Link to home
Create AccountLog in
Avatar of javelinict
javelinictFlag for Netherlands

asked on

Cisco clientless client to site VPN

Dear experts,

Is there any way to setup a clientless vpn tunnel between an Windows 7 / 8 computer and a ASA 5505 with ASA 8.45 and ASDM 6.45?
I have seen anyconnect. but it still installs some kind of anyconnect client which is downloaded automatically throught the portal after logging in.
Is there a way to use the Windows VPN for example to establish a connection with a 5505?

tips are welcome! also some documentation or setup videos would be great.

thanks in advance.

Robin
Avatar of fgasimzade
fgasimzade
Flag of Azerbaijan image

Yes, here a sample config

ip local pool clientVPNpool 192.168.1.1-192.168.1.254 mask 255.255.255.0
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 wins-server value x.x.x.x
 dns-server value x.x.x.x
 vpn-tunnel-protocol IPSec l2tp-ipsec
 default-domain value YOUR.DOMAIN
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group DefaultRAGroup general-attributes
 address-pool ClientVPNpool
 default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 authentication ms-chap-v2
Clientless VPN and AnyConnect are two different things

AnyConnect uses SSL/HTTPS that is installed from a portal or from a .msi file
Clientless VPN requires a premium licence and lets you connect to the same portal and access resources on the corporate LAN, that is not the same as a traditional VPN, you can have things like 'smart tunnels' to connect their outlook to Exchange. But ultimately if you want a client to site VPN then use a client, if you don't want to install a client, use PPTP or SSTP to a server instead.

Pete
Avatar of javelinict

ASKER

That's the problem i do not have a pptp or sstp server in the local area network configured.
which means that when i want to create a traditional VPN connection i'm required to use a client?
You can Windows VPN client to connect to ASA
Dear fgasimzade,

I can't see any authenciation settings in you script.
Just copy paste? and how further?

Is there any documentation for this configuration?

thanks in advance.

Robin
ASKER CERTIFIED SOLUTION
Avatar of fgasimzade
fgasimzade
Flag of Azerbaijan image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
thanks this did the trick for me!