Cisco VPN :: Configure ASA5505 As VPN Client
Apr 23, 2013
I did some searching and the answers said it was supposedly possible but no info on how to do it. I am wondering if it is possible to configure a Cisco ASA 5505/10/20 to be a client to an existing (in this case) cisco client vpn. The reasons why are complicated (and imo irrelevant) but basically I need to be able to make a small network that can be on this vpn rather than individual machines.The client vpn is a basic IPSec over UDP Cisco VPN to an ASA5505.So how would I configure another ASA to connect to this like its a client?
View 3 Replies
ADVERTISEMENT
Jul 5, 2011
I need to configure our ASA5505 firewall for remote access to our network using EasyVPN software installed on a laptop. That laptop will be connected in the different places, using DSL or 3G toggle or Public Wi-Fi. For some people it's very easy, but I don't have any experience with firewalls.
View 9 Replies
View Related
Nov 17, 2011
Completly new to Cisco ASA and need to get this working ASAP.ASA 5505 8.4(1) is the secondary FW and I need for it to allow everything going out and block everything coming in but for the VPN clients. Since a Cisco moron, I used the ASDM and it's wizards to make this work, which might explain my situation.
[code]....
My Cisco VPN Client connects to the ASA and receives 10.10.101.1 IP address, but I get no connectivity to the ASA or any other 192.168.101.x server or service (tried telnet, RDP, ping, etc.)
View 2 Replies
View Related
Dec 12, 2012
, I have ipsec vpn setup on an asa5505 at one of my office locations but when I try to log in to the vpn with the vpn client it just dont work but I have a Linux laptop with vpnc loaded and that connects just fine no problems there ? by the way on my windows system i Have vpn client 5.0.07 asa5505 8.0.(4) asdm 6.1.(3)
View 5 Replies
View Related
Apr 12, 2011
I want to set up our ASA5505 firewall to allow access from the Cisco VPN Client software.I have nstalled the client software then tried using the VPN wizard to set up the connection without success, I am running Windows 7 32 bit and Cisco client 5.0.03.0530. [code]
View 22 Replies
View Related
Jul 20, 2011
I installed on 2 different PCs (Win7 64-bit) the Cisco VPN Client 5.0.07 with the same VPN profile for 2 different users. We use an ASA5505 (8.0(5) sec plus license) as the VPN end point for the clients. The VPN Clients can connect simultaneously to the ASA, they receive the split tunnel infos but only ONE client can ping the internal network ip range. The other one has no access to the internal resources! When they separately try to connect, there is no problem. Each of them can reach the internal net.On other 2 PCs (Win 7 32-bit) the clients have no problem reaching the internal net (simultaneously connect).
View 0 Replies
View Related
Sep 18, 2011
I have just purchased and setup a vpn on my ASA5505 and now I wish to setup a Windows VPN client to use it. Does CISCO have any free vpn clients for Windows?I tried to download a client from the CISCO downloads area, but it's for some kind of purchase agreement. I would have thought that the vpn client was free to download given my ASA comes with two free vpn licenses.
View 5 Replies
View Related
Oct 4, 2011
when it comes to IOS based SSL VPN setup, so have run into an issue which I can't seem to find an answer for.
What i'm after is a way to restrict access to an AnyConnect authenticated and connected client, on a specific profile, to a list of specific websites (all on the Intranet). Everything else must be blocked.
On the IOS device, I had it fudged to pretty much retstrict access to a certain IP and port, and used a mod rewrite in Apache to re-write a URL from that IP to the host the site actually resided on. It's cludged together and working, but it's not ideal (and it's not going to allow for scaling up to what I need).
I can find plenty of references here and on the net to using regex to create block lists based on a global policy to disallow specific URLS, but I need the inverse of that, and, only applied to a specific policy group.
Is this possible on an ASA5505? Is it possible on *any* ASA?
View 11 Replies
View Related
Feb 24, 2011
I use VPN Client 5.0.06.0110 to connect my home computer to my office, which has an ASA5505. If my immediate network connection to the PC client is lost while the VPN is active, I get a BSOD. There's no problem if my DSL drops or a cable beyond my router is unplugged. It only (and always) fails if the network cable to the PC running the VPN Client is diconnected (or if my router loses power) while the link is connected.
View 6 Replies
View Related
Feb 1, 2012
I have a PCF file that works fine on Windows XP. The tunnel to the ASA5505 comes up, and I can ping my server at 10.1.1.2.
I take the same PCF file and put it on a Windows 7 machine client version 5.0.07.0440 and the tunnel comes up. But I'm unable to ping my 10.1.1.2 server.
Does something in the pcf file need to change for this version of the client?
View 1 Replies
View Related
May 24, 2011
I am working with an ASA5505. I have configured a Remote Access IPsec Connection profile. This profile is configured to give clients a virtual ip address via DHCP as shown in this configuration example: url...When the DHCP request is sent from the ASA to the DHCP server, the hostname in the request is set to the name of the IPsec connection profile and a number. Is it possible to have the hostname set to the host name of the client that initiated the connection?Does the ASA support receiving a hostname as part of a IKE Mode Config Request?
View 9 Replies
View Related
Mar 24, 2013
I've deployed AnyConnect on Windows 7 clients, and they are throwing this message after few days of usage: "The VPN client driver has encountered an error."
-Version: anyconnect-win-2.4.0202-web-deploy-k9
-OS: Windows 7 Pro 64-bit
-FW: ASA 5505
What seems to fix it:
1. Uninstall Any Connect Client then,
2. Remove C:UsersUserAppDataLocalCisco folder
View 4 Replies
View Related
May 28, 2012
We have an internal DNS server that all internal hosts do lookups to .. these requests are forwarded onto open dns for anything the dns server isnt authoritative for.. My question is we have purchased the botnet filter and this requires the asa5505 dns client to be active on at least one interface .. Should i point the asa dns to an external IP such as 8.8.8.8 and apply DNS enabled on interface outside ( am using asdm) I don't want the ASA to control DNS for our internal clients we already have a internal server for this, i DO want the asa5505 to check dns packets against its botnet filter, whilst still using open dns for forwarding.
View 1 Replies
View Related
Jul 28, 2011
I have the below configuration for a cisco asa 5505. There is a ADSL router in front of the ASA which has a static IP. I set up a remote-access VPN (using the wizard), but I cannot connect to the ASA firewall as the attached VPN client log shows. My only concern is that there might be something missing, ie a static route that goes to the inside interface. [code]
View 7 Replies
View Related
Sep 28, 2011
We have two sites connect with an IPSec L2L VPN.
-Site A: 192.168.13.0/24
-Site B: 192.168.2.0/24
On both sites we have a ASA5505(Base license) to terminate the tunnel.On Site B we also got a remote access vpn to which we can connect using the vpn client.The lan2lan tunnel works fine and so the remote access vpn.Now i want to connect to Site A using my vpn client connected to Site B. [code] There are no vpn-filters or other special policys in place..If tried to ping from my vpn client to Site A while i was debugging ipsec 255 on site B: the asa matched the l2l-tunnel for traffic sourced from 192.168.25.x to 192.168.13.x but when im doing a show crypto ipsec sa detail there are no packets getting encrypted..so of course no packets reaching my asa on site a.
View 9 Replies
View Related
Jun 20, 2011
I have a XP workstation behind my ASA that can not connect to a client's network via Cisco VPN Client using IPSec...
In the logs it shows the translation is working on 500 but the VPN Client has the error 412, that the client is not responding.
Config below
ASA Version 8.2(1)!hostname RWFW1enable password encryptedpasswd encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0!interface Vlan2nameif outsidesecurity-level 0ip address x.x.x.x
[Code].....
View 16 Replies
View Related
Nov 2, 2011
EasyVPN PIX515 server and ASA5505 client?
View 4 Replies
View Related
May 28, 2011
inside network----ASA5505========internet===========Remote VPN client.
The ASA has one public IP on its outside interface and using PAT to the internet. It only has two interfaces, inside and outside using vlan. I created a IPSec VPN through CLI. My goal is for the remote client to browse the Internet throught tunnel.
Q1: Is it possible?
Q2: The remote side gets connected and has IP from the pool, with is part of inside network. But it cannot ping anything, including the gateway, which is the inside interface. I debug it, it shows the ASA receives the ping packages, but it doesnt send anything back to the client.
View 5 Replies
View Related
Jun 22, 2010
I have just configured a ASA5505 running 8.2.2 as a webvpn server for clientless VPN connections.
I need to setup a particular bookmark for a RDP session which forces the use of the java client for those who can't seem to get the ActiveX control working for some reason or another (virus scanners/firewalls/scerutiy policies etc).
I created a bookmark as follows, but it always tries to connect with the ActiveX control first when logging on from an IE client.
rdp://192.168.1.1/?force_java=yes
View 14 Replies
View Related
Jun 10, 2013
I currently have my 5505 setup for AnyConnect SSL VPN connections. Is it possible to also configure the 5505 for IPSec VPN connections? So, essentially my ASA will be capable of running SSL and IPSec VPN tunnels, concurrently.
View 2 Replies
View Related
Dec 20, 2011
I have a asa 5505 Sec plus with 3vlan, inside, outside and dmz.
On the outside i have 5 ip's for my use, and in the dmz i have a webserver that need to communicate with one sql server on the inside.
The "sql" also needs to be accessible from outside and thus has a static nat with a dynamic nat so it replies from same ip as on nat ie 72.72.72.5 webserver is natted with 72.72.72.6
sql inside ip is 192.168.1.2, gw 192.168.1.1
webserver ip is 192.168.2.100 gw 192.168.2.1
sec lvl on inside is 100 and on dmz 50
with a dynamic policy running inside-net/24 to dmz-network/24 translagt to dmz 192.168.2.2 i can get it to ping 1 way from inside to dmz, but not the other way around...
All i need is to open 1 port ie 6677 both ways for this communication to work.
I'm not very familiar with the CLI and do most stuf in GUI (know i should learn CLI, but time doesnt let me)...
on access rules i have just added everything from any to any using , ip, icmp, tcp and udp just to be sure... :-)
View 47 Replies
View Related
Dec 12, 2010
i tried to configured L2TP connection on ASA5505.Phase 1 and Phase 2 are completed but Windows Client doesn't work. [code]
View 4 Replies
View Related
Sep 1, 2012
We are finding the price for ASA 5505 to high and our clients are having problem securing budgets for these devices. We don't want to move to different vendors and we have a team of people we already know Cisco well.I have seen Cisco router 877 which have the ipadvance ios, is this the same as the ASA5505.We would like to offer our clients an alternative to ASA5505, but something which can do the same as a edge device but also protect the client from malicious attacks and has CLI.
View 1 Replies
View Related
Oct 29, 2012
I ve configures an asa 5505 for remote vpn with anyconnect. it works just fíne - from remote i can ping the Clients and Server inside, i can do RDP or Connect via SSH to any machine, map some volumes local and so on but: I can not connect microsoft sql server. It uses port 1433 for the first connect and establishes then a dynamic connection. So i am a Newbie - what rules or configs do i miss?
View 3 Replies
View Related
Nov 1, 2012
I have an ASA 5505 with 3 host license.I want to configure 2 outside interfaces and have inside interface. The outside interface going to a separate ISP.Will this work or do I need more licences?
View 3 Replies
View Related
May 14, 2012
how to configure AnyConnect on an ASA5505, but I wanted to check before to make sure I was going the right direction.
Setup: I have a very simple setup and basic goal. I currently just have one laptop on E0/1 of my ASA5505 and then the ASA configured with a static IP plugged to the Internet. I have the ASA correctly configured and can browse the web through the laptop. I also have the AnyConnect and AnyConnect Mobile licenses as well.
Goal: I want to set up AnyConnect on the ASA5505 and just establish a successful connection from an android mobile device running the necessary AnyConnect software from the market.
There are lots of guides for specifc set ups, but as described, I want to keep this as simple as possible.
[URL]
Also, I'm more comfortable with the CLI. Is it simpler to use the ASDM wizard for this?
View 2 Replies
View Related
Apr 18, 2011
When using the connect to the internet wizard in SBS 2008 (CTIW) the server comes back with an error that it cannot communicate with the router.Are there any settings that need to be configured in the ASA 5505 to allow communications with SBS 2008 using Exchange Server 2007? I am using ASDM 5.2 at this time.
View 3 Replies
View Related
Aug 1, 2011
Is it possible to configure bridge mode in asa 5505 if it is can u provide me a config.
View 1 Replies
View Related
Mar 13, 2011
We have several branch offices that only have a Cisco ASA 5505 connecting clients to the Internet, our main office and other networks. Some of the branch offices uses Site-to-Site VPN to connect to our main Office, other uses a VPN-service delivered by our ISP.
The networking is working fine, but we are having problems with figuring out how to handle dns lookups. I see that the ASA DNS Client can use conditional DNS forwarding, but it cannot act as a DNS server for our clients on the inside network.
We want to do the following:
- Default dns quires should use the DNS servers for the site's local ISP (some sites also uses dual ISP, so we are using DNS1 and DNS2)
- The domain name: company.local should use our main office DNS server (acces by Site-to-Site VPN or our ISP's VPN)
- The domain name: sitea.company.local should use our SiteA DNS server (acces by Site-to-Site VPN or our ISP's VPN)
etc...
We have solved the issue by using Windows DNS server's conditional forwarding for the branch offices that has a local Windows 2008 domain controller.
our branch office's that only have a Cisco ASA 5505 Security Applience?
View 3 Replies
View Related
May 16, 2011
I just started at a new company and they want to use iphones in place of blackberry's, what a surprise. We have a exchange server and blackberry enterprise server. My question is how do I configure the cisco ASA to allow for iphone vpn connection and start replacing our blackberry's.
View 1 Replies
View Related
May 12, 2013
I have configured a Cisco ASA 5505 to allow VPN access from outside to my LAN using Cisco VPN Client software. The connection is establishing properly with the ip address from my VPNPool. From outside (on VPN connection) I can ping the interface e0/0 (outside) and the interface e0/1 (inside) of the firewall, but I cannot ping the layer 3 switch interface to which the ASA is connected ( int gi1/0/22 ip address 192.168.1.2/30 ) and I cannot ping any vlan interfaces inside my switch. Therefore, I cannot connect to any server on my internal LAN. I am available at any time if further information is needed. find attached my ASA config.
View 7 Replies
View Related
Sep 14, 2012
I have an ASA 5505 running 8.4.4.1. I've configured three WAN interfaces and have assigned failover on one of them (we have two ISP's, and a total of 3 static IP's in 3 different subnets). I've noticed that all the traffic is flowing through only one of the three interfaces, but I need to allow incoming https traffic on the second WAN port so I can access our Exchange server (we already use https on the first WAN port to access another server).
[code] WAN1 is the default outgoing route and we've configured several incoming services on it (smtp and https for example) and appears to be working properly as mail is coming and going and users can access the RDS gateway.I need to configure WAN2 to accept https traffic and send it to our Exchange server to enable OWA (webmail) access.I've configured the same Access and NAT rules on all three WAN interfaces for smtp (but I suspect only the first one is currently functioning at this point, I'll test it next chance I get). I thought all I'd have to do is configure an access and NAT entry on WAN2 (same as on WAN1), but direct the traffic to the OWA server instead of the rds gateway server, but it is not working.
In the realtime log I can see that it appears to be receiving the traffic on the WAN2 IP, but seems to be passing this through to the inside via the WAN1 interface.
View 5 Replies
View Related
Apr 18, 2012
How to configure this setup.I have an ASA5505 with dual wan failover, FiOS (eth0) & Cable (eth1). how to configure the port forwarding for all my devices so it doesn't matter what external interface the traffic is coming from. For example, I need web traffic on port 80 forwarded to 192.168.1.150 regardless of whether it is coming through eth0 or eth1.
View 2 Replies
View Related
