Cisco ASA IPSec VPN Client Access Configuration

ip local pool VPN-POOL 10.0.0.193-10.0.0.206


access-list VPN_splitTunnelACL standard permit 10.0.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 10.0.0.192 255.255.255.240




nat (inside) 0 access-list inside_nat0_outbound


crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800




crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400




group-policy VPNGROUP internal
group-policy VPNGROUP attributes
 dns-server value 8.8.8.8 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value VPN_splitTunnelACL


tunnel-group VPNGROUP type remote-access
tunnel-group VPNGROUP general-attributes
 address-pool VPN-POOL
 default-group-policy VPNGROUP
tunnel-group VPNGROUP ipsec-attributes
 pre-shared-key 12345678