Setup VPN Cisco Client with Windows Server 2008 and CIsco ASA Firewall

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to configure Cisco and step by step to configure Windows 2008 server.  Meanwhile, what I also did (I prefer is to use command line interface on the Cisco ASA to configure it) was to use the main lines:

access-list 101 permit ip
                      ip local pool ippool mask
                      nat (inside) 0 access-list 101
                      aaa-server host protocol radius
                      aaa-server host (inside) host Cisco12345 timeout 5
                      sysopt connection permit-ipsec
                      crypto ipsec transform-set myset esp-des esp-md5-hmac
                      crypto dynamic-map dynmap 10 set transform-set myset
                      crypto map mymap 10 ipsec-isakmp dynamic dynmap
                      crypto map mymap client authentication host
                      crypto map mymap interface outside
                      isakmp enable outside
                      isakmp policy 10 authentication pre-share
                      isakmp policy 10 encryption des
                      isakmp policy 10 hash md5
                      isakmp policy 10 group 2
                      isakmp policy 10 lifetime 86400
                      group-policy vpn3000 internal
                      group-policy vpn3000 attributes
                       dns-server value
                       default-domain value
                      username vpn3000 password VPN2010 encrypted
                      tunnel-group DefaultRAGroup general-attributes
                       authentication-server-group (outside) host
                      tunnel-group vpn3000 type ipsec-ra
                      tunnel-group vpn3000 general-attributes
                       address-pool ippool
                       authentication-server-group vpn
                       default-group-policy vpn3000
                      tunnel-group vpn3000 ipsec-attributes
                      pre-shared-key Cisco12345

Open in new window

***To make sure the client can still use internet while on VPN connection you have to use split tunneling - commands are different on Pix 6.x than on 8.x software***
access-list split_tunnel_list standard permit
                      group-policy vpn3000 attributes
                      split-tunnel-policy tunnelspecified
                      split-tunnel-network-list value split_tunnel_list
                      tunnel-group vpn3000 general attributes
                      default-group-policy vpn3000

Open in new window

***to save***
write mem or copy running-config startup-config

Open in new window

I used the Cisco VPN Client software 4.x and it works without a problem.  Click on new connection entry - From the above information the password will be Cisco12345 (your key) while the username is vpn3000 (you will also have to enter your connection entry and description as well as the outside IP interface of the firewall). Keep the enable transparent tunneling and the Ipsec over Udp in the Trasnport tab.

For Windows 2008 setup and/or to setup Cisco ASA using ASDM:

Here's another article that might help you:

I took a long time to look through all this... I hope it helps someone out there!

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.