beautypg.com

Cisco OL-24124-01 User Manual

Page 13

background image

17-13

Cisco Unified Communications Manager Security Guide

OL-24124-01

Chapter 17 Configuring Virtual Private Networks

Sample ASA configuration summary

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

http redirect outside 80

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

!--- ASA certs

!--- trustpoints and certificates

crypto ca trustpoint ASA_VPN_Cert

enrollment self

keypair ASA_VPN_Cert_key

crl configure

crypto ca trustpoint CiscoMfgCert

enrollment terminal

crl configure

crypto ca trustpoint UCM_CAPF_Cert

enrollment terminal

no client-types

crl configure

crypto ca certificate chain ASA_VPN_Cert

certificate 02d5054b

quit

crypto ca certificate chain CiscoMfgCert

certificate ca 6a6967b3000000000003

quit

crypto ca certificate chain UCM_CAPF_Cert

certificate ca 6a6967b3000000000003

quit

telnet timeout 5

ssh scopy enable

ssh timeout 5

console timeout 0

!--- configure client to send packets with broadcast flag set

dhcp-client broadcast-flag

!--- specifies use of mac-addr for client identifier to outside interface

dhcp-client client-id interface outside

!

tls-proxy maximum-session 200

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!--- configure ssl

ssl encryption aes128-sha1

ssl trust-point ASA_VPN_Cert

ssl certificate-authentication interface outside port 443

!--- VPN config

!--- Configure webvpn

webvpn

enable outside

default-idle-timeout 3600

svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1

svc enable