May 2009 Archives

Base Config: ASA WebVPN

May 21, 2009 10:49 AM | 15 Comments

This is becoming a common configuration for me. Here's a base template I use:

ip local pool WebVPNPool 192.168.251.10-192.168.251.100 mask 255.255.255.0

webvpn
enable outside
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.3.0254-k9.pkg 2
svc enable
tunnel-group-list enable

group-policy WebVPNPolicy internal
group-policy WebVPNPolicy attributes
dns-server value X.X.X.X
vpn-tunnel-protocol svc
group-lock value WebVPNAccessProfile
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_List
default-domain value business.local
address-pools value WebVPNPool
webvpn
svc ask none default svc
hidden-shares none
file-entry disable
file-browsing disable
url-entry disable

tunnel-group WebVPNAccessProfile type remote-access
tunnel-group WebVPNAccessProfile general-attributes
default-group-policy WebVPNPolicy
tunnel-group WebVPNAccessProfile webvpn-attributes
group-alias WebVPN enable

Cisco ASA...In VMWare?!?

May 20, 2009 6:29 AM | 4 Comments

Now this is cool. Someone from the Phoenix Cisco Users Group gave me a link to a group who has virtualized the ASA platform. You can download a VMWare image (or self booting CD) that runs the full Cisco ASA software (fully functional).

Click here to check it out!

CCIE R&S Becomes More "Real World"?

May 19, 2009 8:06 AM | 13 Comments

Interesting statement...but one that's direct from Cisco. In October, CCIE R&S undergoes a "real world" revision to make the skills more applicable to day-to-day jobs. Interesting quote from Maurilio Gorito (he was my proctor "back in the day"):

Q: Will it be harder to pass when the new exams go live?

A - MG: Since the focus of CCIE R&S certification has shifted to job readiness, candidates with less job experience may find the exams more difficult . On the other hand, some candidates may find the written exam easier since it is less focused on equipment specs and more on the real-world job tasks of networking experts.

The full scoop can be found here.

Base Config: ASA Site-to-Site VPN

May 4, 2009 5:05 AM | 39 Comments

It doesn't matter how many times I've done this, I always forget one piece. Here's a template for the future:

Assume local subnet 192.168.15.0/24, remote subnet 192.168.16.0/24. Remote public IP 11.11.11.11.

crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 1
 lifetime 28800

access-list REMOTE_SITE ex permit ip 192.168.15.0 255.255.255.0 192.168.16.0 255.255.255.0

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto map OUTSIDE_MAP 20 match address REMOTE_SITE
crypto map OUTSIDE_MAP 20 set pfs group1
crypto map OUTSIDE_MAP 20 set peer 11.11.11.11
crypto map OUTSIDE_MAP 20 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 20 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP interface outside

nat (inside) 0 access-list REMOTE_SITE

tunnel-group 11.11.11.11 type ipsec-l2l
tunnel-group 11.11.11.11 ipsec-attributes
 pre-shared-key ***

« April 2009 | Main Index | Archives | June 2009 »

Search

About this Archive

This page is an archive of entries from May 2009 listed from newest to oldest.

April 2009 is the previous archive.

June 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.