Announcement

Collapse
No announcement yet.

Clean up VPN users on ASA 5505

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Clean up VPN users on ASA 5505

    I have moved from the PIX to ASA world and while some things are similar, there are a few things that are quite a bit different. After using the VPNGROUP command to create VPN users, I have a very ugly config. Can someone help me clean this up? Everyone uses the same DNS/WINS servers, address pool, etc. User authentication is handled by the ASA.

    group-policy user1 internal
    group-policy user1 attributes
    wins-server value 192.168.1.10
    dns-server value 192.168.1.10
    vpn-idle-timeout 30
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split_tunnel
    default-domain value superfancydomain.local
    group-policy user2 internal
    group-policy user2 attributes
    wins-server value 192.168.1.10
    dns-server value 192.168.1.10
    vpn-idle-timeout 30
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split_tunnel
    default-domain value superfancydomain.local
    group-policy user3 internal
    group-policy user3 attributes
    wins-server value 192.168.1.10
    dns-server value 192.168.1.10
    vpn-idle-timeout 30
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split_tunnel
    default-domain value superfancydomain.local
    tunnel-group user1 type ipsec-ra
    tunnel-group user1 general-attributes
    address-pool CFPOOL
    default-group-policy user1
    tunnel-group user1 ipsec-attributes
    pre-shared-key *
    isakmp ikev1-user-authentication none
    tunnel-group user3 type ipsec-ra
    tunnel-group user3 general-attributes
    address-pool CFPOOL
    default-group-policy user3
    tunnel-group user3 ipsec-attributes
    pre-shared-key *
    isakmp ikev1-user-authentication none
    tunnel-group user2 type ipsec-ra
    tunnel-group user2 general-attributes
    address-pool CFPOOL
    default-group-policy user2
    tunnel-group user2 ipsec-attributes
    pre-shared-key *
    isakmp ikev1-user-authentication none

    Any help is most appreciated!
    Last edited by mvalpreda; 4th December 2008, 00:43.
Working...
X