ASA 5505 to ISA 2006 VPN

Having trouble setting up a site-to-site VPN between a cisco ASA 5505 firewall and Microsoft ISA 2006.  Can someone please point me to some instructions that aren't for a pix but for an ASA?
Who is Participating?
Markus BraunConnect With a Mentor CEOCommented:
Hi, to my knowledge Cisco ASA supports only PPTP passthrough or VPN Client connections, not site 2 site.
IPSec is the better choice.
The ASDM wizard for ipsec i quite simple.
Here are the steps:
As the VPN Tunnel interface select the one that is your WAN connection (e.g. outside, but depends on what you named it)
Select the checkbox "Enable inbound ........"
The peer ip is the public ip address for the other side, probably the ISA in this case
enter a key of your choice - the longer the better, verify what special chars the ISA can use if you use them, cause that key must be the same on the ASA and the ISA
Select the encryption, the prefered choice is AES256 and SHA, DH 2 or 5 is fine, it depends on what the iSA can do, probably have to stick with 3DES. THe important thing is that both sides have the same encryption (phase1/isakmp that is)
THis is Phase 2/IPSEC, again select your encryption, best to match what you did with Phase 1, but deselect PFS (checkbox) cause with different vendors it can cause problems. you can always add it later if you must.
Now the LOCAL network is the network you want to tunnel. E.g. if your LAN is then you would select you inside network. If you want to tunnel your DMZ then of course enter that. The remote network simply is the other side where you want to go, e.g. the other LAN Network, just type that in or select if its already there to be selected.
The exempt depends on your interface and correlates to what you just selected at LOCAL NETWORKS.
Select the interface according to that. Usually if its your LAN its inside (or whatever name u have given it)
NEXT and FINISH - you are done.
On the ISA Server this should be basically the same, they may do it in different steps and screens but this is all the stuff you need for IPSEC VPNs.
Hope this helped
Markus BraunCEOCommented:
Try this one

it says Cisco Pix, but its version 7 which is 95% like the ASA except for interface configuration.

It should get you up and running. if you run a higher version on teh ASA, you just have different looking screens, the names of the attributes are still the same, just compare them and you will be alright
SiroonianAuthor Commented:
I tried following that tutorial before posting my question and I could not get it working.  The problem is the ASA vpn wizard is completely different from the pix.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Just a hint:
Common problem for VPN between or in combination with cisco is GRE. I guess you have to anable this in the cisco box to work correctly with ISA.
Markus BraunCEOCommented:
which version are you running on your ASA, maybe i can help you go through the wizard.
The tutorial is from a very early version Pix7 and ASA are not that different. but the wizard changed ALOT since 7.0
Markus BraunCEOCommented:
What kind of VPN are you trying to establish?
SiroonianAuthor Commented:
I was trying to setup IPSEC vpn but I would prefer to setup PPTP.
SiroonianAuthor Commented:
The only thing that you mentioned that I was not doing was de-selecting PFS.  Apparently that made a big difference because everything is working now.  Thank You.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.