1

We have a few people that travel (sales reps) and when they are out of the office they need to be able to VPN in. We have an ASA5505 with Security+ and unlimited users. This restricts us to 25 VPN clients and 2 SSL VPN clients.

I have followed a few walkthroughs (as well as going through the VPN connection wizard) and I'm unable to get it to connect directly into our network.

Does anyone have a good walkthrough that goes through how to get this setup? I need to do the standard VPN users and we will be using windows VPN client to login.

Thanks!

Lbaker101
  • 309
  • 2
  • 8
  • 18

1 Answers1

1

Can you post (sanitizing sensitive details) the config you have now?

To answer in the generic, the main points you'll need to hit for client access VPN:

  • Configure your webvpn block to enable on the needed interface
  • Create an ip local pool for the VPN users
  • Create a group-policy controlling the protocol and tunneling mode, and setting DNS servers
  • Create a tunnel-group assigning the IP pool and group policy
  • Create NAT exemptions as needed to allow traffic to pass to the outside interface bound for the VPN clients without hitting an internet NAT
  • Configure authentication to allow for the users to log in to service-type remote-access
Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • I'm not showing a good way to send my current config. Basically i'm trying to set the router as controlling the VPN connections vs a server. For testing i have allowed all traffic through the ASA firewall and routed all trafic (nat rule) from the external IP address (ISP) to the internal interface of the data network. I have gone through the IPsec VPN wizard and setup login. I am using windows 7's VPN client. When trying to connect the router gives a "Inbounc TCP connection denied from (origin external IP) to (VPN external IP) flags syn on interface (ISP interface) – Lbaker101 Sep 08 '11 at 19:41