Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco ASA VPN Remote Access IPAD Configuration

Status
Not open for further replies.
Jul 30, 2009
36
US
Hi guys, I was wondering if any of you could provide a basic ASA to IPAD CLI configuration. I tried some of the configurations online but can't seem to connect the IPAD to the VPN. Thanks in advance.
 
The configuration on the ASA would be the same as a standard VPN client.
 
I still can't connect, is there something I'm doing wrong in my configuration?

ASA Version 7.2(2)
!
hostname ASA
domain-name asa.local
enable password AJOQIzHG8x0a6R6W encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name tran.local
object-group icmp-type DefaultICMP
description Default ICMP Types permitted
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
access-list acl_outside extended permit icmp any any object-group DefaultICMP
access-list acl_outside extended permit tcp any interface outside eq ssh
access-list nonat remark ACL for Nat Bypass
access-list nonat extended permit ip host 10.0.0.0 192.168.0.0 255.255.255.0
access-list vpn_SplitTunnel remark ACL for VPN Split Tunnel
access-list vpn_SplitTunnel standard permit host 10.0.0.0
pager lines 24
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.0.10-192.168.0.15
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.0.0.0 255.255.255.0
static (inside,outside) tcp interface ssh 10.0.0.1 ssh netmask 255.255.255.255
access-group acl_outside in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username stran password gPeIm7PRZx2FJwuM encrypted
aaa authentication ssh console LOCAL
http server enable
http 10.0.0.5 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
tunnel-group vpngroup type ipsec-ra
tunnel-group vpngroup general-attributes
address-pool vpnpool
tunnel-group vpngroup ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh 10.0.0.0 255.255.255.0 inside
ssh 10.0.0.1 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd dns xxx.xx.xx.xx xxx.xx.xx.xx
!
dhcpd address 10.0.0.100-10.0.0.125 inside
dhcpd enable inside
!

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:f8eca12c16dc2c8e3088bfe6ae52de0c
: end
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top