<

Go Premium for a chance to win a PS4. Enter to Win

x

Setup VPN Cisco Client with Windows Server 2008 and CIsco ASA Firewall

Published on
12,178 Points
6,178 Views
Last Modified:
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to configure Cisco and step by step to configure Windows 2008 server.  Meanwhile, what I also did (I prefer is to use command line interface on the Cisco ASA to configure it) was to use the main lines:

access-list 101 permit ip 172.16.0.0 255.255.0.0 10.1.1.0 255.255.255.0
ip local pool ippool 10.1.1.1-10.1.1.80 mask 255.255.255.0
nat (inside) 0 access-list 101
aaa-server host protocol radius
aaa-server host (inside) host 172.16.10.1 Cisco12345 timeout 5
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication host
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

group-policy vpn3000 internal
group-policy vpn3000 attributes
 dns-server value 172.16.10.1
 default-domain value company.com
username vpn3000 password VPN2010 encrypted
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group (outside) host
tunnel-group vpn3000 type ipsec-ra
tunnel-group vpn3000 general-attributes
 address-pool ippool
 authentication-server-group vpn
 default-group-policy vpn3000
tunnel-group vpn3000 ipsec-attributes
pre-shared-key Cisco12345

Open in new window



***To make sure the client can still use internet while on VPN connection you have to use split tunneling - commands are different on Pix 6.x than on 8.x software***
access-list split_tunnel_list standard permit 172.16.0.0 255.255.0.0
group-policy vpn3000 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel_list
tunnel-group vpn3000 general attributes
default-group-policy vpn3000

Open in new window



***to save***
write mem or copy running-config startup-config

Open in new window


I used the Cisco VPN Client software 4.x and it works without a problem.  Click on new connection entry - From the above information the password will be Cisco12345 (your key) while the username is vpn3000 (you will also have to enter your connection entry and description as well as the outside IP interface of the firewall). Keep the enable transparent tunneling and the Ipsec over Udp in the Trasnport tab.

For Windows 2008 setup and/or to setup Cisco ASA using ASDM:

http://fixingit.wordpress.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/

Here's another article that might help you:
http://crazyvlan.blogspot.com/2008/02/vpn-and-radius-with-cisco-asa-and.html

I took a long time to look through all this... I hope it helps someone out there!
0
Comment
Author:lefty8680
0 Comments

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Join & Write a Comment

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month