We are replacing Cisco vpn 3030 Concentrator with Cisco ASA 5550. We are not going to use SSL vpn . We are only going to use IPSec vpn. We have 2 types of IPSec VPN Clients in the field. Software vpn clients (Ver: 5.0.05). & Hardware vpn clients are ASA 5505 (configure with easy vpn ).
I am able to configure & test software vpn client by configuring connection profiles, group policies etc with our new vpn concentrator (ASA 5550).
I am not able to configure & test hardware vpn client (ASA 5505) with Cisco ASA 5550 being the vpn concentrator. It should be noted that easy vpn hardware client is configured as NEM (network extension mode) and the users sitting behind the hardware vpn client authenticate to RSA Secure id server using RSA tokens.
It is the authentication part which is not working as expected. I am able to establish the VPN tunnel between the EZvpn client and VPN Concentrator. The easy vpn group name / password and user name / password are stored locally on the VPN Concentrator. But the users sitting behind hardware vpn are not able to authenticate to the RSA server. Instead they are authenticating to local database.
I want to configure the vpn concentrator (ASA 5550) in such a way that the hardware vpn client should authenticate to local database of vpn concentrator but the users sitting behind should be able to authenticateto RSA secure ID server using RSA tokens.
This is the way it is configured on our old VPN Concentrator (Cisco 3030) today. Hardware clients being VPN 3002.
I am not able to find any documents on Cisco’s web site which explains our scenario. Will need help in configuring the vpn concentrator.
I did not get a response from anyone. However I did opened a TAC case with Cisco and after doing a lot of research we found out that we are hitting bug id "CSCtf79521". They requested me to put PER (Product Enhancement Request) which I already did but nothing has been done so far.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :