Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
2
Replies

Newbie, really confused about clients

srroeder
Level 1
Level 1

‎02-04-2009 06:15 AM - edited ‎03-11-2019 07:45 AM

Hi , I set and installed a ASA 5530 to replace our aging PIX. Now I am trying to use it to replace out old Nortel IPSEC based VPN concentrator. I want to use the Cisco IPSEC vpn client. When I install it I do not see anywhere to specify or use a username and password. Just a group name and password. What am I missing? I didn't want to purchase SSL licenses, just simply use the IPSEC client with local authentication to username and password. Thanks in advance for any help.

Steve

Labels:
0 Helpful
2 Replies 2

celiocarreto
Level 1
Level 1

‎02-04-2009 07:07 AM

Hi,

after successfull connect you will be asked for username and password.

If you don't get this window you have to check the Phase 1 and 2 parameters on the ASA.

this is a template for asa ans client VPN. Replace all $....

ip local pool USER $VPN_POOL_START-$VPN_POOL_END

access-list NO-NAT-INSIDE extended permit ip $INSIDE-IP $INSIDE-MASK $VPN_POOL_IP $VPN_POOL_NETMASK

access-list SPLIT-TUNNEL-USER extended permit ip $INSIDE-IP $INSIDE-MASK $VPN_POOL_IP $VPN_POOL_NETMASK

nat (inside) 0 access-list NO-NAT-INSIDE

crypto ipsec transform-set MYSET esp-3des esp-md5-hmac

crypto dynamic-map DYNMAP 10 set transform-set MYSET

crypto dynamic-map DYNMAP 10 set reverse-route

crypto map MYMAP 1000 ipsec-isakmp dynamic DYNMAP

crypto map MYMAP interface outside

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp nat-traversal 20

group-policy USER internal

group-policy USER attributes

vpn-idle-timeout none

vpn-session-timeout none

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SPLIT-TUNNEL-USER

default-domain value $DOMAIN

tunnel-group USER type ipsec-ra

tunnel-group USER general-attributes

address-pool USER

default-group-policy USER

tunnel-group USER ipsec-attributes

pre-shared-key $GROUP_PASSWD

username $USER1 password $USER1_PASSWD

username $USER1 attributes

vpn-group-policy USER

group-lock value USER

Regards, Celio

0 Helpful

srroeder
Level 1
Level 1
In response to celiocarreto

‎02-04-2009 07:56 AM

Thank you Celio, I set up a group with key and I now have that part working. Can I ask you another question. I have some managers that would like to use, or try to test, the CSD, Cisco Secure Desktop, When I go into ASDM and check the option to turn on CSD it is then activated for all SSL connections. Is this by default? Can I create different groups or profiles so that some clients using AnyConnect can just connect and some users can get the CSD? Is this possible?

Thanks

Steve

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card