7/24/2019 Cisco Config L2L VPN

1/2

: Saved:ASA Version 8.4(2)!hostname comp1enable password GZnVbskmyhmMNQsi encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface GigabitEthernet0nameif outsidesecurity-level 0ip address 100.0.0.2 255.255.255.252!interface GigabitEthernet1nameif insidesecurity-level 100ip address 10 .0.0.1 255.255.255.0!ftp mode passiveobject network inside-netsubnet 10.0.0.0 255.255.255.0object network web-server

host 10.0.0.10object network Site-comp1subnet 10.0.0.0 255.255.255.0object network Site-Clientsubnet 192.168.0.0 255.255.255.0access-list webserver extended permit icmp any object inside-netaccess-list webserver extended permit tcp any object web-server eq wwwaccess-list icmp_allow extended permit icmp any object inside-netaccess-list vpn_traffic extended permit ip object Site-comp1 object Site-Clientpager lines 24mtu outside 1500mtu inside 1500icmp unreachable rate-limit 1 burst-size 1

no asdm history enablearp timeout 14400nat (inside,outside) source static Site-comp1 Site-comp1 destination static Site-Client Site-Client no-proxy-arp route-lookup!object network inside-netnat (inside,outside) dynamic interfaceobject network web-servernat (inside,outside) static interface service tcp www wwwaccess-group webserver in interface outsideroute outside 0.0.0.0 0.0.0.0 100.0.0.1 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyuser-identity default-domain LOCALno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

7/24/2019 Cisco Config L2L VPN

2/2

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmaccrypto map outside_map 1 match address vpn_trafficcrypto map outside_map 1 set pfscrypto map outside_map 1 set peer 101.0.0.2crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHAcrypto map outside_map interface outsidecrypto ikev1 enable outsidecrypto ikev1 policy 10authentication pre-shareencryption 3deshash shagroup 2lifetime 86400telnet timeout 5ssh timeout 5console timeout 0threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-intercepttunnel-group 101.0.0.2 type ipsec-l2ltunnel-group 101.0.0.2 ipsec-attributesikev1 pre-shared-key *****!!

prompt hostname contextno call-home reporting anonymouscall-homeprofile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic dailycrashinfo save disableCryptochecksum:5f860850a934e175f844c7d9b8e0d70b: end