04-06-2012 08:28 AM
What I have:
-ASA 5505 basic license 8.43 and ADSM,
-need for one external user to have full access to the inside network. Users home IP is dynamic and travels a lot as well (windows OS)
-disk from IT containing the following bit and pieces
( anyconnect-EnableFIPs-win-3.0.5080 / anyconnect macosx-i386-2.5.3055-k9.pkg / zipfile named anyconnect-win-vpnapi-2.5.3055 / vpnclient-win-msi-5.0.07.0410-k9 / asa843-k8 / asdm-647 / c3750-ipbasek9-mz.122-55.SE5 / c3750-ipservicek9-mz.122-55.SE5 )
( the zip file created folder with subfolders: examples, include, lib and a bunch of files doxygen, apis etc...... )
Questions:
(1) What are my options given the above for the external user??
(2) Currently I administer ASA via adsm https or ssh. I would like to administer via an Ipsec to Ipsec tunnel from a zyxel USG 100.
-Is it possible to administer the ASA via a VPN tunnel to the router (not to any specific inside or dmz interface)?
-If so, do I tunnel and use https and ssh through the tunnel?
04-07-2012 01:37 AM
Alex,
This question at this time is academic - do you have a license for VPN users???? How many VPN Peers does your current license contain??
To answer your other questions:-
1) This is based on your license
2)
a) Yes
b) Yes
HTH>
04-07-2012 04:46 AM
Yes I have a license which has something like two SSL VPN users and 10 ipsec users. (basic). i have attached a jpeg fromthe license page for detail............
04-07-2012 07:00 AM
Vpnclient-win & AnyConnect-win & client less spl VPN.
hth
04-07-2012 11:36 AM
By anyconnect-win... does this include the variation where you need to download the .pkg file and the router pushes it to the client. ???
For the ipsec to ipsec connection from me the admin to the asa itself (and not to the inside lan), what do I put for interfaces or local stuff on the asa side (as I am not identifying a subnet I want to access ??)
04-07-2012 12:26 PM
The .pkg will install on the remote end computer. With the "win" in the name - the remote end must be a Windows OS.
Read the below link - it has configuration examples that answer all your questions.
http://www.cisco.com/en/US/customer/products/ps6120/prod_configuration_examples_list.html
HTH>
04-07-2012 02:06 PM
hmm that link doesnt open for me?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide