Saving the security appliance configuration – Cisco ASA 5505 User Manual

69-14

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 69 Configuring Remote Access IPsec VPNs

Configuration Examples for Remote Access IPsec VPNs

Detailed Steps

Saving the Security Appliance Configuration

After performing the preceding configuration tasks, be sure to save your configuration changes as shown
in this example:

Configuration Examples for Remote Access IPsec VPNs

The following example shows how to configure a remote access IPsec/IKEv1 VPN:

hostname(config)# interface ethernet0

hostname(config-if)# ip address 10.10.4.200 255.255.0.0

hostname(config-if)# nameif outside

hostname(config-if)# no shutdown

hostname(config)# crypto ikev1 policy 1

hostname(config-ikev1-policy)# authentication pre-share

hostname(config-ikev1-policy)# encryption 3des

hostname(config-ikev1-policy)# hash sha

hostname(config-ikev1-policy)# group 2

hostname(config-ikev1-policy)# lifetime 43200

hostname(config)# crypto ikev1 enable outside

hostname(config)# ip local pool testpool 192.168.0.10-192.168.0.15

hostname(config)# username testuser password 12345678

Command

Purpose

Step 1

crypto map

map-name seq-num ipsec-isakmp

dynamic

dynamic-map-name

Example:

hostname(config)# crypto map mymap 1

ipsec-isakmp dynamic dyn1

hostname(config)#

Creates a crypto map entry that uses a dynamic crypto map.

Step 2

crypto map

map-name interface

interface-name

Example:

hostname(config)# crypto map mymap

interface outside

hostname(config)#

Applies the crypto map to the outside interface.

Command

Purpose

write memory

Example:

hostname(config-if)# write memory

Building configuration...

Cryptochecksum: 0f80bf71 1623a231 63f27ccf 8700ca6d

11679 bytes copied in 3.390 secs (3893 bytes/sec)

[OK]

hostname(config-if)#

Saves the changes to the configuration.