Chapter 17 Configuring Virtual Private Networks
Sample ASA configuration summary
timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy http server enable
http 192.168.1.0 255.255.255.0 inside http redirect outside 80
no snmp-server location no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
!--- ASA certs
!--- trustpoints and certificates crypto ca trustpoint ASA_VPN_Cert
enrollment self
keypair ASA_VPN_Cert_key crl configure
crypto ca trustpoint CiscoMfgCert enrollment terminal
crl configure
crypto ca trustpoint UCM_CAPF_Cert enrollment terminal
no client-types crl configure
crypto ca certificate chain ASA_VPN_Cert certificate 02d5054b
quit
crypto ca certificate chain CiscoMfgCert certificate ca 6a6967b3000000000003
quit
crypto ca certificate chain UCM_CAPF_Cert certificate ca 6a6967b3000000000003
quit
telnet timeout 5 ssh scopy enable ssh timeout 5 console timeout 0
!--- configure client to send packets with broadcast flag set dhcp-client broadcast-flag
!--- specifies use of mac-addr for client identifier to outside interface dhcp-client client-id interface outside
!
tls-proxy maximum-session 200
!
threat-detection basic-threat threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!--- configure ssl
ssl encryption aes128-sha1 ssl trust-point ASA_VPN_Cert
ssl certificate-authentication interface outside port 443
!--- VPN config
!--- Configure webvpn webvpn
| | enable outside |
| | default-idle-timeout 3600 |
| | svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1 |
| | svc enable |
| | Cisco Unified Communications Manager Security Guide | | |
| | |
| | | | | |
| OL-24124-01 | | | 17-13 | |
| | | |
