Cisco ASA 5505 User Manual
Page 1403
65-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 65 Configuring L2TP over IPsec
Configuring L2TP over IPsec
Detailed CLI Configuration Steps
Command
Purpose
Step 1
crypto ipsec ike_version transform-set transform_name
ESP_Encryption_Type ESP_Authentication_Type
Example:
crypto ipsec ikev1 transform-set my-transform-set-ikev1
esp-des esp-sha-hmac
Creates a transform set with a specific ESP
encryption type and authentication type.
Step 2
crypto ipsec ike_version transform-set trans_name mode
transport
Example:
crypto ipsec ikev1 transform-set my-transform-set-ikev1
mode transport
Instructs IPsec to use transport mode rather
than tunnel mode.
Step 3
vpn-tunnel-protocol
tunneling_protocol
Example:
hostname(config)# group-policy DfltGrpPolicy attributes
hostname(config-group-policy)# vpn-tunnel-protocol
l2tp-ipsec
Specifies L2TP/IPsec as the vpn tunneling
protocol.
Step 4
dns value
[none | IP_primary [IP_secondary]
Example:
hostname(config)# group-policy DfltGrpPolicy attributes
hostname(config-group-policy)# dns value 209.165.201.1
209.165.201.2
(Optional) Instructs the adaptive security
appliance to send DNS server IP addresses
to the client for the group policy.
Step 5
wins-server
value [none | IP_primary [IP_secondary]]
Example:
hostname(config)# group-policy DfltGrpPolicy attributes
hostname (config-group-policy)# wins-server value
209.165.201.3 209.165.201.4
(Optional) Instructs the adaptive security
appliance to send WINS server IP addresses
to the client for the group policy.
Step 6
ip local pool
pool_name starting_address-ending_address
mask
subnet_mask
Example:
hostname(config)# ip local pool sales_addresses
10.4.5.10-10.4.5.20 mask 255.255.255.0
(Optional) Creates an IP address pool.
Step 7
address-pool
pool_name
Example:
hostname(config)# tunnel-group DefaultRAGroup
general-attributes
hostname(config-tunnel-general)# address-pool
sales_addresses
(Optional) Associates the pool of IP
addresses with the connection profile
(tunnel group).