Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Newbie, really confused about clients

Hi , I set and installed a ASA 5530 to replace our aging PIX. Now I am trying to use it to replace out old Nortel IPSEC based VPN concentrator. I want to use the Cisco IPSEC vpn client. When I install it I do not see anywhere to specify or use a username and password. Just a group name and password. What am I missing? I didn't want to purchase SSL licenses, just simply use the IPSEC client with local authentication to username and password. Thanks in advance for any help.

Steve

2 REPLIES
New Member

Re: Newbie, really confused about clients

Hi,

after successfull connect you will be asked for username and password.

If you don't get this window you have to check the Phase 1 and 2 parameters on the ASA.

this is a template for asa ans client VPN. Replace all $....

ip local pool USER $VPN_POOL_START-$VPN_POOL_END

access-list NO-NAT-INSIDE extended permit ip $INSIDE-IP $INSIDE-MASK $VPN_POOL_IP $VPN_POOL_NETMASK

access-list SPLIT-TUNNEL-USER extended permit ip $INSIDE-IP $INSIDE-MASK $VPN_POOL_IP $VPN_POOL_NETMASK

nat (inside) 0 access-list NO-NAT-INSIDE

crypto ipsec transform-set MYSET esp-3des esp-md5-hmac

crypto dynamic-map DYNMAP 10 set transform-set MYSET

crypto dynamic-map DYNMAP 10 set reverse-route

crypto map MYMAP 1000 ipsec-isakmp dynamic DYNMAP

crypto map MYMAP interface outside

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp nat-traversal 20

group-policy USER internal

group-policy USER attributes

vpn-idle-timeout none

vpn-session-timeout none

split-tunnel-policy tunnelspecified

split-tunnel-network-list value SPLIT-TUNNEL-USER

default-domain value $DOMAIN

tunnel-group USER type ipsec-ra

tunnel-group USER general-attributes

address-pool USER

default-group-policy USER

tunnel-group USER ipsec-attributes

pre-shared-key $GROUP_PASSWD

username $USER1 password $USER1_PASSWD

username $USER1 attributes

vpn-group-policy USER

group-lock value USER

Regards, Celio

New Member

Re: Newbie, really confused about clients

Thank you Celio, I set up a group with key and I now have that part working. Can I ask you another question. I have some managers that would like to use, or try to test, the CSD, Cisco Secure Desktop, When I go into ASDM and check the option to turn on CSD it is then activated for all SSL connections. Is this by default? Can I create different groups or profiles so that some clients using AnyConnect can just connect and some users can get the CSD? Is this possible?

Thanks

Steve

100
Views
0
Helpful
2
Replies