[c-nsp] VPN clients on Cisco ASA

Oddiraju, Kiran @ London SMC Kiran.Oddiraju at cbre.com
Tue Jul 28 10:01:27 EDT 2009


Hi Guys,

Appreciate your help on this. Have tried the VPN Wizard and the CLI
config from the below link but still no luck. The Cisco VPN client tries
to connect and after for a few seconds shows Not Connected. I think it
is an ACL issue but I am not 100% sure. I have attached the running
config, could someone please take a look?

Many thanks,
Kiran

-----Original Message-----
From: Ryan West [mailto:rwest at zyedge.com]
Sent: 27 July 2009 13:57
To: Oddiraju, Kiran @ London SMC; cisco-nsp at puck.nether.net
Subject: RE: VPN clients on Cisco ASA

Hello again Kiran,

I think you should take a quick read through the following link.  You
can use the ASDM Remote Access VPN wizard to configure most of the
settings and if you're interested in doing it via CLI, that's also an
option.

http://www.cisco.com/en/US/products/ps6120/products_configuration_exampl
e09186a008060f25c.shtml

In particular, the options you have asked are all covered in the doc
except for split-tunneling, at least the associated output in CLI.
You'll want to configure that inside the group policy you create from
the link above.  Here is an example:

group-policy mygrouppolicyname attributes  split-tunnel-policy
tunnelspecified  split-tunnel-network-list value <ACL Here>

Let me know how it works out for you.

-ryan

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Oddiraju, Kiran
@ London SMC
Sent: Monday, July 27, 2009 8:33 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] VPN clients on Cisco ASA

Hi List,

 

Cisco ASA 5505

Cisco VPN Client 5.0

ASA External IP: 80.90.100.117 /29

Internal range: 192.168.0.0 /24

 

I am new to Cisco ASA world and have been struggling to configure my
5505 to accept VPN connections from external hosts. I want to allocate
IP address dynamically, allow access to certain subnets and allow
internet access thru their local connection. Can someone please post me
a sample ASA config?

 

Thanks guys

 

Regards,

Kiran


CB Richard Ellis Limited, Registered Office: St Martin's Court, 10
Paternoster Row, London, EC4M 7HP, registered in England and Wales No.
3536032. 
Regulated by the RICS and an appointed representative of CB Richard
Ellis Indirect Investment Services Limited which is authorised and
regulated by the Financial Services Authority.

This communication is from CB Richard Ellis Limited or one of its
associated/subsidiary companies. This communication contains information
which is confidential and may be privileged. If you are not the intended
recipient, please contact the sender immediately. Any use of its
contents is strictly prohibited and you must not copy, send or disclose
it, or rely on its contents in any way whatsoever. 
Reasonable care has been taken to ensure that this communication (and
any attachments or hyperlinks contained within it) is free from computer
viruses. 
No responsibility is accepted by CB Richard Ellis Limited or its
associated/subsidiary companies and the recipient should carry out any
appropriate virus checks.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

CB Richard Ellis Limited, Registered Office: St Martin's Court, 
10 Paternoster Row, London, EC4M 7HP, registered in England and Wales No. 3536032. 
Regulated by the RICS and an appointed representative of CB Richard Ellis 
Indirect Investment Services Limited which is authorised and regulated by the Financial Services Authority.

This communication is from CB Richard Ellis Limited or one of its 
associated/subsidiary companies. This communication contains information 
which is confidential and may be privileged. If you are not the intended recipient, 
please contact the sender immediately. Any use of its contents is strictly prohibited 
and you must not copy, send or disclose it, or rely on its contents in any way whatsoever. 
Reasonable care has been taken to ensure that this communication 
(and any attachments or hyperlinks contained within it) is free from computer viruses. 
No responsibility is accepted by CB Richard Ellis Limited or its associated/subsidiary 
companies and the recipient should carry out any appropriate virus checks.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: CUCMASA config.txt
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090728/ebec8be8/attachment-0001.txt>


More information about the cisco-nsp mailing list