Step By Step Guide To Setup Remote Access VPN In Cisco ASA5500 Firewall With Cisco ASDM

1. Check Cisco firewall ASA version

Make sure you have ASA 8.2.2 and up. You cannot connect your Windows clients if you have ASA 8.2.1 because of the Cisco software bug.

2. Start Cisco firewall IPsec VPN Wizard

Login to your Cisco firewall ASA5500 ASDM and go to Wizard > IPsec VPN Wizard ... and follow up the screens.

2.1 In "VPN Tunnel Type", choose "Remote Access"

From the drop-down list, choose "Outside" as the enabled interface for the incoming VPN tunnels. Keep the box checked,"Enable inbound IPSec sessions to bypass interface access lists. Group policy and per-user authorization access lists still apply to the traffic."

2.2 In Remote Access Client, Check "Microsoft Windows client using L2TP over IPSec"

Check "MS-CHAP-V1" and "MS-CHAP-V2" as PPP authentication protocol.

2.3 Choose "Pre-shared Key" for VPN Client Authentication Method

Pre-shared key must be the same for the firewall and client side.

2.4 Authenticate remote users using local device user database

2.5 Add new user into the user authentication database

You will use this username and password to connect in the client side.

2.6 Add address pool

Create a pool of local addresses to be used for assigning dynamic IP addresses to remote VPN clients. You can use to (may depends on your internal network).

2.7 Leave empty for attributes pushed to the client

2.8 Default for IKE Policy

3DES encryption & SHA authentication and Diffie Hellman Group 2.

2.9 Default for IPSec Settings

Uncheck "Enable split channeling ..." and uncheck "Perfect Forwarding Secrecy(PFS)"

2.10 Verify the summary information and click "Finish" button

3. Add Transform Set

Go to Configuration > Remote Access VPN > Network (Client) Access > Advanced > IPSec > Crypto Maps. Edit the IPSec rules and add "TRANS_ESP_3DES_SHA" and click "Ok" button.

Save the running configuration to flash and all done.

Other Resources

  1. L2TP Over IPsec Between Windows 2000/XP PC and PIX/ASA 7.2 Using Pre-shared Key Configuration Example
  2. How to configure an L2TP/IPSec connection by using Preshared Key Authentication
  3. Step By Step Guide To Setup Windows 7/Vista VPN Client to Remote Access Cisco ASA5500 Firewall
  4. Step By Step Guide To Setup Windows XP/2000 VPN Client to Remote Access Cisco ASA5500 Firewall


Other Knowledgebase Articles

Free Shared Hosting

# of Domains: 1
# of SQL Server Databases: 1
Disk Space: 5GB
Bandwidth: Unmetered
SQL Server 2014
Monthly: $0.00
More Information About Free Shared SQL Hosting Plan

Free Hyper-V Server

Dedicated Memory:1GB
Disk Space: 25GB SSD
Bandwidth: Unmetered
Windows 2012 R2/2008 R2: Free
Monthly: $0.00
More Information About Free Windows Hyper-V Server

Dedicated SQL Server

CPU: Quad-Core Xeon X3440
Disk: 2x120GB SSD
Bandwidth: 100Mbps Unmetered
Windows 2012/2008: Free
Monthly: $79.00
More Information About Unlimited Dedicated SQL Server
SQL Server Hosting | ASP.NET Hosting | DotNetNuke Hosting | Windows VPS Hosting | Dedicated SQL Server Hosting | Dedicated Windows Server Hosting