Solved

Cisco clientless client to site VPN

Posted on 2013-05-23
7
813 Views
Last Modified: 2013-05-28
Dear experts,

Is there any way to setup a clientless vpn tunnel between an Windows 7 / 8 computer and a ASA 5505 with ASA 8.45 and ASDM 6.45?
I have seen anyconnect. but it still installs some kind of anyconnect client which is downloaded automatically throught the portal after logging in.
Is there a way to use the Windows VPN for example to establish a connection with a 5505?

tips are welcome! also some documentation or setup videos would be great.

thanks in advance.

Robin
0
Comment
Question by:javelinict
  • 3
  • 3
7 Comments
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39190237
Yes, here a sample config

ip local pool clientVPNpool 192.168.1.1-192.168.1.254 mask 255.255.255.0
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 wins-server value x.x.x.x
 dns-server value x.x.x.x
 vpn-tunnel-protocol IPSec l2tp-ipsec
 default-domain value YOUR.DOMAIN
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group DefaultRAGroup general-attributes
 address-pool ClientVPNpool
 default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 authentication ms-chap-v2
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39190244
Clientless VPN and AnyConnect are two different things

AnyConnect uses SSL/HTTPS that is installed from a portal or from a .msi file
Clientless VPN requires a premium licence and lets you connect to the same portal and access resources on the corporate LAN, that is not the same as a traditional VPN, you can have things like 'smart tunnels' to connect their outlook to Exchange. But ultimately if you want a client to site VPN then use a client, if you don't want to install a client, use PPTP or SSTP to a server instead.

Pete
0
 

Author Comment

by:javelinict
ID: 39190311
That's the problem i do not have a pptp or sstp server in the local area network configured.
which means that when i want to create a traditional VPN connection i'm required to use a client?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 18

Expert Comment

by:fgasimzade
ID: 39190321
You can Windows VPN client to connect to ASA
0
 

Author Comment

by:javelinict
ID: 39190601
Dear fgasimzade,

I can't see any authenciation settings in you script.
Just copy paste? and how further?

Is there any documentation for this configuration?

thanks in advance.

Robin
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 100 total points
ID: 39190616
You would also need to create a username on ASA:

conf t
username bob password Qwerty123
sysopt connection permit-ipsec

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml


The above config is for Cisco VPN client, it is identical to windows client, except one thing here:

 crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport - Windows needs mode transport here
0
 

Author Closing Comment

by:javelinict
ID: 39200698
thanks this did the trick for me!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now