Dell EqualLogic PS6210XS EqualLogic Group Manager Administrator s Guide PS Ser - Page 91
This Cisco ASA, crypto isakmp am-disable
View all Dell EqualLogic PS6210XS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 91 highlights
interface Ethernet0/7 !passwd encrypted ftp mode passive dns server-group DefaultDNS domain-name company.com access-list 101 extended permit ip 10.125.55.0 255.255.255.0 host 10.125.56.2 pager lines 24 mtu outside 1500 mtu inside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set aes_set esp-aes esp-sha-hmac crypto map IPsecPSA 10 match address 101 crypto map IPsecPSA 10 set peer 10.125.56.2 crypto map IPsecPSA 10 set transform-set aes_set crypto map IPsecPSA interface outside crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption aes hash sha group 2 lifetime 28800 crypto isakmp am-disable telnet timeout 5 ssh timeout 5 console timeout 0 ! ! username name password encrypted tunnel-group 10.125.56.2 type ipsec-l2l tunnel-group 10.125.56.2 general-attributes tunnel-group 10.125.56.2 ipsec-attributes pre-shared-key * no prompt Cryptochecksum: : end This Cisco ASA configuration creates a secure connection to the group IP address. To establish secure connections to the individual network interfaces on each group member, you need to create an access list and crypto map for each interface. For example: access-list extended permit ip 10.125.55.0 255.255.255.0 host crypto map IPsecPSAMem1Eth0 10 match address crypto map IPsecPSAMem1Eth0 10 set peer crypto map IPsecPSAMem1Eth0 10 set transform-set aes_set crypto map IPsecPSAMem1Eth0 interface outside About Group-Level Security 91