«

Can anyone point me to some references for how to set up a Remote User
Connection using the above HW? I have the ASA up and running beside
our existing Watchguard FW and am attempting to get it set up to
accept a connection from my laptop running this version of the
client.

We have our internal network 192.168.16.X. I believe I heard/read
somewhere that I need a different pool than my internal LAN for the
VPN Clients. I haven't found anything concrete that says this. The
users will be using either their home high speed connection or a
remote connection through a partner office. Do I need to set up
objects with all external IPs to allow just them to VPN in?

I am not sure of what rules I need to set up to allow this and what
network objects I need to set up and the best way. When I am done I
will have about 15 remote users that I will be setting up.

I am not sure if I am to the point of needing to post a config, I need
to figure out what to really sanitize it. My last job we had a support
company that we threw these things to. I am now working at a non-
profit and am doing things on my own by reading and hitting the
groups.

I appreciate any help that anyone can give me.

Tim

In the message
<977f3a39-fcf8-496b-ba32->
TimParker wrote:

| Can anyone point me to some references for how to set up a Remote User
| Connection using the above HW? I have the ASA up and running beside
| our existing Watchguard FW and am attempting to get it set up to
| accept a connection from my laptop running this version of the
| client.
|
| We have our internal network 192.168.16.X. I believe I heard/read
| somewhere that I need a different pool than my internal LAN for the
| VPN Clients. I haven't found anything concrete that says this. The
| users will be using either their home high speed connection or a
| remote connection through a partner office. Do I need to set up
| objects with all external IPs to allow just them to VPN in?
|
| I am not sure of what rules I need to set up to allow this and what
| network objects I need to set up and the best way. When I am done I
| will have about 15 remote users that I will be setting up.
|
| I am not sure if I am to the point of needing to post a config, I need
| to figure out what to really sanitize it. My last job we had a support
| company that we threw these things to. I am now working at a non-
| profit and am doing things on my own by reading and hitting the
| groups.
|
| I appreciate any help that anyone can give me.

Connect to the ASA using ASDM (or web interface).
Then there is a VPN remote access wizard that makes it very easy to
setup remote access using a VPN client.

I have done that. But when I go back in there now, it shows the site
to site and remote access wizard options and at the bottom it shows a
message:

"only new VPN connections can be crated using this wizard. To edit an
existing configuration, switch to the feature mode and select VPN."

I must be dense, but what do they mean by "feature mode?"

I get the following entries now when I try connect. the 1.2.3.4 is my
home IP address that was changed, but it is correct in the log. My
guess is my rules are not set up properly.


6 Jan 18 2009 04:07:16 106015 Tim_Home ASA_5505 Deny TCP (no
connection) from Tim_Home/49321 to ASA_5505/10000 flags ACK on
interface outside


4 Jan 18 2009 04:07:16 713903 Group = DefaultRAGroup, IP = 1.2.3.4 ,
Error: Unable to remove PeerTblEntry

3 Jan 18 2009 04:07:16 713902 Group = DefaultRAGroup, IP = 1.2.3.4,
Removing peer from peer table failed, no match!



On Jan 16, 7:34*pm, Morph <morph.n...@g.m.a.i.l> wrote:
> In the message
> <977f3a39-fcf8-496b-ba32-85cd2c391...@z28g2000prd.googlegroups.com>
>
> TimParker wrote:
>
> | Can anyone point me to some references for how to set up a Remote User
> | Connection using the above HW? I have the ASA up and running beside
> | our existing Watchguard FW and am attempting to get it set up to
> | accept a connection from my laptop running this version of the
> | client.
> |
> | We have our internal network 192.168.16.X. I believe I heard/read
> | somewhere that I need a different pool than my internal LAN for the
> | VPN Clients. I haven't found anything concrete that says this. The
> | users will be using either their home high speed connection or a
> | remote connection through a partner office. Do I need to set up
> | objects with all external IPs to allow just them to VPN in?
> |
> | I am not sure of what rules I need to set up to allow this and what
> | network objects I need to set up and the best way. When I am done I
> | will have about 15 remote users that I will be setting up.
> |
> | I am not sure if I am to the point of needing to post a config, I need
> | to figure out what to really sanitize it. My last job we had a support
> | company that we threw these things to. I am now working at a non-
> | profit and am doing things on my own by reading and hitting the
> | groups.
> |
> | I appreciate any help that anyone can give me.
>
> Connect to the ASA using ASDM (or web interface).
> Then there is a VPN remote access wizard that makes it very easy to
> setup remote access using a VPN client.

Nevermind. Got it connected. Now I just have to write some rules to
allow me to access stuff! Thanks for the help.

Tim

On Jan 18, 4:11*am, TimParker <tim...@gmail.com> wrote:
> I have done that. But when I go back in there now, it shows the site
> to site and remote access wizard options and at the bottom it shows a
> message:
>
> "only new VPN connections can be crated using this wizard. To edit an
> existing configuration, switch to the feature mode and select VPN."
>
> I must be dense, but what do they mean by "feature mode?"
>
> I get the following entries now when I try connect. the 1.2.3.4 is my
> home IP address that was changed, but it is correct in the log. My
> guess is my rules are not set up properly.
>
> 6 Jan 18 2009 04:07:16 106015 Tim_Home ASA_5505 Deny TCP (no
> connection) from Tim_Home/49321 to ASA_5505/10000 flags ACK on
> interface outside
>
> 4 Jan 18 2009 04:07:16 713903 * Group = DefaultRAGroup, IP = 1.2.3.4 ,
> Error: Unable to remove PeerTblEntry
>
> 3 Jan 18 2009 04:07:16 713902 * Group = DefaultRAGroup, IP = 1.2.3.4,
> Removing peer from peer table failed, no match!
>
> On Jan 16, 7:34*pm, Morph <morph.n...@g.m.a.i.l> wrote:
>
> > In the message
> > <977f3a39-fcf8-496b-ba32-85cd2c391...@z28g2000prd.googlegroups.com>
>
> > TimParker wrote:
>
> > | Can anyone point me to some references for how to set up a Remote User
> > | Connection using the above HW? I have the ASA up and running beside
> > | our existing Watchguard FW and am attempting to get it set up to
> > | accept a connection from my laptop running this version of the
> > | client.
> > |
> > | We have our internal network 192.168.16.X. I believe I heard/read
> > | somewhere that I need a different pool than my internal LAN for the
> > | VPN Clients. I haven't found anything concrete that says this. The
> > | users will be using either their home high speed connection or a
> > | remote connection through a partner office. Do I need to set up
> > | objects with all external IPs to allow just them to VPN in?
> > |
> > | I am not sure of what rules I need to set up to allow this and what
> > | network objects I need to set up and the best way. When I am done I
> > | will have about 15 remote users that I will be setting up.
> > |
> > | I am not sure if I am to the point of needing to post a config, I need
> > | to figure out what to really sanitize it. My last job we had a support
> > | company that we threw these things to. I am now working at a non-
> > | profit and am doing things on my own by reading and hitting the
> > | groups.
> > |
> > | I appreciate any help that anyone can give me.
>
> > Connect to the ASA using ASDM (or web interface).
> > Then there is a VPN remote access wizard that makes it very easy to
> > setup remote access using a VPN client.