Solved

Cisco clientless client to site VPN

Posted on 2013-05-23
7
818 Views
Last Modified: 2013-05-28
Dear experts,

Is there any way to setup a clientless vpn tunnel between an Windows 7 / 8 computer and a ASA 5505 with ASA 8.45 and ASDM 6.45?
I have seen anyconnect. but it still installs some kind of anyconnect client which is downloaded automatically throught the portal after logging in.
Is there a way to use the Windows VPN for example to establish a connection with a 5505?

tips are welcome! also some documentation or setup videos would be great.

thanks in advance.

Robin
0
Comment
Question by:javelinict
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39190237
Yes, here a sample config

ip local pool clientVPNpool 192.168.1.1-192.168.1.254 mask 255.255.255.0
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 wins-server value x.x.x.x
 dns-server value x.x.x.x
 vpn-tunnel-protocol IPSec l2tp-ipsec
 default-domain value YOUR.DOMAIN
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group DefaultRAGroup general-attributes
 address-pool ClientVPNpool
 default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 authentication ms-chap-v2
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 39190244
Clientless VPN and AnyConnect are two different things

AnyConnect uses SSL/HTTPS that is installed from a portal or from a .msi file
Clientless VPN requires a premium licence and lets you connect to the same portal and access resources on the corporate LAN, that is not the same as a traditional VPN, you can have things like 'smart tunnels' to connect their outlook to Exchange. But ultimately if you want a client to site VPN then use a client, if you don't want to install a client, use PPTP or SSTP to a server instead.

Pete
0
 

Author Comment

by:javelinict
ID: 39190311
That's the problem i do not have a pptp or sstp server in the local area network configured.
which means that when i want to create a traditional VPN connection i'm required to use a client?
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 18

Expert Comment

by:fgasimzade
ID: 39190321
You can Windows VPN client to connect to ASA
0
 

Author Comment

by:javelinict
ID: 39190601
Dear fgasimzade,

I can't see any authenciation settings in you script.
Just copy paste? and how further?

Is there any documentation for this configuration?

thanks in advance.

Robin
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 100 total points
ID: 39190616
You would also need to create a username on ASA:

conf t
username bob password Qwerty123
sysopt connection permit-ipsec

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml


The above config is for Cisco VPN client, it is identical to windows client, except one thing here:

 crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport - Windows needs mode transport here
0
 

Author Closing Comment

by:javelinict
ID: 39200698
thanks this did the trick for me!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
Is your computer hacked? learn how to detect and delete malware in your PC
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question