tunnel Group or Trustpoint
–
network-extension-mode to make those addresses accessible from the enterprise network.
Figure 34-1 shows the types of tunnels that the Easy VPN client initiates, based on the combination of
the commands you enter.
Figure 34-1 Easy VPN Hardware Client Tunneling Options for the Cisco ASA 5505
The term “All-Or-Nothing” refers to the presence or absence of an access list for split tunneling. The
access list (“ST-list”) distinguishes networks that require tunneling from those that do not.
Specifying the Tunnel Group or Trustpoint
When configuring the Cisco ASA 5505 as an Easy VPN hardware client, you can specify a tunnel group
or trustpoint configured on the Easy VPN server, depending on the Easy VPN server configuration. See
the section that names the option you want to use:
• Specifying the Tunnel Group
• Specifying the Trustpoint
Specifying the Tunnel Group
Enter the following command in global configuration mode to specify the name of the VPN tunnel group
and password for the Easy VPN client connection to the server:
vpnclient vpngroup group_name password preshared_key
group_name is the name of the VPN tunnel group configured on the Easy VPN server. You must
configure this tunnel group on the server before establishing a connection.
preshared_key is the IKE pre-shared key used for authentication on the Easy VPN server.
Work zone
u
c
client
u
c
server
Corporate
Phase 2 Tunnels Source proxy
Destination proxy
1) Public to Public
2) Management
a) clear
b) default
c) tunnel
3) Inside to Inside
a) NEM Mode
b) Client mode
Public IP
N/A
Public IP
Public IP
NEM Network
Assign IP
Public IP
N/A
Any or ST-List (*3)
Any or ST-List (*3)
Any or ST-List (*3)
Specified on Client
* Only for ASA or VPN3000 Headends
Configuration factors:
1. Certs or Preshare Keys (Phase 1- main mode or aggressive mode)
2. Mode: Client or NEM
3. All-or-nothing or Split-tunneling
4. Management Tunnels
5. IUA to VPN3000 or ASA headend
153780
To Next Page
Loading...
