Remote Access VPN: Step1: Configure the IP addresses on the ASA and laptop as shown Step2: Configure the ASA for remote access vpn Code: access-list office_splitTunnelAcl standard permit 150.0.0.0 255.0.0.0 access-list outside_nat0_outbound extended permit ip 150.0.0.0 255.0.0.0 172.16.1.0 255.255.255.240 ip local pool vpn-pool 172.16.1.1-172.16.1.10 mask 255.255.255.128 nat (outside) 0 access-list outside_nat0_outbound group-policy office internal group-policy office attributes vpn-tunnel-protocol IPSec webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value office_splitTunnelAcl username cisco password cisco rypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map inside_dyn_map 20 set pfs crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map crypto map inside_map interface inside crypto isakmp enable inside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 tunnel-group office type ipsec-ra tunnel-group office general-attributes address-pool vpn-pool default-group-policy office tunnel-group office ipsec-attributes pre-shared-key cisco Verification (only relevant output included) From the laptop ping 150.1.1.1 !!!!! Code: Crypto map tag: outside_map, seq num: 20, local addr: 155.14.0.4 access-list outside_20_cryptomap permit ip 172.16.1.0 255.255.255.0 150.0.0.0 255.0.0.0 local ident (addr/mask/prot/port): (172.16.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (150.0.0.0/255.0.0.0/0/0) current_peer: 155.14.0.1 #pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 3 #pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 3 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 3, #pkts comp failed: 0, #pkts decomp failed: 0 inbound esp sas: spi: 0x218BAEDC (562802396) transform: esp-3des esp-sha-hmac none in use settings ={L2L, Tunnel, } slot: 0, conn_id: 20, crypto-map: outside_map sa timing: remaining key lifetime (kB/sec): (4274999/3577) IV size: 8 bytes replay detection support: Y outbound esp sas: spi: 0x7A91211B (2056331547) transform: esp-3des esp-sha-hmac none in use settings ={L2L, Tunnel, } slot: 0, conn_id: 20, crypto-map: outside_map sa timing: remaining key lifetime (kB/sec): (4274999/3575) IV size: 8 bytes replay detection support: Y L2L VPN Step1: Configure the IP addresses on the ASA and the Hub router Step2: Configure the ASA as follows Code: access-list outside_20_cryptomap extended permit ip 192.168.1.0 255.255.255.0 150.0.0.0 255.0.0.0 access-list outside_20_cryptomap extended permit ip 172.16.1.0 255.255.255.0 150.0.0.0 255.0.0.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 150.0.0.0 255.0.0.0 access-list inside_nat0_outbound extended permit ip 172.16.1.0 255.255.255.0 150.0.0.0 255.0.0.0 nat (outside) 0 access-list outside_nat0_outbound crypto map outside_map 20 match address outside_20_cryptomap crypto map outside_map 20 set peer 155.14.0.1 crypto map outside_map 20 set transform-set ESP-3DES-SHA crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 tunnel-group 155.14.0.1 type ipsec-l2l tunnel-group 155.14.0.1 ipsec-attributes pre-shared-key cisco Step2: Configure the hub router as follows Code: crypto isakmp policy 2 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 155.14.0.4 crypto ipsec transform-set l2l-trn esp-3des esp-sha-hmac ! ! crypto map l2l-map 10 ipsec-isakmp set peer 155.14.0.4 set transform-set l2l-trn match address 101 interface GigabitEthernet0/1 ip address 155.14.0.1 255.255.255.0 crypto map l2l-map access-list 101 permit ip 150.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 150.0.0.0 0.255.255.255 172.16.1.0 0.0.0.255 Verification(only relevant output included) From Laptop ping 150.2.2.2 !!!! Code: Router interface: GigabitEthernet0/1 Crypto map tag: l2l-map, local addr 155.14.0.1 protected vrf: (none) local ident (addr/mask/prot/port): (150.0.0.0/255.0.0.0/0/0) remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0) current_peer 155.14.0.4 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 18, #pkts encrypt: 18, #pkts digest: 18 #pkts decaps: 18, #pkts decrypt: 18, #pkts verify: 18 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local ident (addr/mask/prot/port): (150.0.0.0/255.0.0.0/0/0) remote ident (addr/mask/prot/port): (172.16.1.0/255.255.255.0/0/0) current_peer 155.14.0.4 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 18, #pkts encrypt: 18, #pkts digest: 18 #pkts decaps: 18, #pkts decrypt: 18, #pkts verify: 18 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 ASA Code: interface: outside Crypto map tag: outside_map, seq num: 20, local addr: 155.14.0.4 access-list outside_20_cryptomap permit ip 172.16.1.0 255.255.255.0 150.0.0.0 255.0.0.0 local ident (addr/mask/prot/port): (172.16.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (150.0.0.0/255.0.0.0/0/0) current_peer: 155.14.0.1 #pkts encaps: 7, #pkts encrypt: 7, #pkts digest: 7 #pkts decaps: 7, #pkts decrypt: 7, #pkts verify: 7 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 7, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #send errors: 0, #recv errors: 0 . Remote Access VPN: Step1: Configure the IP addresses on the ASA and laptop as shown Step2: Configure the ASA for remote access vpn Code: access- list office_splitTunnelAcl standard permit. access- list outside_nat0_outbound extended permit ip 150.0.0.0 255.0.0.0 172.16.1.0 255.255.255.240 ip local pool vpn- pool 172.16.1.1-172.16.1.10 mask 255.255.255.128 nat (outside) 0 access- list. settings = {L2L, Tunnel, } slot: 0, conn_id: 20, crypto-map: outside_map sa timing: remaining key lifetime (kB/sec): (4274999/3575) IV size: 8 bytes replay detection support: Y L2L VPN Step1: Configure