We are replacing Cisco vpn 3030 Concentrator with Cisco ASA 5550. We are not going to use SSL vpn . We are only going to use IPSec vpn. We have 2 types of IPSec VPN Clients in the field. Software vpn clients (Ver: 5.0.05). & Hardware vpn clients are ASA 5505 (configure with easy vpn ).
I am able to configure & test software vpn client by configuring connection profiles, group policies etc with our new vpn concentrator (ASA 5550).
I am not able to configure & test hardware vpn client (ASA 5505) with Cisco ASA 5550 being the vpn concentrator. It should be noted that easy vpn hardware client is configured as NEM (network extension mode) and the users sitting behind the hardware vpn client authenticate to RSA Secure id server using RSA tokens.
It is the authentication part which is not working as expected. I am able to establish the VPN tunnel between the EZvpn client and VPN Concentrator. The easy vpn group name / password and user name / password are stored locally on the VPN Concentrator. But the users sitting behind hardware vpn are not able to authenticate to the RSA server. Instead they are authenticating to local database.
I want to configure the vpn concentrator (ASA 5550) in such a way that the hardware vpn client should authenticate to local database of vpn concentrator but the users sitting behind should be able to authenticate to RSA secure ID server using RSA tokens.
This is the way it is configured on our old VPN Concentrator (Cisco 3030) today. Hardware clients being VPN 3002.
I am not able to find any documents on Cisco’s web site which explains our scenario. Will need help in configuring the vpn concentrator.