Cisco VPN Client setup for Cisco ASA 5505

Answered Question
Jan 19th, 2011

Our firm has finally made the switch from Sonicwall to Cisco for our SMB clients. I have our first customer up with a solid site-to-site VPN and have configured the main office router for Cisco VPN Client connections via the VPN wizard.

When I install the VPN Client on the desktops it does not allow inputting of all options required (less you have an SSL VPN). I am assuming there is a process I am missing for exporting a connection profile that the Cisco VPN Client users can import to make their connection.

Is there any step by step guides out there for creating the connection profile file to distribute to clients?

I have this problem too.
0 votes
Correct Answer by andamani about 3 years 2 months ago

hehe.. ok..

the link below will help understanding the user guide in more detail:

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/win/user/guide/vc1.html

Regards,

Anisha

P.S.: please mark this post resolved if you feel your query is answered.

Correct Answer by andamani about 3 years 2 months ago

Hi,

The ASDM wizard is for the configuration on the ASA. That wizard will help you finish the VPN configuration on the ASA end.

You will have to define the same in the client, so that they can negotiate and connect.

Connection entry feild in the client is what you want it to be seen as on the VPN client - it can be any name

Host will be the outside ip address of the ASA.

Group options:

     name - tunnel group name same as defined on the ASA
     Password- preshared key as on ASA.

     Confirm password - same preshared key.

Once you finish this you will see the client having an entry same as connection entry. you need to click on connect over there. A prompt for username and password will come. please enter the login crendentials. VPN will connect.

You can distribute the .pcf file formed in the location mentioned in the above post. once the other client receive the .pcf, they need to import it by clicking on the tab present on  the VPN client.

Regards,

Anisha

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (5 ratings)
myersmathis Thu, 01/20/2011 - 06:56

Is there a support number for resellers, or any other documentation out there on this? I really need to get some assistance on this today.

Client unhappy.

praprama Thu, 01/20/2011 - 07:11

Hey Matthew,

When you say it does not allow you to enter all information on the client, what exactly is happening?

To import profiles to the VPN client, you need something called a .pcf file which contains all details pertaining to the connection entry. If you have one PC with the PVN client already setup, you can get the .pcf file from the install directory Profile folder and import to other client machines.

Hope that helps!!

Cheers,

Prapanch

andamani Thu, 01/20/2011 - 07:13

Hi,

Do you mean a .pcf file where in the configuration of the Connection entry, description,host, group name and group password will be present?

You can confiigure the VPN client on single pc and then copy it from C:\Program files\Cisco Systems\VPN Client\Profiles.

You can distribute this .pcf file.

Regards,

Anisha

P.S.: please mark this thread as resolved if you think your query is answered.

myersmathis Thu, 01/20/2011 - 07:24

Thanks for the reply. I figured that would be the case with the connection profile file.

When the client opens it asks for the following..

Group or Mutual Group Auth, under Group there are these options...

1.) name

2.) password

3.) confirm password

above this it asks for a host and connection entry, with description.

So when I ran the wizard in the 5505 ADSM it asked for username/password as well as pre-shared key. So I feel like I am missing something. I try entering the username/password and it connects/disconnects immediately.

Correct Answer
andamani Thu, 01/20/2011 - 07:34

Hi,

The ASDM wizard is for the configuration on the ASA. That wizard will help you finish the VPN configuration on the ASA end.

You will have to define the same in the client, so that they can negotiate and connect.

Connection entry feild in the client is what you want it to be seen as on the VPN client - it can be any name

Host will be the outside ip address of the ASA.

Group options:

     name - tunnel group name same as defined on the ASA
     Password- preshared key as on ASA.

     Confirm password - same preshared key.

Once you finish this you will see the client having an entry same as connection entry. you need to click on connect over there. A prompt for username and password will come. please enter the login crendentials. VPN will connect.

You can distribute the .pcf file formed in the location mentioned in the above post. once the other client receive the .pcf, they need to import it by clicking on the tab present on  the VPN client.

Regards,

Anisha

myersmathis Thu, 01/20/2011 - 07:37

I am aware of the ADSM being for the CIsco unit. I am an old PIX user and have read through the manual.

You input though is very helpful. I did not know a second prompt would appear for the username/password, now all seems much more complete. I will give it a try.

myersmathis Thu, 01/20/2011 - 07:52

Now I have forgotten my preshared key. LOL. Is it safe to re-run the wizard or is there a place to reset the preshared key?

andamani Thu, 01/20/2011 - 08:07

do you have access to the CLI of the ASA.

if yes, enter the command  more system:running-config | b tunnel-group. you will see the pre-shared key.

If not you can go to the ASDM >Configuration > Remote Access VPN > Network Client Access > IPSec Connection profile > Select the VPN connection Profile > Edit and change the pre-shared key.

Regards,

Anisha

P.S.: Please mark this thread resolved if you feel your query is answered

Actions

Login or Register to take actions

This Discussion

Posted January 19, 2011 at 2:35 PM
Stats:
Replies:9 Avg. Rating:5
Views:15981 Votes:0
Shares:0
Tags: client, vpn, asa, 5505
+
Categories: ASA
+

Related Content

Discussions Leaderboard