- Better Together: How MFA and Strong Password Practices Can Help Bolster Security
- “美 CISO 평균 연봉 6억,상위 1%는 60억원 넘어···보안 예산은 여전히 부족” IANS 설문조사
- 아웃시스템즈, 매출 5억 유로 돌파 및 신임 CEO 선임 발표
- 정철환 칼럼 | 변화의 바람에 맞설 것인가? 따를 것인가?
- Best home automation systems 2025: I'm a smart home reviewer and these are the top ones
ASA5510 to ASA5505 Easy VPN Server Client Configuration Sample
A recent configuration of mine…thought I would save the template for
future use. Useful if the ASA5505 has a dynamic IP where you can’t build
a typical site-to-site VPN.
ASA5510 Configuration (Easy VPN Server)
! Assumes local subnet = 10.223.0.0/24
! Assumes remote subnet = 10.0.0.0/24
! isakmp policies
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
! NAT exemptions
access-list NONAT extended permit ip 10.223.0.0 255.255.255.0 10.0.0.0 255.255.255.0
nat (inside) 0 access-list SD_NONAT
! Defines the remote subnet
access-list US1998 remark ACL for EZ VPN Remote
access-list US1998 extended permit ip 10.223.0.0 255.255.255.0 10.0.0.0 255.255.255.0
! Group policy defines the configuration applied to the EZ VPN Remote client
group-policy EZVPN_GP internal
group-policy EZVPN_GP attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value US1998
nem enable
webvpn
! Tunnel group is used for initial authentication and to apply group policy
tunnel-group EZVPN_TG type ipsec-ra
tunnel-group EZVPN_TG general-attributes
default-group-policy EZVPN_GP
tunnel-group EZVPN_TG ipsec-attributes
pre-shared-key <group password here>
! EZ VPN remote user account password
username US1998 password <user password here>
crypto dynamic-map DYNAMIC-MAP 5 set transform-set ESP-AES-128-SHA
crypto map OUTSIDE_MAP 65530 ipsec-isakmp dynamic DYNAMIC-MAP
ASA5505 Configuration (Easy VPN Client)
vpnclient server 5.5.5.5 !(public IP of ASA5510)
vpnclient mode network-extension-mode
vpnclient vpngroup EZVPN_TG password <group password>
vpnclient username US1998 password <user password>
vpnclient enable