Solved

ASA 5505 to ISA 2006 VPN

Posted on 2010-09-16
8
1,186 Views
Last Modified: 2012-05-10
Having trouble setting up a site-to-site VPN between a cisco ASA 5505 firewall and Microsoft ISA 2006.  Can someone please point me to some instructions that aren't for a pix but for an ASA?
0
Comment
Question by:Siroonian
  • 4
  • 3
8 Comments
 
LVL 5

Expert Comment

by:shirkan
ID: 33699203
Try this one http://blog.eternalnetworx.com/2008/12/29/isa-2006-site-to-site-vpn-with-cisco/

it says Cisco Pix, but its version 7 which is 95% like the ASA except for interface configuration.

It should get you up and running. if you run a higher version on teh ASA, you just have different looking screens, the names of the attributes are still the same, just compare them and you will be alright
0
 

Author Comment

by:Siroonian
ID: 33701288
I tried following that tutorial before posting my question and I could not get it working.  The problem is the ASA vpn wizard is completely different from the pix.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 33704288
Just a hint:
Common problem for VPN between or in combination with cisco is GRE. I guess you have to anable this in the cisco box to work correctly with ISA.
0
 
LVL 5

Expert Comment

by:shirkan
ID: 33704524
which version are you running on your ASA, maybe i can help you go through the wizard.
The tutorial is from a very early version Pix7 and ASA are not that different. but the wizard changed ALOT since 7.0
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 5

Expert Comment

by:shirkan
ID: 33704544
What kind of VPN are you trying to establish?
IPSEC or PPTP?
0
 

Author Comment

by:Siroonian
ID: 33720409
I was trying to setup IPSEC vpn but I would prefer to setup PPTP.
0
 
LVL 5

Accepted Solution

by:
shirkan earned 500 total points
ID: 33723527
Hi, to my knowledge Cisco ASA supports only PPTP passthrough or VPN Client connections, not site 2 site.
IPSec is the better choice.
The ASDM wizard for ipsec i quite simple.
Here are the steps:
"Site2Site"
As the VPN Tunnel interface select the one that is your WAN connection (e.g. outside, but depends on what you named it)
Select the checkbox "Enable inbound ........"
NEXT
The peer ip is the public ip address for the other side, probably the ISA in this case
enter a key of your choice - the longer the better, verify what special chars the ISA can use if you use them, cause that key must be the same on the ASA and the ISA
NEXT
Select the encryption, the prefered choice is AES256 and SHA, DH 2 or 5 is fine, it depends on what the iSA can do, probably have to stick with 3DES. THe important thing is that both sides have the same encryption (phase1/isakmp that is)
NEXT
THis is Phase 2/IPSEC, again select your encryption, best to match what you did with Phase 1, but deselect PFS (checkbox) cause with different vendors it can cause problems. you can always add it later if you must.
NEXT
Now the LOCAL network is the network you want to tunnel. E.g. if your LAN is 192.168.100.0 then you would select you inside network. If you want to tunnel your DMZ then of course enter that. The remote network simply is the other side where you want to go, e.g. the other LAN Network, just type that in or select if its already there to be selected.
The exempt depends on your interface and correlates to what you just selected at LOCAL NETWORKS.
Select the interface according to that. Usually if its your LAN its inside (or whatever name u have given it)
NEXT and FINISH - you are done.
On the ISA Server this should be basically the same, they may do it in different steps and screens but this is all the stuff you need for IPSEC VPNs.
Hope this helped
0
 

Author Closing Comment

by:Siroonian
ID: 33724967
The only thing that you mentioned that I was not doing was de-selecting PFS.  Apparently that made a big difference because everything is working now.  Thank You.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Access shared drive during VPN session 9 100
Cisco Routers 17 82
Client VPN to same subnet as source 16 55
Available cert SBS2008 for L2TP /IPSec 4 30
I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now