[c-nsp] VPN clients on Cisco ASA

Ryan West rwest at zyedge.com
Mon Jul 27 08:57:01 EDT 2009


Hello again Kiran,

I think you should take a quick read through the following link.  You can use the ASDM Remote Access VPN wizard to configure most of the settings and if you're interested in doing it via CLI, that's also an option.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

In particular, the options you have asked are all covered in the doc except for split-tunneling, at least the associated output in CLI.  You'll want to configure that inside the group policy you create from the link above.  Here is an example:

group-policy mygrouppolicyname attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value <ACL Here>

Let me know how it works out for you.

-ryan

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Oddiraju, Kiran @ London SMC
Sent: Monday, July 27, 2009 8:33 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] VPN clients on Cisco ASA

Hi List,

 

Cisco ASA 5505

Cisco VPN Client 5.0

ASA External IP: 80.90.100.117 /29

Internal range: 192.168.0.0 /24

 

I am new to Cisco ASA world and have been struggling to configure my
5505 to accept VPN connections from external hosts. I want to allocate
IP address dynamically, allow access to certain subnets and allow
internet access thru their local connection. Can someone please post me
a sample ASA config?

 

Thanks guys

 

Regards,

Kiran


CB Richard Ellis Limited, Registered Office: St Martin's Court, 
10 Paternoster Row, London, EC4M 7HP, registered in England and Wales No. 3536032. 
Regulated by the RICS and an appointed representative of CB Richard Ellis 
Indirect Investment Services Limited which is authorised and regulated by the Financial Services Authority.

This communication is from CB Richard Ellis Limited or one of its 
associated/subsidiary companies. This communication contains information 
which is confidential and may be privileged. If you are not the intended recipient, 
please contact the sender immediately. Any use of its contents is strictly prohibited 
and you must not copy, send or disclose it, or rely on its contents in any way whatsoever. 
Reasonable care has been taken to ensure that this communication 
(and any attachments or hyperlinks contained within it) is free from computer viruses. 
No responsibility is accepted by CB Richard Ellis Limited or its associated/subsidiary 
companies and the recipient should carry out any appropriate virus checks.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list