ASA 7.0-8.2 - IPSec Client VPN
Example
Click here for sample data Script
same-security-traffic permit inter-interface same-security-traffic permit intra-interface access-list [[VPN Group Name]]_Split_Tunnel standard permit [[LAN Subnet]] ip local pool [[VPN Group Name]]_POOL [[VPN Client Start IP]]-[[VPN Client End IP]] mask [[VPN Client Subnet Mask]] crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto dynamic-map RA_VPN 65535 set transform-set ESP-AES-128-SHA crypto dynamic-map RA_VPN 65535 set security-association lifetime seconds 28800 crypto dynamic-map RA_VPN 65535 set security-association lifetime kilobytes 4608000 crypto map [[Crypto Map Name]] 65535 ipsec-isakmp dynamic RA_VPN crypto map [[Crypto Map Name]] interface [[VPN Interface]] isakmp enable [[VPN Interface]] crypto isakmp policy 10 authentication pre-share encryption aes hash sha group 2 lifetime 86400 group-policy [[VPN Group Name]]_GP internal group-policy [[VPN Group Name]]_GP attributes wins-server value [[WINS Servers]] dns-server value [[DNS Servers]] vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value [[VPN Group Name]]_Split_Tunnel default-domain value [[Domain Name]] address-pools value [[VPN Group Name]]_POOL tunnel-group [[VPN Group Name]] type remote-access tunnel-group [[VPN Group Name]] general-attributes address-pool [[VPN Group Name]]_POOL default-group-policy [[VPN Group Name]]_GP tunnel-group [[VPN Group Name]] ipsec-attributes pre-shared-key [[Group Pre-Shared Key]] !-- Nat exemption access-list [[VPN Group Name]]_nat0 permit ip [[LAN Subnet]] [[VPN Subnet]] nat ([[Inside Interface]]) 0 access-list [[VPN Group Name]]_nat0 References
https://tekcert.com/blog/2010/04/15/base-config-asa-ipsec-remote-access-vpn-template



VPN Group Name:
LAN Subnet:
VPN Client Start IP:
VPN Client End IP:
VPN Client Subnet Mask:
Crypto Map Name:
VPN Interface:
WINS Servers:
DNS Servers:
Domain Name:
Group Pre-Shared Key:
VPN Subnet:
Inside Interface:


Use this code to post the full script to your own page:



Use this code to post only the variables to your own page: