Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco clientless client to site VPN

Posted on 2013-05-23
7
Medium Priority
?
822 Views
Last Modified: 2013-05-28
Dear experts,

Is there any way to setup a clientless vpn tunnel between an Windows 7 / 8 computer and a ASA 5505 with ASA 8.45 and ASDM 6.45?
I have seen anyconnect. but it still installs some kind of anyconnect client which is downloaded automatically throught the portal after logging in.
Is there a way to use the Windows VPN for example to establish a connection with a 5505?

tips are welcome! also some documentation or setup videos would be great.

thanks in advance.

Robin
0
Comment
Question by:javelinict
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39190237
Yes, here a sample config

ip local pool clientVPNpool 192.168.1.1-192.168.1.254 mask 255.255.255.0
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 wins-server value x.x.x.x
 dns-server value x.x.x.x
 vpn-tunnel-protocol IPSec l2tp-ipsec
 default-domain value YOUR.DOMAIN
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group DefaultRAGroup general-attributes
 address-pool ClientVPNpool
 default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 authentication ms-chap-v2
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39190244
Clientless VPN and AnyConnect are two different things

AnyConnect uses SSL/HTTPS that is installed from a portal or from a .msi file
Clientless VPN requires a premium licence and lets you connect to the same portal and access resources on the corporate LAN, that is not the same as a traditional VPN, you can have things like 'smart tunnels' to connect their outlook to Exchange. But ultimately if you want a client to site VPN then use a client, if you don't want to install a client, use PPTP or SSTP to a server instead.

Pete
0
 

Author Comment

by:javelinict
ID: 39190311
That's the problem i do not have a pptp or sstp server in the local area network configured.
which means that when i want to create a traditional VPN connection i'm required to use a client?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Expert Comment

by:fgasimzade
ID: 39190321
You can Windows VPN client to connect to ASA
0
 

Author Comment

by:javelinict
ID: 39190601
Dear fgasimzade,

I can't see any authenciation settings in you script.
Just copy paste? and how further?

Is there any documentation for this configuration?

thanks in advance.

Robin
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 400 total points
ID: 39190616
You would also need to create a username on ASA:

conf t
username bob password Qwerty123
sysopt connection permit-ipsec

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml


The above config is for Cisco VPN client, it is identical to windows client, except one thing here:

 crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport - Windows needs mode transport here
0
 

Author Closing Comment

by:javelinict
ID: 39200698
thanks this did the trick for me!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question