Solved

ASA 5505 to ISA 2006 VPN

Posted on 2010-09-16
8
1,185 Views
Last Modified: 2012-05-10
Having trouble setting up a site-to-site VPN between a cisco ASA 5505 firewall and Microsoft ISA 2006.  Can someone please point me to some instructions that aren't for a pix but for an ASA?
0
Comment
Question by:Siroonian
  • 4
  • 3
8 Comments
 
LVL 5

Expert Comment

by:shirkan
ID: 33699203
Try this one http://blog.eternalnetworx.com/2008/12/29/isa-2006-site-to-site-vpn-with-cisco/

it says Cisco Pix, but its version 7 which is 95% like the ASA except for interface configuration.

It should get you up and running. if you run a higher version on teh ASA, you just have different looking screens, the names of the attributes are still the same, just compare them and you will be alright
0
 

Author Comment

by:Siroonian
ID: 33701288
I tried following that tutorial before posting my question and I could not get it working.  The problem is the ASA vpn wizard is completely different from the pix.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 33704288
Just a hint:
Common problem for VPN between or in combination with cisco is GRE. I guess you have to anable this in the cisco box to work correctly with ISA.
0
 
LVL 5

Expert Comment

by:shirkan
ID: 33704524
which version are you running on your ASA, maybe i can help you go through the wizard.
The tutorial is from a very early version Pix7 and ASA are not that different. but the wizard changed ALOT since 7.0
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 5

Expert Comment

by:shirkan
ID: 33704544
What kind of VPN are you trying to establish?
IPSEC or PPTP?
0
 

Author Comment

by:Siroonian
ID: 33720409
I was trying to setup IPSEC vpn but I would prefer to setup PPTP.
0
 
LVL 5

Accepted Solution

by:
shirkan earned 500 total points
ID: 33723527
Hi, to my knowledge Cisco ASA supports only PPTP passthrough or VPN Client connections, not site 2 site.
IPSec is the better choice.
The ASDM wizard for ipsec i quite simple.
Here are the steps:
"Site2Site"
As the VPN Tunnel interface select the one that is your WAN connection (e.g. outside, but depends on what you named it)
Select the checkbox "Enable inbound ........"
NEXT
The peer ip is the public ip address for the other side, probably the ISA in this case
enter a key of your choice - the longer the better, verify what special chars the ISA can use if you use them, cause that key must be the same on the ASA and the ISA
NEXT
Select the encryption, the prefered choice is AES256 and SHA, DH 2 or 5 is fine, it depends on what the iSA can do, probably have to stick with 3DES. THe important thing is that both sides have the same encryption (phase1/isakmp that is)
NEXT
THis is Phase 2/IPSEC, again select your encryption, best to match what you did with Phase 1, but deselect PFS (checkbox) cause with different vendors it can cause problems. you can always add it later if you must.
NEXT
Now the LOCAL network is the network you want to tunnel. E.g. if your LAN is 192.168.100.0 then you would select you inside network. If you want to tunnel your DMZ then of course enter that. The remote network simply is the other side where you want to go, e.g. the other LAN Network, just type that in or select if its already there to be selected.
The exempt depends on your interface and correlates to what you just selected at LOCAL NETWORKS.
Select the interface according to that. Usually if its your LAN its inside (or whatever name u have given it)
NEXT and FINISH - you are done.
On the ISA Server this should be basically the same, they may do it in different steps and screens but this is all the stuff you need for IPSEC VPNs.
Hope this helped
0
 

Author Closing Comment

by:Siroonian
ID: 33724967
The only thing that you mentioned that I was not doing was de-selecting PFS.  Apparently that made a big difference because everything is working now.  Thank You.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now