Step By Step Guide To Setup Windows XP/2000 VPN Client to Remote Access Cisco ASA5500 Firewall

Please follow these steps to configure Windows LP2T/IPsec client for Cisco VPN if you have Windows XP or 2000.

Step 1: Add the ProhibitIpSec Registry Value

1. Click Start, click Run, type regedt32, and then click OK.
2. Locate, and then click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters 

1. On the Edit menu, click Add Value.
2. In the Value Name box, type ProhibitIpSec.
3. In the Data Type list, click REG_DWORD, and then click OK.
4. In the Data box, type 1, and then click OK.
5. Quit Registry Editor, and then restart your computer.

Step 2: Create VPN Connection

1. Click Start, and then click Control Panel.
2. In Control Panel, double click Network Connections
3. Click Create a new connection in the Network Tasks task pad
4. In the Network Connection Wizard, click Next.
5. Click Connect to the network at my workplace, and then click Next.
6. Click Virtual Private Network connection, and then click Next.
7. Type yourdomain.com or any other name servers for your "Company Name" box, and then click Next.
8. Choose "Do not dial the initial connection" in "Public Network"
9. Put your firwall IP address in "Host Name or IP Address" box.
10. You are just about done, the rest of the screens just verify your connection, click Next.
11. Click to select the Add a shortcut to this connection to my desktop check box if you want one, if not, then leave it unchecked and click finish.
12. In the Network Connections window, right-click the new connection and select properties.
13. In "Security" tab, choose Advanced (custom settings)
14. Click "Settings" button
15. Only leave "Microsoft CHAP (MS-CHAP) checked.
16. In "Networking" tab, select "L2TP IPSec VPN" in the "Type of VPN" dropdown box.
17. Click Internet Protocol (TCP/IP) and then click "Properties" button.
18. Click "Advanced" button
19. Uncheck "Use default gateway on remote network.

Step 3: Create an IPSec Policy

1. Click Start, click Run, type mmc, and then click OK.
2. Click Console, click Add/Remove Snap-in, click Add, click IP Security Policy Management, click Add, click Finish, click Close, and then click OK.
3. Right-click IP Security Policies on Local Machine, click Create IP Security Policy, and then click Next.
4. In the IP Security Policy Name dialog box, type the name for the IP Security policy in the Name box, and then click Next.
5. In the Requests for Secure Communication dialog box, click to clear the Activate the default response rule check box, and then click Next.
6. Click to select the Edit Properties check box, and then click Finish.
7. In the New IP Security Policy Properties dialog box, click Add on the Rules tab, and then click Next.
8. In the Tunnel Endpoint dialog box, click This rule does not specify a tunnel, and then click Next.
9. In the Network Type dialog box, click All network connections, and then click Next.
10. In the Authentication Method dialog box, click Use this string to protect the key exchange (preshared key), type a preshared key, and then click Next.
11. In the IP Filter List dialog box, click Add, type a name for the IP filter list in the Name box, click Add, and then click Next.
12. In the IP Traffic Source dialog box, choose "My IP Address", and then click Next.
13. In the IP Traffic Destination dialog box, click A specific IP Address in the Destination address box, type your firewall IP, and then click Next.
14. In the IP Protocol Type dialog box, click UDP in the Select a protocol type box, and then click Next.
15. In the IP Protocol Port dialog box, click From this port, type 1701 in the From this port box, click To any port, and then click Next.
16. Click to select the Edit properties check box, click Finish, and then click to select the Mirrored. Also match packets with the exact opposite source and destination addresses check box in the Filter Properties dialog box.
17. Click OK, and then click Close.
18. In the IP Filter List dialog box, click the IP filter that you just created, and then click Next.
19. In the Filter Action dialog box, click Add
20. Choose "Custom" in "IP Traffic Security".
21. Click "Settings" and choose "MD5" from "Integrity Algorithm" dropdown box.
22. Note This new filter action must have the "Accept unsecured communication, but always respond using IPSec" feature disabled to improve security.
23. Click Next, click Finish, and then click Close.
24. Right-click the IPSec policy that you just created, and then click Assign.

Setp 4: Connect VPN

Now you should be able to connect to Cisco ASA VPN.