Windows 2003 VPN to an ASA

Unanswered Question
Oct 15th, 2009

I have a Windows server that runs a network monitoring tool that I need to monitor devices behind a few ASA's. Is there a way I can setup VPN connections to each firewall that will stay up like a site-to-site connection? This will need to be done in a way that is autonomous in case of a network outage, of firewall/server reboot.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Thu, 10/15/2009 - 13:44

I would suggest you to use a router/ASA/PIX which is in front of Windows server to setup vpn connection.

Herbert Baerten Sun, 10/18/2009 - 12:24

Yes, in theory you can configure L2L tunnels between Windows and an ASA.

On the ASA side you configure it just like any other L2L tunnel.

For the Windows side, check the Microsoft documentation (e.g.

In practice however there is an interoperability issue:

CSCtb98095 L2L tunnel to Microsoft Windows interrupted at 75% of ISKAMP lifetime

Like my colleague above, I would personally recommend to terminate the tunnels on a (small) router or firewall in front of the Windows host, or on an existing router/firewall close to it.




This Discussion