Cisco Asa Remote Vpn
Páginas: 12 (2792 palabras)
Publicado: 18 de febrero de 2013
PIX/ASA as a Remote VPN Server with Extended Authentication using CLI and ASDM Configuration Example
Document ID: 68795
Contents
Introduction Prerequisites Requirements Components Used Related Products Conventions Background Information Configurations Configure the ASA/PIX as a Remote VPN Server using ASDM Configure the ASA/PIX as a Remote VPN Server using CLI Cisco VPN Client PasswordStorage Configuration Disable the Extended Authentication Verify Troubleshoot Incorrect Crypto ACL Related Information
Introduction
This document describes how to configure the Cisco 5500 Series Adaptive Security Appliance (ASA) to act as a remote VPN server using the Adaptive Security Device Manager (ASDM) or CLI. The ASDM delivers world−class security management and monitoring through anintuitive, easy−to−use Web−based management interface. Once the Cisco ASA configuration is complete, it can be verified using the Cisco VPN Client. Refer to PIX/ASA 7.x and Cisco VPN Client 4.x with Windows 2003 IAS RADIUS (Against Active Directory) Authentication Configuration Example in order to set up the remote access VPN connection between a Cisco VPN Client (4.x for Windows) and the PIX 500 SeriesSecurity Appliance 7.x. The remote VPN Client user authenticates against the Active Directory using a Microsoft Windows 2003 Internet Authentication Service (IAS) RADIUS server. Refer to PIX/ASA 7.x and Cisco VPN Client 4.x for Cisco Secure ACS Authentication Configuration Example in order to set up a remote access VPN connection between a Cisco VPN Client (4.x for Windows) and the PIX 500 SeriesSecurity Appliance 7.x using a Cisco Secure Access Control Server (ACS version 3.2) for extended authentication (Xauth).
Prerequisites
Requirements
This document assumes that the ASA is fully operational and configured to allow the Cisco ASDM or CLI to make configuration changes.
Note: Refer to Allowing HTTPS Access for ASDM or PIX/ASA 7.x: SSH on the Inside and Outside InterfaceConfiguration Example to allow the device to be remotely configured by the ASDM or Secure Shell (SSH).
Components Used
The information in this document is based on these software and hardware versions: • Cisco Adaptive Security Appliance Software Version 7.x and later • Adaptive Security Device Manager Version 5.x and later • Cisco VPN Client Version 4.x and later The information in this document wascreated from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Related Products
This configuration can also be used with Cisco PIX Security Appliance Version 7.x and later.
Conventions
Refer to Cisco Technical TipsConventions for more information on document conventions.
Background Information
Remote access configurations provide secure remote access for Cisco VPN clients, such as mobile users. A remote access VPN lets remote users securely access centralized network resources. The Cisco VPN Client complies with the IPSec protocol and is specifically designed to work with the security appliance. However,the security appliance can establish IPSec connections with many protocol−compliant clients. Refer to the ASA Configuration Guides for more information on IPSec. Groups and users are core concepts in the management of the security of VPNs and in the configuration of the security appliance. They specify attributes that determine users access to and use of the VPN. A group is a collection of userstreated as a single entity. Users get their attributes from group policies. Tunnel groups identify the group policy for a specific connections. If you do not assign a particular group policy to a users, the default group policy for the connection applies. A tunnel group consists of a set of records that determines tunnel connection policies. These records identify the servers to which the servers...
Document ID: 68795
Contents
Introduction Prerequisites Requirements Components Used Related Products Conventions Background Information Configurations Configure the ASA/PIX as a Remote VPN Server using ASDM Configure the ASA/PIX as a Remote VPN Server using CLI Cisco VPN Client PasswordStorage Configuration Disable the Extended Authentication Verify Troubleshoot Incorrect Crypto ACL Related Information
Introduction
This document describes how to configure the Cisco 5500 Series Adaptive Security Appliance (ASA) to act as a remote VPN server using the Adaptive Security Device Manager (ASDM) or CLI. The ASDM delivers world−class security management and monitoring through anintuitive, easy−to−use Web−based management interface. Once the Cisco ASA configuration is complete, it can be verified using the Cisco VPN Client. Refer to PIX/ASA 7.x and Cisco VPN Client 4.x with Windows 2003 IAS RADIUS (Against Active Directory) Authentication Configuration Example in order to set up the remote access VPN connection between a Cisco VPN Client (4.x for Windows) and the PIX 500 SeriesSecurity Appliance 7.x. The remote VPN Client user authenticates against the Active Directory using a Microsoft Windows 2003 Internet Authentication Service (IAS) RADIUS server. Refer to PIX/ASA 7.x and Cisco VPN Client 4.x for Cisco Secure ACS Authentication Configuration Example in order to set up a remote access VPN connection between a Cisco VPN Client (4.x for Windows) and the PIX 500 SeriesSecurity Appliance 7.x using a Cisco Secure Access Control Server (ACS version 3.2) for extended authentication (Xauth).
Prerequisites
Requirements
This document assumes that the ASA is fully operational and configured to allow the Cisco ASDM or CLI to make configuration changes.
Note: Refer to Allowing HTTPS Access for ASDM or PIX/ASA 7.x: SSH on the Inside and Outside InterfaceConfiguration Example to allow the device to be remotely configured by the ASDM or Secure Shell (SSH).
Components Used
The information in this document is based on these software and hardware versions: • Cisco Adaptive Security Appliance Software Version 7.x and later • Adaptive Security Device Manager Version 5.x and later • Cisco VPN Client Version 4.x and later The information in this document wascreated from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Related Products
This configuration can also be used with Cisco PIX Security Appliance Version 7.x and later.
Conventions
Refer to Cisco Technical TipsConventions for more information on document conventions.
Background Information
Remote access configurations provide secure remote access for Cisco VPN clients, such as mobile users. A remote access VPN lets remote users securely access centralized network resources. The Cisco VPN Client complies with the IPSec protocol and is specifically designed to work with the security appliance. However,the security appliance can establish IPSec connections with many protocol−compliant clients. Refer to the ASA Configuration Guides for more information on IPSec. Groups and users are core concepts in the management of the security of VPNs and in the configuration of the security appliance. They specify attributes that determine users access to and use of the VPN. A group is a collection of userstreated as a single entity. Users get their attributes from group policies. Tunnel groups identify the group policy for a specific connections. If you do not assign a particular group policy to a users, the default group policy for the connection applies. A tunnel group consists of a set of records that determines tunnel connection policies. These records identify the servers to which the servers...
Leer documento completo
Regístrate para leer el documento completo.