Configure VPN server on cisco 5505 ASA

Posted on 2009-12-22
Last Modified: 2012-05-08

I got brand new cisco asa5505, i need to configure this as VPN server just like currently we have Cisco VPN 3000 concentrator. So that we can connect from vpn clients from remote branches. We have ciscso asa 5505 on the remote sites as well which we want to use as vpn client in order to connect to another cisco 5505 at headoffice which should act as vpn server.
I am new to asa5505, is there any easy way steps by steps i can achive this. thanks
Question by:tech2010
    LVL 33

    Expert Comment


    Author Comment

    this link is no good.

    anyone has any other information please come forward. thanks
    LVL 4

    Expert Comment

    the easiest way is to install PDM/ASDM on the ASA.

    the link above will help you find the correct version for the version of ASA you are running.
    once you have loaded the DM, on the ASA you need to configure
    http server enable
    http 0 0 inside

    This will give all hosts on the inside network access to the DM (you can restrict which IPs you want to give access to)

    Now, from your machine that has access, open a browser and point to https://ASA_IP

    You should now have GUI access to your ASA.

    Now under Wizards, you should have a way to setup Remote access VPN. Just enter all the information in the wizard all the way to the end. It should configure a working remote access VPN setup for you
    LVL 7

    Expert Comment

    What version of ASA 5505 do you have?  You said you currently have a vpn 3000 series concentrator.  Depending on the model, that will support many more simultaneous tunnels than your ASA.  If you purchased the ASA 5505 base license, it only supports 10 simultaneous IPSec tunnels and only 2 SSL vpn tunnels.  If you currently have 25 people or so logging into your concentrator, you'll need to upgrade your ASA license.  

    Also consider configuring site-to-site vpns to the remote ASAs instead of using the client vpn model (easyvpn).  EasyVPN is a non-stop pain in the rear, I don't know anyone who likes it.  Setting up site-to-site vpns is a piece of cake.  

    Answer these questions for me, and I'll reply with step-by-step commands to configure ipsec remote access, webvpn and site-to-site connections:

    (1) For remote access-vpn users, what do you want to use to authenticate them?  Certs, active directory, local user database on the ASA, radius, etc?

    (2) How many simultaneous tunnels are you expecting to see on average?

    (3) Do you expect tons of traffic through these tunnels, or just typical internet access, outlook connection to exchabnge, some file sharing, etc.

    (4) Does your ASA have the security plus upgrade license?

    (5) Do you want remote access vpn users to have access to all hosts on the LAN side of your ASA?


    Author Comment

    Texas_Billy: Thanks for your comments. Here are the answers of your questions in line by line.

    - ASA version is 8.2(1)

    - Cisco VPN 3005 concentrator: The current issue is not simultanous number of tunnels but actually the performance as almost all the remote VPN branhces having the performance issues. Basically the CPU utilization if above 95% of concentrator so probably that is causing the performance issues. Currently we have lots of branches connected via Remote VPN instead of site-to-site (LAN to LAN) and i agree that i think branches should be configured as site-to-site rather than remote vpn. And i think i would like to configure site-to-site if you can help.

    1) Authentication method: Radius server with AD intregrated

    2) probably 30 simultanous tunnels. Do you mean site-to-site tunnels or remote vpn user tunnels or all together?

    3) There will be citrix traffic and there will be some exchange / outlook traffic and printing.

    4) How can i check if it has security plus upgrade license. I dont think it has, what is this for?

    5) Yes we want remote access users to have access to all hosts. Also we wanted to use this ASA at the main office to accept site-to-site and Remote VPN tunnels.

    Also, will there be any performance issue with ASA? i believe not?


    LVL 4

    Expert Comment

    i highly recommend the asdm method. its easy to do using the user interface wizard

    Author Comment

    hi, i am trying to setup site-to-site ipsec vpn via wizard but tunnel it is not working for me. I have got 10 branches which need to setup site to site with head office, 3 of them worked fine but when some of them are not working. Not sure why, even the way i am configuring is the same of remaining sites.

    When i run packet tracer from Tools menu i get error. please help. thanks
    LVL 4

    Accepted Solution

    can you post the running config on the 2 sites that are having issues with communication.

    also, rather than using tracer, the output of debugs will be more useful

    debug crypto ipsec
    dubug crypto isakmp


    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now