Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1


CISCO ASA 5520 11 years 9 months ago #31526

Guys urgent help will be welcome..............

I'm trying to accomplish this task. VPN for outside client, web access for inside client, email etc. Below are my devices and how they are connected.

ISP connect to - 1 x 2800 series Router connect to - 1 x 5520 Firewall outside interface. The Dmz interface connect to a dell power connect switch to the server. The inside interface connect to a power connect switch to my 8x cisco 881 series routers.

this is my running config so far.

interface gigabitethernet 0/0
nameif outside
security-level 0
ip address
no shutdown

interface gigabitethernet 0/1
nameif inside2
security-level 100
ip address
no shutdown

interface gigabitethernet 0/2
security-level 100
no ip address

interface gigabitethernet 0/3
nameif dmz
security-level 50
ip address
no shutdown

passwd Password1
enable password Password1
hostname asawall
same-security-traffic permit inter-interface
route outside 0 0 1
nat (inside2) 1
! The inside1 and inside2 networks use PAT when accessing the outside
global (outside) 1 netmask
! Because we perform dynamic NAT on these addresses for outside access, we need to perform
! NAT on them for all other interface access. This identity static statement just
! translates the local address to the same address.
static (inside1,inside2) netmask
static (inside2,inside1) netmask
! The syslog server uses a static translation so the outside management host can access
! the server
static (dmz,outside) netmask
access-list MANAGE remark Allows the management host to access the syslog server
access-list MANAGE extended permit tcp host host eq telnet
access-group MANAGE in interface outside
! Advertises the security appliance IP address as the default gateway for the downstream
! router. The security appliance does not advertise a default route to the router.
rip inside2 default version 2 authentication md5 scorpius 1
! Listens for RIP updates from the downstream router. The security appliance does not
! listen for RIP updates from the router because a default route to the router is all that
! is required.
rip inside2 passive version 2 authentication md5 scorpius 1
! The client uses a pre-shared key to connect to the security appliance over IPSec. The
! key is the password in the username command following.
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 group 2
isakmp policy 1 hash sha
isakmp enable outside
crypto ipsec transform-set vpn_client esp-3des esp-sha-hmac
username admin password passw0rd
crypto ipsec transform-set vpn esp-3des esp-sha-hmac
crypto dynamic-map vpn_client 1 set transform-set vpn
crypto map telnet_tunnel 1 ipsec-isakmp dynamic vpn_client
crypto map telnet_tunnel interface outside
ip local pool client_pool
access-list VPN_SPLIT extended permit ip host host
telnet outside
telnet timeout 30
logging trap 5
! System messages are sent to the syslog server on the DMZ network
logging host dmz
logging on
  • Page:
  • 1
Time to create page: 0.092 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup