I have taken over the IT work for a company that has a Cisco ASA 5505 in place for allowing off-site VPN access to their Windows network. They have a Windows Server 2000 domain currently. When I took over this network, I noticed that the VPN user names lined up with the user names on the Windows 2000 domain; however, recently I have added a new user to the domain and configured it exactly the same (on the Windows domain server) as another user. I cannot use this new user name to access the Cisco VPN.
I now have access to the Cisco ASA 5505 appliance but I don't have any users configured for VPN access. As far as I can tell, they are still able to access their VPN connections as they always have. But I am not able to add a new VPN user currently.
Can anyone give me any clues on what I am looking for to get a new VPN client setup on this ASA? In addition, we are in planning to update their server to Windows 2012 (or 2008 at the very least) and I will need to know how to get the clients moved over to the new server.
You could have either external authentication to the Windows server as your AAA authentication method or local authentication that has the same usernames. In the case of the former, you could also have group membership as a condition of VPN access.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...