Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1898
Views
0
Helpful
4
Replies

Replacing Cisco VPN 3030 with Cisco ASA 5550

dharmendra2shah
Level 1
Level 1

‎09-27-2010 05:13 AM

We are replacing Cisco vpn 3030 Concentrator with Cisco ASA 5550. We are not going to use SSL vpn . We are only going to use IPSec vpn. We have 2 types of IPSec VPN Clients in the field. Software vpn clients (Ver: 5.0.05). & Hardware vpn clients are ASA 5505 (configure with easy vpn ).

I am able to configure & test software vpn client by configuring connection profiles, group policies etc with our new vpn concentrator (ASA 5550).

I am not able to configure & test hardware vpn client (ASA 5505) with Cisco ASA 5550 being the vpn concentrator. It should be noted that easy vpn hardware client is configured as NEM (network extension mode) and the users sitting behind the hardware vpn client authenticate to RSA Secure id server using RSA tokens.

It is the authentication part which is not working as expected. I am able to establish the VPN tunnel between the EZvpn client and VPN Concentrator. The easy vpn group name / password and user name / password are stored locally on the VPN Concentrator. But the users sitting behind hardware vpn are not able to authenticate to the RSA server. Instead they are authenticating to local database.

I want to configure the vpn concentrator (ASA 5550) in such a way that the hardware vpn client should authenticate to local database of vpn concentrator but the users sitting behind should be able to authenticate  to RSA secure ID server using RSA tokens.

This is the way it is configured on our old VPN Concentrator (Cisco 3030) today. Hardware clients being VPN 3002.

I am not able to find any documents on Cisco’s web site which explains our scenario. Will need help in configuring the vpn concentrator.

Labels:
0 Helpful
4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎10-26-2010 10:08 AM

Hi,

I see this thread is quite old but unanswered.

Did you get a reply for this?

Do you refer to authenticating username as part of xauth or authenticating users over established VPN tunnel.

Let me know which feature it was on VPN concentrator and I'll try to dig up parity feature.

Marcin

0 Helpful

dharmendra2shah
Level 1
Level 1
In response to Marcin Latosiewicz

‎10-26-2010 10:16 AM

Hi Marcin,

I did not get a response from anyone. However I did opened a TAC case with Cisco and after doing a lot of research we found out that we are hitting bug id "CSCtf79521". They requested me to put PER (Product Enhancement Request) which I already did but nothing has been done so far.

Dharmendra

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to dharmendra2shah

‎10-26-2010 11:11 AM

Dharmendra,

DId you already make contact with your account team o Cisco side to start prioritizing this?

This is an enhencement request and the business unit is not going to integrate this unless there will be a business case built for it.

Marcin

0 Helpful

dharmendra2shah
Level 1
Level 1
In response to Marcin Latosiewicz

‎10-26-2010 11:56 AM

Yes we are working with our account manager to prioritize this request.

Ds

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents