Heres a copy of the relevant VPN statements in my first IPSEC config. Haven't applied it yet, but logically it should work. Cisco VPN client is used with VPNGROUP, hoping to only have a single VPN client only being able to access IP 192.168.0.250.
Is this a ideal config or could I improve it?
object-group network vpn_address network-object host 192.168.0.95 access-list outside_in permit tcp any any eq smtp access-list outside_in permit icmp any any access-list outside_in permit tcp any any eq www access-list outside_in permit tcp any any eq https access-list outside_in permit gre any any access-list nonat permit ip host 192.168.0.250 object-group vpn_address access-list out2in permit ip object-group vpn_address host 192.168.0.250 ip local pool vpnpool 192.168.0.95 global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) tcp interface smtp smtp netmask255.255.255.255 0 0 static (inside,outside) tcp interface https smtp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface www smtp netmask 255.255.255.255 0 0 access-group out2in in interface outside access-group outside_in interface outside conduit permit icmp any any crypto ipsec transform-set VPNSET esp-3des esp-sha-hmac sysopt connection permit-ipsec crypto dynamic-map VPNDYN 10 set transform-set VPNSET crypto map VPNMAP 20 ipsec-isakmp dynamic VPNDYN crypto map VPNMAP interface outside isakmp enable outside isakmp identity address isakmp nat-traversal 60 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup VPNGROUP idle time 1800 vpngroup VPNGROUP address-pool vpnpool vpngroup VPNGROUP split-tunnel 100 vpngroup VPNGROUP password ********