topic Newbie, really confused about clients in Network Security

Newbie, really confused about clients

srroeder — Mon, 11 Mar 2019 14:45:44 GMT

Hi , I set and installed a ASA 5530 to replace our aging PIX. Now I am trying to use it to replace out old Nortel IPSEC based VPN concentrator. I want to use the Cisco IPSEC vpn client. When I install it I do not see anywhere to specify or use a username and password. Just a group name and password. What am I missing? I didn't want to purchase SSL licenses, just simply use the IPSEC client with local authentication to username and password. Thanks in advance for any help.

Steve

Re: Newbie, really confused about clients

celiocarreto — Wed, 04 Feb 2009 15:07:26 GMT

Hi,

after successfull connect you will be asked for username and password.

If you don't get this window you have to check the Phase 1 and 2 parameters on the ASA.

this is a template for asa ans client VPN. Replace all $....

ip local pool USER $VPN_POOL_START-$VPN_POOL_END

access-list NO-NAT-INSIDE extended permit ip $INSIDE-IP $INSIDE-MASK $VPN_POOL_IP $VPN_POOL_NETMASK

access-list SPLIT-TUNNEL-USER extended permit ip $INSIDE-IP $INSIDE-MASK $VPN_POOL_IP $VPN_POOL_NETMASK

nat (inside) 0 access-list NO-NAT-INSIDE

crypto ipsec transform-set MYSET esp-3des esp-md5-hmac

crypto dynamic-map DYNMAP 10 set transform-set MYSET

crypto dynamic-map DYNMAP 10 set reverse-route

crypto map MYMAP 1000 ipsec-isakmp dynamic DYNMAP

crypto map MYMAP interface outside

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp nat-traversal 20

group-policy USER internal

group-policy USER attributes

vpn-idle-timeout none

vpn-session-timeout none

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SPLIT-TUNNEL-USER

default-domain value $DOMAIN

tunnel-group USER type ipsec-ra

tunnel-group USER general-attributes

address-pool USER

default-group-policy USER

tunnel-group USER ipsec-attributes

pre-shared-key $GROUP_PASSWD

username $USER1 password $USER1_PASSWD

username $USER1 attributes

vpn-group-policy USER

group-lock value USER

Regards, Celio

Re: Newbie, really confused about clients

srroeder — Wed, 04 Feb 2009 15:56:01 GMT

Thank you Celio, I set up a group with key and I now have that part working. Can I ask you another question. I have some managers that would like to use, or try to test, the CSD, Cisco Secure Desktop, When I go into ASDM and check the option to turn on CSD it is then activated for all SSL connections. Is this by default? Can I create different groups or profiles so that some clients using AnyConnect can just connect and some users can get the CSD? Is this possible?

Thanks

Steve