Setup VPN Cisco Client with Windows Server 2008 and CIsco ASA Firewall

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to configure Cisco and step by step to configure Windows 2008 server.  Meanwhile, what I also did (I prefer is to use command line interface on the Cisco ASA to configure it) was to use the main lines:

access-list 101 permit ip
ip local pool ippool mask
nat (inside) 0 access-list 101
aaa-server host protocol radius
aaa-server host (inside) host Cisco12345 timeout 5
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication host
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

group-policy vpn3000 internal
group-policy vpn3000 attributes
 dns-server value
 default-domain value
username vpn3000 password VPN2010 encrypted
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group (outside) host
tunnel-group vpn3000 type ipsec-ra
tunnel-group vpn3000 general-attributes
 address-pool ippool
 authentication-server-group vpn
 default-group-policy vpn3000
tunnel-group vpn3000 ipsec-attributes
pre-shared-key Cisco12345

Open in new window

***To make sure the client can still use internet while on VPN connection you have to use split tunneling - commands are different on Pix 6.x than on 8.x software***
access-list split_tunnel_list standard permit
group-policy vpn3000 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel_list
tunnel-group vpn3000 general attributes
default-group-policy vpn3000

Open in new window

***to save***
write mem or copy running-config startup-config

Open in new window

I used the Cisco VPN Client software 4.x and it works without a problem.  Click on new connection entry - From the above information the password will be Cisco12345 (your key) while the username is vpn3000 (you will also have to enter your connection entry and description as well as the outside IP interface of the firewall). Keep the enable transparent tunneling and the Ipsec over Udp in the Trasnport tab.

For Windows 2008 setup and/or to setup Cisco ASA using ASDM:

Here's another article that might help you:

I took a long time to look through all this... I hope it helps someone out there!

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community