Cisco ASA 5505 User Manual

Page 1407

Advertising

65-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 65 Configuring L2TP over IPsec

Configuring L2TP over IPsec

Configuration Example for L2TP over IPsec Using ASA 8.2.5

The following example shows configuration file commands that ensure ASA compatibility with a native
VPN client on any operating system:

ip local pool sales_addresses 209.165.202.129-209.165.202.158

group-policy sales_policy internal

group-policy sales_policy attributes

wins-server value 209.165.201.3 209.165.201.4

dns-server value 209.165.201.1 209.165.201.2

vpn-tunnel-protocol l2tp-ipsec

tunnel-group DefaultRAGroup general-attributes

default-group-policy sales_policy

address-pool sales_addresses

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup ppp-attributes

no authentication pap

authentication chap

authentication ms-chap-v1

authentication ms-chap-v2

crypto ipsec transform-set trans esp-3des esp-sha-hmac

crypto ipsec transform-set trans mode transport

crypto dynamic-map dyno 10 set transform-set set trans

crypto map vpn 20 ipsec-isakmp dynamic dyno

crypto map vpn interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

Configuration Example for L2TP over IPsec Using ASA 8.4.1 and later