Checking my first IPSEC config

Heres a copy of the relevant VPN statements in my first IPSEC config. Haven't applied it yet, but logically it should work. Cisco VPN client is used with VPNGROUP, hoping to only have a single VPN client only being able to access IP

Is this a ideal config or could I improve it?

object-group network vpn_address network-object host access-list outside_in permit tcp any any eq smtp access-list outside_in permit icmp any any access-list outside_in permit tcp any any eq www access-list outside_in permit tcp any any eq https access-list outside_in permit gre any any access-list nonat permit ip host object-group vpn_address access-list out2in permit ip object-group vpn_address host ip local pool vpnpool global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 0 0 static (inside,outside) tcp interface smtp smtp netmask 0 0 static (inside,outside) tcp interface https smtp netmask 0 0 static (inside,outside) tcp interface www smtp netmask 0 0 access-group out2in in interface outside access-group outside_in interface outside conduit permit icmp any any crypto ipsec transform-set VPNSET esp-3des esp-sha-hmac sysopt connection permit-ipsec crypto dynamic-map VPNDYN 10 set transform-set VPNSET crypto map VPNMAP 20 ipsec-isakmp dynamic VPNDYN crypto map VPNMAP interface outside isakmp enable outside isakmp identity address isakmp nat-traversal 60 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup VPNGROUP idle time 1800 vpngroup VPNGROUP address-pool vpnpool vpngroup VPNGROUP split-tunnel 100 vpngroup VPNGROUP password ********
Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.