• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 897
  • Last Modified:

Configure VPN server on cisco 5505 ASA

Hi,

I got brand new cisco asa5505, i need to configure this as VPN server just like currently we have Cisco VPN 3000 concentrator. So that we can connect from vpn clients from remote branches. We have ciscso asa 5505 on the remote sites as well which we want to use as vpn client in order to connect to another cisco 5505 at headoffice which should act as vpn server.
I am new to asa5505, is there any easy way steps by steps i can achive this. thanks
0
tech2010
Asked:
tech2010
1 Solution
 
MikeKaneCommented:
0
 
tech2010Author Commented:
this link is no good.

anyone has any other information please come forward. thanks
0
 
periferralCommented:
the easiest way is to install PDM/ASDM on the ASA.
http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/prod_software_versions_comparison.html

the link above will help you find the correct version for the version of ASA you are running.
once you have loaded the DM, on the ASA you need to configure
http server enable
http 0 0 inside

This will give all hosts on the inside network access to the DM (you can restrict which IPs you want to give access to)

Now, from your machine that has access, open a browser and point to https://ASA_IP

You should now have GUI access to your ASA.

Now under Wizards, you should have a way to setup Remote access VPN. Just enter all the information in the wizard all the way to the end. It should configure a working remote access VPN setup for you
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Texas_BillyCommented:
What version of ASA 5505 do you have?  You said you currently have a vpn 3000 series concentrator.  Depending on the model, that will support many more simultaneous tunnels than your ASA.  If you purchased the ASA 5505 base license, it only supports 10 simultaneous IPSec tunnels and only 2 SSL vpn tunnels.  If you currently have 25 people or so logging into your concentrator, you'll need to upgrade your ASA license.  

Also consider configuring site-to-site vpns to the remote ASAs instead of using the client vpn model (easyvpn).  EasyVPN is a non-stop pain in the rear, I don't know anyone who likes it.  Setting up site-to-site vpns is a piece of cake.  

Answer these questions for me, and I'll reply with step-by-step commands to configure ipsec remote access, webvpn and site-to-site connections:

(1) For remote access-vpn users, what do you want to use to authenticate them?  Certs, active directory, local user database on the ASA, radius, etc?

(2) How many simultaneous tunnels are you expecting to see on average?

(3) Do you expect tons of traffic through these tunnels, or just typical internet access, outlook connection to exchabnge, some file sharing, etc.

(4) Does your ASA have the security plus upgrade license?

(5) Do you want remote access vpn users to have access to all hosts on the LAN side of your ASA?

--TX  
0
 
tech2010Author Commented:
Texas_Billy: Thanks for your comments. Here are the answers of your questions in line by line.

- ASA version is 8.2(1)

- Cisco VPN 3005 concentrator: The current issue is not simultanous number of tunnels but actually the performance as almost all the remote VPN branhces having the performance issues. Basically the CPU utilization if above 95% of concentrator so probably that is causing the performance issues. Currently we have lots of branches connected via Remote VPN instead of site-to-site (LAN to LAN) and i agree that i think branches should be configured as site-to-site rather than remote vpn. And i think i would like to configure site-to-site if you can help.


1) Authentication method: Radius server with AD intregrated

2) probably 30 simultanous tunnels. Do you mean site-to-site tunnels or remote vpn user tunnels or all together?

3) There will be citrix traffic and there will be some exchange / outlook traffic and printing.

4) How can i check if it has security plus upgrade license. I dont think it has, what is this for?

5) Yes we want remote access users to have access to all hosts. Also we wanted to use this ASA at the main office to accept site-to-site and Remote VPN tunnels.

Also, will there be any performance issue with ASA? i believe not?

thanks



0
 
periferralCommented:
i highly recommend the asdm method. its easy to do using the user interface wizard
0
 
tech2010Author Commented:
hi, i am trying to setup site-to-site ipsec vpn via wizard but tunnel it is not working for me. I have got 10 branches which need to setup site to site with head office, 3 of them worked fine but when some of them are not working. Not sure why, even the way i am configuring is the same of remaining sites.

When i run packet tracer from Tools menu i get error. please help. thanks
0
 
periferralCommented:
can you post the running config on the 2 sites that are having issues with communication.

also, rather than using tracer, the output of debugs will be more useful

debug crypto ipsec
dubug crypto isakmp

0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now