6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 98
Cisco ASA5525x Pre-Shared Key / IKEv1
This configuration is an example of a remote access connection to a Cisco ASA5525 VPN server /
responder.
Console manager configuration
The pre-shared key needs to be configured via the console manager UI.
conn ASA5525
keyexchange=ikev1
ike=aes-sha1-modp1536!
esp=aes-sha1-modp1536!
aggressive=yes
lifetime=86400s
forceencaps=no
authby=secret
left=%any
leftsubnet=192.168.0.0/24
modeconfig=pull
right=192.168.1.130
rightsubnet=192.168.3.0/24
dpddelay=10
dpdtimeout=5
dpdaction=restart
auto=start
type=tunnel
Cisco configuration
Note: Main or aggressive mode is determined by the SLC side of the tunnel, and does
not require any change in the Cisco configuration:
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.1.130 255.255.255.0
interface GigabitEthernet0/3
nameif inside security-level 100
ip address 192.168.3.130 255.255.255.0
object-group network local-network
network-object 192.168.3.0 255.255.255.0
object-group network remote-network
network-object 192.168.0.0 255.255.255.0
access-list asa-router-vpn extended permit ip object-group local-network
object-group remote-network
route outside 192.168.0.0 255.255.255.0 192.168.1.204 1
route inside 192.168.3.250 255.255.255.255 192.168.3.250 1
crypto ipsec ikev1 transform-set ipsecvpn esp-aes esp-sha-hmac
To Next Page
Loading...
