This walkthrough will describe how to use your Cisco ASA5505 as a VPN server for a remote client. The remote client doe not need to have an 5505 as a VPN endpoint, it only needs to have the Cisco VPN Client software installed.
To configure the ASA5505, first log into it using the Cisco ASDM.
- Click the “Wizards” drop down, select “VPN Wizard.”
- Select “Remote Access,” click Next.
- Select “Cisco VPN Client,” click Next
- Select “Pre-shared key,” then fill in what I’m going to call your “VPN Connection Password.” This will be saved in the client and should be as long and secure as possible.
- Tunnel Group Name: Enter what I’m going to call your “VPN Connection Username,” and Click Next.
- Select “Authenticate using the local user database,” click Next.
- Create a username and password for each VPN user, click Next.
- Click “New…” to create a new VPN IP pool. You can do whatever you want here, but here is my suggestion:
- Name: VPNUsers
- Starting IP Address: 192.168.15.194
- Ending IP Address: 192.168.15.220
- Subnet Mask: 255.255.255.224
- Click “OK.”
- Click Next.
- Fill in DNS and WINS for your outside network and Click Next.
- IKE Policy defaults are fine, click Next.
- IPSec defaults are fine, click Next.
- Leave NAT Settings blank, but check “Enable Split tunneling” at the bottom and click Next.
- Click Finish.
One more step, without this you won’t be able to connect to anything besides the internal network when you are connected to the VPN.
- Click “Configuration” at the top of the screen.
- Click “VPN” on the left side of the screen.
- Under “General,” click “Group Policy.”
- Click the Group Policy that corresponds to the one you defined during the Wizard, and click the Edit button.
- Click the Client Configuration Tab.
- Click the “Manage” button next to Split Tunnel Network List.
- Double click the Entry under the Standard ACL tab.
- Change the IP address and Netmask to match that of your internal network, the subnet where your servers are located.
- Click OK, OK, OK and finally: Apply.
Now that we’ve done all that, we should save it from working memory into the flash. I like to do a reboot while I do this, and we can do it using the Cisco ASDM!
- Click Tools and select System Reload.
- Be sure to change the radio button at the top to Save the running configuration at the time of reload.
- Click “Schedule Reload,” Yes, and Exit ASDM.
To connect your new VPN, you’ll need the Cisco VPN Client. I’m using version 4.6.
- Install the Cisco VPN Client.
- Click “New.”
- Connection Entry: Name of the VPN connection. I used the same thing I put in for the Tunnel Group Name (VPN Connection Username), but you can use whatever you want.
- Host: The IP address or DNS name of the VPN Server.
- On the Authentication Tab, make sure “Group Authentication” is selected.
- Name: Put whatever you put for Tunnel Group Name (VPN Connection Username).
- Password: put in your “Pre-shared Key” VPN (Connection password).
That’s it! Hit Save.
To connect, double-click the connection entry you just created.
Enter your username and password, which we defined users on the Cisco ASA5505 device during the VPN Wizard.
Done and Done!