Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Client Access VPN in ASA

Hi, I have a project that needs to provide my vendor VPN client access. Here are the simple requirements.

1. They want to use just group name/password in Cisco clients without being prompted for username/password because they'll have an automated script using .PCF file that I'll provide to them.

2. They only want limited access to one server 192.168.1 51 via ports 1433, 135 and 445.

Here is the short config but this config doesn't meet the requirements. Please tell me how to modify this to meet two requirements.

ASA 7(2)1

interface ethernet0

ip address

nameif outside

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 43200

isakmp enable outside

ip local pool testpool

username testuser password 12345678

crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

tunnel-group testgroup type ipsec-ra

tunnel-group testgroup general-attributes

address-pool testpool

tunnel-group testgroup ipsec-attributes

pre-shared-key xxx

crypto dynamic-map dyn1 1 set transform-set FirstSet

crypto dynamic-map dyn1 1 set reverse-route

crypto map mymap 1 ipsec-isakmp dynamic dyn1

crypto map mymap interface outside

New Member

Re: Client Access VPN in ASA

I forgot to mention one more requirement.

This vendor only come in through this IP. (Real IP)