• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1206
  • Last Modified:

ASA 5505 to ISA 2006 VPN

Having trouble setting up a site-to-site VPN between a cisco ASA 5505 firewall and Microsoft ISA 2006.  Can someone please point me to some instructions that aren't for a pix but for an ASA?
0
Siroonian
Asked:
Siroonian
  • 4
  • 3
1 Solution
 
Markus BraunCEOCommented:
Try this one http://blog.eternalnetworx.com/2008/12/29/isa-2006-site-to-site-vpn-with-cisco/

it says Cisco Pix, but its version 7 which is 95% like the ASA except for interface configuration.

It should get you up and running. if you run a higher version on teh ASA, you just have different looking screens, the names of the attributes are still the same, just compare them and you will be alright
0
 
SiroonianAuthor Commented:
I tried following that tutorial before posting my question and I could not get it working.  The problem is the ASA vpn wizard is completely different from the pix.
0
 
BembiCEOCommented:
Just a hint:
Common problem for VPN between or in combination with cisco is GRE. I guess you have to anable this in the cisco box to work correctly with ISA.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Markus BraunCEOCommented:
which version are you running on your ASA, maybe i can help you go through the wizard.
The tutorial is from a very early version Pix7 and ASA are not that different. but the wizard changed ALOT since 7.0
0
 
Markus BraunCEOCommented:
What kind of VPN are you trying to establish?
IPSEC or PPTP?
0
 
SiroonianAuthor Commented:
I was trying to setup IPSEC vpn but I would prefer to setup PPTP.
0
 
Markus BraunCEOCommented:
Hi, to my knowledge Cisco ASA supports only PPTP passthrough or VPN Client connections, not site 2 site.
IPSec is the better choice.
The ASDM wizard for ipsec i quite simple.
Here are the steps:
"Site2Site"
As the VPN Tunnel interface select the one that is your WAN connection (e.g. outside, but depends on what you named it)
Select the checkbox "Enable inbound ........"
NEXT
The peer ip is the public ip address for the other side, probably the ISA in this case
enter a key of your choice - the longer the better, verify what special chars the ISA can use if you use them, cause that key must be the same on the ASA and the ISA
NEXT
Select the encryption, the prefered choice is AES256 and SHA, DH 2 or 5 is fine, it depends on what the iSA can do, probably have to stick with 3DES. THe important thing is that both sides have the same encryption (phase1/isakmp that is)
NEXT
THis is Phase 2/IPSEC, again select your encryption, best to match what you did with Phase 1, but deselect PFS (checkbox) cause with different vendors it can cause problems. you can always add it later if you must.
NEXT
Now the LOCAL network is the network you want to tunnel. E.g. if your LAN is 192.168.100.0 then you would select you inside network. If you want to tunnel your DMZ then of course enter that. The remote network simply is the other side where you want to go, e.g. the other LAN Network, just type that in or select if its already there to be selected.
The exempt depends on your interface and correlates to what you just selected at LOCAL NETWORKS.
Select the interface according to that. Usually if its your LAN its inside (or whatever name u have given it)
NEXT and FINISH - you are done.
On the ISA Server this should be basically the same, they may do it in different steps and screens but this is all the stuff you need for IPSEC VPNs.
Hope this helped
0
 
SiroonianAuthor Commented:
The only thing that you mentioned that I was not doing was de-selecting PFS.  Apparently that made a big difference because everything is working now.  Thank You.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now