subzerocool
MIS
Hi guys, I was wondering if any of you could provide a basic ASA to IPAD CLI configuration. I tried some of the configurations online but can't seem to connect the IPAD to the VPN. Thanks in advance.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cisco ASA VPN Remote Access IPAD Configuration
- Thread starter subzerocool
- Start date
- Status
- Thread starter
- #3
subzerocool
MIS
I still can't connect, is there something I'm doing wrong in my configuration?
ASA Version 7.2(2)
!
hostname ASA
domain-name asa.local
enable password AJOQIzHG8x0a6R6W encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name tran.local
object-group icmp-type DefaultICMP
description Default ICMP Types permitted
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
access-list acl_outside extended permit icmp any any object-group DefaultICMP
access-list acl_outside extended permit tcp any interface outside eq ssh
access-list nonat remark ACL for Nat Bypass
access-list nonat extended permit ip host 10.0.0.0 192.168.0.0 255.255.255.0
access-list vpn_SplitTunnel remark ACL for VPN Split Tunnel
access-list vpn_SplitTunnel standard permit host 10.0.0.0
pager lines 24
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.0.10-192.168.0.15
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.0.0.0 255.255.255.0
static (inside,outside) tcp interface ssh 10.0.0.1 ssh netmask 255.255.255.255
access-group acl_outside in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username stran password gPeIm7PRZx2FJwuM encrypted
aaa authentication ssh console LOCAL
http server enable
http 10.0.0.5 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
tunnel-group vpngroup type ipsec-ra
tunnel-group vpngroup general-attributes
address-pool vpnpool
tunnel-group vpngroup ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh 10.0.0.0 255.255.255.0 inside
ssh 10.0.0.1 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd dns xxx.xx.xx.xx xxx.xx.xx.xx
!
dhcpd address 10.0.0.100-10.0.0.125 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:f8eca12c16dc2c8e3088bfe6ae52de0c
: end
ASA Version 7.2(2)
!
hostname ASA
domain-name asa.local
enable password AJOQIzHG8x0a6R6W encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name tran.local
object-group icmp-type DefaultICMP
description Default ICMP Types permitted
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
access-list acl_outside extended permit icmp any any object-group DefaultICMP
access-list acl_outside extended permit tcp any interface outside eq ssh
access-list nonat remark ACL for Nat Bypass
access-list nonat extended permit ip host 10.0.0.0 192.168.0.0 255.255.255.0
access-list vpn_SplitTunnel remark ACL for VPN Split Tunnel
access-list vpn_SplitTunnel standard permit host 10.0.0.0
pager lines 24
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.0.10-192.168.0.15
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.0.0.0 255.255.255.0
static (inside,outside) tcp interface ssh 10.0.0.1 ssh netmask 255.255.255.255
access-group acl_outside in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username stran password gPeIm7PRZx2FJwuM encrypted
aaa authentication ssh console LOCAL
http server enable
http 10.0.0.5 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
tunnel-group vpngroup type ipsec-ra
tunnel-group vpngroup general-attributes
address-pool vpnpool
tunnel-group vpngroup ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh 10.0.0.0 255.255.255.0 inside
ssh 10.0.0.1 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd dns xxx.xx.xx.xx xxx.xx.xx.xx
!
dhcpd address 10.0.0.100-10.0.0.125 inside
dhcpd enable inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:f8eca12c16dc2c8e3088bfe6ae52de0c
: end
- Status
Similar threads
- Locked
- Question