69-10
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter69 Configuring Remote Access IPsec VPNs
Configuring Remote Access IPsec VPNs
Adding a User
This section shows how to configure usernames and passwords. Use the command syntax in the
following examples as a guide.
Creating an IKEv1 Transform Set or IKEv2 Proposal
This section shows how to configure a transform set (IKEv1) or proposal (IKEv2), which combines an
encryption method and an authentication method.
Use the command syntax in the following examples as a guide.
Command Purpose
ip local pool poolname
first-addresslast-address [mask mask]
Example:
hostname(config)# ip local pool testpool
192.168.0.10-192.168.0.15
hostname(config)#
Creates an address pool with a range of IP addresses, from which the ASA
assigns addresses to the clients.
The address mask is optional. However, You must supply the mask value
when the IP addresses assigned to VPN clients belong to a non-standard
network and the data could be routed incorrectly if you use the default
mask. A typical example is when the IP local pool contains
10.10.10.0/255.255.255.0 addresses, since this is a Class A network by
default. This could cause routing issues when the VPN client needs to
access different subnets within the 10 network over different interfaces.
Command Purpose
username name {nopassword | password password
[mschap | encrypted | nt-encrypted]}
[privilege priv_level]
Example:
hostname(config)# username testuser password 12345678
hostname(config)#
Creates a user, password, and privilege level.