access-list vpn-crypto-domain permit ip object-group local-hosts object-group remote-hosts
# Note these are used for both incoming and outgoing connection!
access-list vpn-acl permit tcp object-group remote-hosts object-group localhosts eq 22
access-list vpn-acl permit icmp object-group remote-hosts object-group localhosts
access-list vpn-acl permit tcp object-group localhosts object-group remote-hosts
crypto map VPN_MAP1 230 match address vpn-crypto-domain
crypto map VPN_MAP1 230 set peer xx.xx.xx.xx
crypto map VPN_MAP1 230 set transform-set ESP-AES256-SHA
group-policy vpn-filter internal
group-policy vpn-filter attributes
vpn-filter value vpn-acl
pfs disable
tunnel-group xx.xx.xx.xx type ipsec-l2l
tunnel-group xx.xx.xx.xx ipsec-attributes
pre-shared-key *
tunnel-group xx.xx.xx.xx general-attributes
default-group-policy vpn-filter
No comments:
Post a Comment