conf t
# 1. IKE:
crypto ikev2 remote-access trustpoint testsetup-ca
!
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
# 2. Crypto ACLs
# n/a
# 3. Transform Sets:
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
# 4. IPSec Client Setups:
crypto dynamic-map DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-MD5 ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
!
crypto map outside_map 65535 ipsec-isakmp dynamic DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
# 5. Object Groups:
object network SITENET
subnet 198.18.1.0 255.255.255.0
description test network
# 6. VPN Pool:
ip local pool vpnclient2lan 198.18.1.41-198.18.1.43 mask 255.255.255.0
# 7. VPN Access ACL:
# n/a
# 8: VPN Route ACL:
access-list VPNable_routes standard permit 198.18.1.0 255.255.255.0
# 9 Auth Servers:
aaa-server ConfirmID-test protocol radius
aaa-server ConfirmID-test (office) host 10.113.204.22
timeout 60
key easypeasy
authentication-port 1812
accounting-port 1813
# 10. Group Policy:
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNable_routes
# 11. Tunnel Group:
tunnel-group labfw-aaa-test type remote-access
tunnel-group labfw-aaa-test general-attributes
authentication-server-group ConfirmID-test
default-group-policy GroupPolicy1
address-pool vpnclient2lan
tunnel-group labfw-aaa-test webvpn-attributes
group-alias ConfirmID-labfw enable
group-url https://50.195.1.189 enable
# 12. User Accounts:
# n/a
# 13. Double NAT for VPN Pool:
# 14. anyconnect clients
webvpn
anyconnect image flash:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image flash:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
anyconnect image flash:/anyconnect-linux-2.5.2014-k9.pkg 3
enable outside
anyconnect enable
tunnel-group-list enable
# 15. Allow asdm access to firewall:
http server enable
http 10.0.0.0 255.0.0.0 office
asdm image flash:/asdm-711-52.bin
aaa authentication http console LOCAL
end