[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 828
  • Last Modified:

Cisco clientless client to site VPN

Dear experts,

Is there any way to setup a clientless vpn tunnel between an Windows 7 / 8 computer and a ASA 5505 with ASA 8.45 and ASDM 6.45?
I have seen anyconnect. but it still installs some kind of anyconnect client which is downloaded automatically throught the portal after logging in.
Is there a way to use the Windows VPN for example to establish a connection with a 5505?

tips are welcome! also some documentation or setup videos would be great.

thanks in advance.

Robin
0
javelinict
Asked:
javelinict
  • 3
  • 3
1 Solution
 
fgasimzadeCommented:
Yes, here a sample config

ip local pool clientVPNpool 192.168.1.1-192.168.1.254 mask 255.255.255.0
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 wins-server value x.x.x.x
 dns-server value x.x.x.x
 vpn-tunnel-protocol IPSec l2tp-ipsec
 default-domain value YOUR.DOMAIN
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group DefaultRAGroup general-attributes
 address-pool ClientVPNpool
 default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 authentication ms-chap-v2
0
 
Pete LongTechnical ConsultantCommented:
Clientless VPN and AnyConnect are two different things

AnyConnect uses SSL/HTTPS that is installed from a portal or from a .msi file
Clientless VPN requires a premium licence and lets you connect to the same portal and access resources on the corporate LAN, that is not the same as a traditional VPN, you can have things like 'smart tunnels' to connect their outlook to Exchange. But ultimately if you want a client to site VPN then use a client, if you don't want to install a client, use PPTP or SSTP to a server instead.

Pete
0
 
javelinictAuthor Commented:
That's the problem i do not have a pptp or sstp server in the local area network configured.
which means that when i want to create a traditional VPN connection i'm required to use a client?
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
fgasimzadeCommented:
You can Windows VPN client to connect to ASA
0
 
javelinictAuthor Commented:
Dear fgasimzade,

I can't see any authenciation settings in you script.
Just copy paste? and how further?

Is there any documentation for this configuration?

thanks in advance.

Robin
0
 
fgasimzadeCommented:
You would also need to create a username on ASA:

conf t
username bob password Qwerty123
sysopt connection permit-ipsec

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml


The above config is for Cisco VPN client, it is identical to windows client, except one thing here:

 crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport - Windows needs mode transport here
0
 
javelinictAuthor Commented:
thanks this did the trick for me!
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now