Cisco OL-24124-01 User Manual
Page 13
17-13
Cisco Unified Communications Manager Security Guide
OL-24124-01
Chapter 17 Configuring Virtual Private Networks
Sample ASA configuration summary
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
!--- ASA certs
!--- trustpoints and certificates
crypto ca trustpoint ASA_VPN_Cert
enrollment self
keypair ASA_VPN_Cert_key
crl configure
crypto ca trustpoint CiscoMfgCert
enrollment terminal
crl configure
crypto ca trustpoint UCM_CAPF_Cert
enrollment terminal
no client-types
crl configure
crypto ca certificate chain ASA_VPN_Cert
certificate 02d5054b
quit
crypto ca certificate chain CiscoMfgCert
certificate ca 6a6967b3000000000003
quit
crypto ca certificate chain UCM_CAPF_Cert
certificate ca 6a6967b3000000000003
quit
telnet timeout 5
ssh scopy enable
ssh timeout 5
console timeout 0
!--- configure client to send packets with broadcast flag set
dhcp-client broadcast-flag
!--- specifies use of mac-addr for client identifier to outside interface
dhcp-client client-id interface outside
!
tls-proxy maximum-session 200
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!--- configure ssl
ssl encryption aes128-sha1
ssl trust-point ASA_VPN_Cert
ssl certificate-authentication interface outside port 443
!--- VPN config
!--- Configure webvpn
webvpn
enable outside
default-idle-timeout 3600
svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1
svc enable