Newbie, really confused about clients

Unanswered Question
Feb 4th, 2009
User Badges:

Hi , I set and installed a ASA 5530 to replace our aging PIX. Now I am trying to use it to replace out old Nortel IPSEC based VPN concentrator. I want to use the Cisco IPSEC vpn client. When I install it I do not see anywhere to specify or use a username and password. Just a group name and password. What am I missing? I didn't want to purchase SSL licenses, just simply use the IPSEC client with local authentication to username and password. Thanks in advance for any help.


Steve

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
celiocarreto Wed, 02/04/2009 - 07:07
User Badges:

Hi,


after successfull connect you will be asked for username and password.

If you don't get this window you have to check the Phase 1 and 2 parameters on the ASA.


this is a template for asa ans client VPN. Replace all $....


ip local pool USER $VPN_POOL_START-$VPN_POOL_END


access-list NO-NAT-INSIDE extended permit ip $INSIDE-IP $INSIDE-MASK $VPN_POOL_IP $VPN_POOL_NETMASK


access-list SPLIT-TUNNEL-USER extended permit ip $INSIDE-IP $INSIDE-MASK $VPN_POOL_IP $VPN_POOL_NETMASK


nat (inside) 0 access-list NO-NAT-INSIDE


crypto ipsec transform-set MYSET esp-3des esp-md5-hmac


crypto dynamic-map DYNMAP 10 set transform-set MYSET

crypto dynamic-map DYNMAP 10 set reverse-route


crypto map MYMAP 1000 ipsec-isakmp dynamic DYNMAP

crypto map MYMAP interface outside


crypto isakmp identity address

crypto isakmp enable outside


crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400


crypto isakmp nat-traversal 20


group-policy USER internal

group-policy USER attributes

vpn-idle-timeout none

vpn-session-timeout none

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SPLIT-TUNNEL-USER

default-domain value $DOMAIN


tunnel-group USER type ipsec-ra

tunnel-group USER general-attributes

address-pool USER

default-group-policy USER

tunnel-group USER ipsec-attributes

pre-shared-key $GROUP_PASSWD


username $USER1 password $USER1_PASSWD

username $USER1 attributes

vpn-group-policy USER

group-lock value USER



Regards, Celio

srroeder Wed, 02/04/2009 - 07:56
User Badges:

Thank you Celio, I set up a group with key and I now have that part working. Can I ask you another question. I have some managers that would like to use, or try to test, the CSD, Cisco Secure Desktop, When I go into ASDM and check the option to turn on CSD it is then activated for all SSL connections. Is this by default? Can I create different groups or profiles so that some clients using AnyConnect can just connect and some users can get the CSD? Is this possible?


Thanks


Steve

Actions

This Discussion