General Settings
Phase 1 Settings
Phase 2 Settings

Generated Code


NOTES


  • The Policy number should be less then any crypto map with 'dynamic DYNMAP' in use
  • Make sure to check if sysopt is enabled
  • Ensure the iskamp policy number is unused on the firewall
  • 1 Crypto Map per interface

  • ACLs should look like the following
  • access-list 101 permit ip <local-domain/ip> <remote-domain/ip>
  • access-list NONAT permit ip <local-domain/ip> <remote-domain/ip>
  • access-list vpn-filter permit <tcp|udp|ip> <remote-domain/ip> <local-domain/ip> <eq port>

  • sysopt connection permit-vpn
  • Remote Enc -> Local Enc traffic will NOT be checked against the outside ACL
  • If no vpn-filter is defined, ALL Remote Enc -> Local Enc traffic will be permitted

  • no sysopt connection permit-vpn
  • Remote Enc -> Local Enc traffic will be checked against the outside ACL

Close Notes

NOTES


  • The Policy number should be less then any crypto map with 'dynamic DYNMAP' in use
  • Make sure to check if sysopt is enabled
  • Ensure the iskamp policy number is unused on the firewall
  • 1 Crypto Map per interface

  • ACLs should look like the following
  • access-list 101 permit ip <local-domain/ip> <remote-domain/ip>
  • access-list NONAT permit ip <local-domain/ip> <remote-domain/ip>
  • access-list vpn-filter permit <tcp|udp|ip> <remote-domain/ip> <local-domain/ip> <eq port>

  • sysopt connection permit-vpn
  • Remote Enc -> Local Enc traffic will NOT be checked against the outside ACL
  • If no vpn-filter is defined, ALL Remote Enc -> Local Enc traffic will be permitted

  • no sysopt connection permit-vpn
  • Remote Enc -> Local Enc traffic will be checked against the outside ACL

Close Notes