Task 4.2 - Solution Guide

Looking at the solution guide for Lab 5 it appears to be way off, seems to be from a different scenario.

From what I can tell...

1. The local pool is configured incorrectly,
2. Group Policy VPN idle timeout should be 10 minutes, not 1800 (guessing they messed up and put seconds). Group policy is also missing the split tunnel policy.
3. The username/pw is incorrect.
4. The static routes generated by the dynamic map reverse routing need to be redistributed into OSPF.
5. NAT needs to be addressed. Looking at NAT exemption for the inside networks to the VPN pool. NAT for the VPN client users to the outside would not seem to be necessary as we are doing split tunneling.

-Mike

Comments

  • I agree that the the solutions guide is complete wrong for this task. I think the solution should look like this:

    access-list SPLIT standard permit 192.10.3.0 255.255.255.0
    access-list SPLIT standard permit 150.3.6.0 255.255.255.0

    ip local pool VPN_POOL 192.168.0.0 mask 255.255.255.0

    group-policy ADMINGROUP internal
    group-policy ADMINGROUP attributes
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value SPLIT
    vpn-idle-timeout 10

    username ADMIN password 0Fiyt7Ojpuvbkp7l encrypted

    crypto ipsec transform-set 3DES_SHA esp-3des esp-sha-hmac

    crypto dynamic-map DVPN 10 set transform-set 3DES_SHA

    crypto map VPN 10 ipsec-isakmp dynamic DVPN
    crypto map VPN interface outside

    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400

    tunnel-group ADMINGROUP type ipsec-ra
    tunnel-group ADMINGROUP general-attributes
    address-pool VPN_POOL
    default-group-policy ADMINGROUP
    tunnel-group ADMINGROUP ipsec-attributes
    pre-shared-key *
Sign In or Register to comment.