Remote User VPN - ASA 5505 and Client 5.0.02

Discussion in 'Cisco' started by TimParker, Jan 16, 2009.

  1. TimParker

    TimParker Guest

    Can anyone point me to some references for how to set up a Remote User
    Connection using the above HW? I have the ASA up and running beside
    our existing Watchguard FW and am attempting to get it set up to
    accept a connection from my laptop running this version of the
    client.

    We have our internal network 192.168.16.X. I believe I heard/read
    somewhere that I need a different pool than my internal LAN for the
    VPN Clients. I haven't found anything concrete that says this. The
    users will be using either their home high speed connection or a
    remote connection through a partner office. Do I need to set up
    objects with all external IPs to allow just them to VPN in?

    I am not sure of what rules I need to set up to allow this and what
    network objects I need to set up and the best way. When I am done I
    will have about 15 remote users that I will be setting up.

    I am not sure if I am to the point of needing to post a config, I need
    to figure out what to really sanitize it. My last job we had a support
    company that we threw these things to. I am now working at a non-
    profit and am doing things on my own by reading and hitting the
    groups.

    I appreciate any help that anyone can give me.

    Tim
     
    TimParker, Jan 16, 2009
    #1
    1. Advertisements

  2. TimParker

    Morph Guest

    In the message
    <>
    TimParker wrote:

    | Can anyone point me to some references for how to set up a Remote User
    | Connection using the above HW? I have the ASA up and running beside
    | our existing Watchguard FW and am attempting to get it set up to
    | accept a connection from my laptop running this version of the
    | client.
    |
    | We have our internal network 192.168.16.X. I believe I heard/read
    | somewhere that I need a different pool than my internal LAN for the
    | VPN Clients. I haven't found anything concrete that says this. The
    | users will be using either their home high speed connection or a
    | remote connection through a partner office. Do I need to set up
    | objects with all external IPs to allow just them to VPN in?
    |
    | I am not sure of what rules I need to set up to allow this and what
    | network objects I need to set up and the best way. When I am done I
    | will have about 15 remote users that I will be setting up.
    |
    | I am not sure if I am to the point of needing to post a config, I need
    | to figure out what to really sanitize it. My last job we had a support
    | company that we threw these things to. I am now working at a non-
    | profit and am doing things on my own by reading and hitting the
    | groups.
    |
    | I appreciate any help that anyone can give me.

    Connect to the ASA using ASDM (or web interface).
    Then there is a VPN remote access wizard that makes it very easy to
    setup remote access using a VPN client.
     
    Morph, Jan 17, 2009
    #2
    1. Advertisements

  3. TimParker

    TimParker Guest

    I have done that. But when I go back in there now, it shows the site
    to site and remote access wizard options and at the bottom it shows a
    message:

    "only new VPN connections can be crated using this wizard. To edit an
    existing configuration, switch to the feature mode and select VPN."

    I must be dense, but what do they mean by "feature mode?"

    I get the following entries now when I try connect. the 1.2.3.4 is my
    home IP address that was changed, but it is correct in the log. My
    guess is my rules are not set up properly.


    6 Jan 18 2009 04:07:16 106015 Tim_Home ASA_5505 Deny TCP (no
    connection) from Tim_Home/49321 to ASA_5505/10000 flags ACK on
    interface outside


    4 Jan 18 2009 04:07:16 713903 Group = DefaultRAGroup, IP = 1.2.3.4 ,
    Error: Unable to remove PeerTblEntry

    3 Jan 18 2009 04:07:16 713902 Group = DefaultRAGroup, IP = 1.2.3.4,
    Removing peer from peer table failed, no match!
     
    TimParker, Jan 18, 2009
    #3
  4. TimParker

    TimParker Guest

    Nevermind. Got it connected. Now I just have to write some rules to
    allow me to access stuff! Thanks for the help.

    Tim
     
    TimParker, Jan 18, 2009
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.