Step By Step Guide To Setup Remote Access VPN In Cisco ASA5500 Firewall With Cisco ASDM
1. Check Cisco firewall ASA version
Make sure you have ASA 8.2.2 and up. You cannot connect your Windows clients if you have ASA 8.2.1 because of the Cisco software bug.
2. Start Cisco firewall IPsec VPN Wizard
Login to your Cisco firewall ASA5500 ASDM and go to Wizard > IPsec VPN Wizard ... and follow up the screens.
2.1 In "VPN Tunnel Type", choose "Remote Access"
From the drop-down list, choose "Outside" as the enabled interface for the incoming VPN tunnels. Keep the box checked,"Enable inbound IPSec sessions to bypass interface access lists. Group policy and per-user authorization access lists still apply to the traffic."
2.2 In Remote Access Client, Check "Microsoft Windows client using L2TP over IPSec"
Check "MS-CHAP-V1" and "MS-CHAP-V2" as PPP authentication protocol.
2.3 Choose "Pre-shared Key" for VPN Client Authentication Method
Pre-shared key must be the same for the firewall and client side.
2.4 Authenticate remote users using local device user database
2.5 Add new user into the user authentication database
You will use this username and password to connect in the client side.
2.6 Add address pool
Create a pool of local addresses to be used for assigning dynamic IP addresses to remote VPN clients. You can use 10.10.20.240 to 10.10.20.249 (may depends on your internal network).
2.7 Leave empty for attributes pushed to the client
2.8 Default for IKE Policy
3DES encryption & SHA authentication and Diffie Hellman Group 2.
2.9 Default for IPSec Settings
Uncheck "Enable split channeling ..." and uncheck "Perfect Forwarding Secrecy(PFS)"
2.10 Verify the summary information and click "Finish" button
3. Add Transform Set
Go to Configuration > Remote Access VPN > Network (Client) Access > Advanced > IPSec > Crypto Maps. Edit the IPSec rules and add "TRANS_ESP_3DES_SHA" and click "Ok" button.
