Setup VPN Cisco Client with Windows Server 2008 and CIsco ASA Firewall: Cisco VPN Client 4.x Windows Server 2008 ASA 5500 Series

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares. I have a Cisco ASA 5510 firewall. I found an article which was extremely useful: It had a solution if you use ASDM to configure Cisco and step by step to configure Windows 2008 server. Meanwhile, what I also did (I prefer is to use command line interface on the Cisco ASA to configure it) was to use the main lines:

access-list 101 permit ip 172.16.0.0 255.255.0.0 10.1.1.0 255.255.255.0
ip local pool ippool 10.1.1.1-10.1.1.80 mask 255.255.255.0
nat (inside) 0 access-list 101
aaa-server host protocol radius
aaa-server host (inside) host 172.16.10.1 Cisco12345 timeout 5
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication host
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

group-policy vpn3000 internal
group-policy vpn3000 attributes
 dns-server value 172.16.10.1
 default-domain value company.com
username vpn3000 password VPN2010 encrypted
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group (outside) host
tunnel-group vpn3000 type ipsec-ra
tunnel-group vpn3000 general-attributes
 address-pool ippool
 authentication-server-group vpn
 default-group-policy vpn3000
tunnel-group vpn3000 ipsec-attributes
pre-shared-key Cisco12345

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:

Select all Open in new window

***To make sure the client can still use internet while on VPN connection you have to use split tunneling - commands are different on Pix 6.x than on 8.x software***

access-list split_tunnel_list standard permit 172.16.0.0 255.255.0.0
group-policy vpn3000 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel_list
tunnel-group vpn3000 general attributes
default-group-policy vpn3000

1:
2:
3:
4:
5:
6:

Select all Open in new window

***to save***

write mem or copy running-config startup-config

1:

Select all Open in new window

I used the Cisco VPN Client software 4.x and it works without a problem. Click on new connection entry - From the above information the password will be Cisco12345 (your key) while the username is vpn3000 (you will also have to enter your connection entry and description as well as the outside IP interface of the firewall). Keep the enable transparent tunneling and the Ipsec over Udp in the Trasnport tab.

For Windows 2008 setup and/or to setup Cisco ASA using ASDM:

http://fixingit.wordpress.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/

Here's another article that might help you:
http://crazyvlan.blogspot.com/2008/02/vpn-and-radius-with-cisco-asa-and.html

I took a long time to look through all this... I hope it helps someone out there!

Gain Access to all our Tech Resources

Get personalized answers

Ask unlimited questions

Access Proven Solutions

Search 3.2 million solutions

Read In-Depth How-To Guides

1000+ articles, demos, & tips

Watch Step by Step Tutorials

Learn direct from top tech pros

And Much More!

Your complete tech resource

30-day free trial. Register in 60 seconds.

Setup VPN Cisco Client with Windows Server 2008 and CIsco ASA Firewall

Cisco VPN Client 4.x Windows Server 2008 ASA 5500 Series

Virtual Private Networking (VPN)

About The Author

More Articles From lefty8680

Comments

Add your Comment

Join Experts Exchange Today

Gain Access to all our Tech Resources

Get personalized answers

Access Proven Solutions

Read In-Depth How-To Guides

Watch Step by Step Tutorials

And Much More!

Top VPN Experts