The SSL VPN Client (SVC) is a VPN tunneling technology that gives remote users the benefits of an IPSec VPN client without the need for network administrators to install and configure IPSec VPN clients on remote computers.
Refer to the Cisco Technical Tips Conventions for more information on document conventions. If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. PC that runs Windows 2000 Professional or Windows XPĬisco Adaptive Security Device Manager (ASDM) version 6.1(5)
The information in this document is based on these software and hardware versions:Ĭisco 5500 Series ASA that runs software version 8.xĬisco SSL VPN Client version for Windows 1.1.4.179 The SVC needs to be downloaded to the remote user computers in order to establish the SSL VPN connection with the ASA.
Copy the SVC to the flash memory on the ASA.
Note: Download the SSL VPN Client package (sslclient-win*.pkg) from Cisco Software Download ( registered customers only). Prerequisites RequirementsĮnsure that you meet these requirements before you attempt this configuration: For traffic emerging from a tunnel, this route overrides any other configured or learned default routes. When you create a default route with the tunneled option, all traffic from a tunnel terminating on the ASA that cannot be routed using learned or static routes is sent to this route.
Also if you looking to upgrade the IOS image or firmware of Cisco ASA do not forget to see the article Cisco ASA Firmware upgrade-CLI and Cisco ASA firmware upgrade-GUI.This document describes how to configure the Adaptive Security Appliance (ASA) to route the SSL VPN traffic through the tunneled default gateway (TDG). In case you are having issues in configuring ASDM Access and/or SSH Access of Cisco ASA please follow the attached link. Once both ends have the configuration, the IPSec VPN tunnel should be up and connected. If the far end also has the Cisco ASA then follow the same steps to configure the VPN tunnel at the far end. If Keep Alive is enabled then define the “ Confidence Interval” and “ Retry Interval“. Select one of the available options for the IKE IP Peer validation as per requirement or company policyĮnable or disable keep alive as per requirement. Options of Tunnel Group are shown below and discussed as well. Navigate to Tunnel group and configure as per requirement. Lower the number, highest the priority.Įnable or disable NAT Transversal and Reverse Route as per requirement.ĭefine the Security Association Lifetime as per requirement or company policy. Options are shown below in the image and described as well.ĭefine the priority of the VPN tunnel. Mismatched or wrong PSK will not allow VPN to get connected.Īdd the IPSec Proposal as per requirement or company policy.Ĭlick “ Advanced” and navigate to “ Crypto Map Entry“. Keep it safe somewhere as the same PSK would need to add at the remote site. Detail is shown below in the image for Group Policy.Īdd the Pre-shared Key for local and remote site. These subnets/IPs will be considered as Protected Network.Ĭonfigure the group policy and add the public IP, enable IKEv2 and modify other options as per requirement. Generally, the WAN or Outside interface is used for the VPN connection.Īdd the subnets or IPs of the Local site and the remote site which are allowed to communicate via IPSec tunnel. Put the IP address of the remote site or the far end, where we want to connect the site through the IPSec Site-to-Site VPN tunnel.Ĭonfigure the interface for the connection. All steps of the first page of configuration is shown below in the image. IPSec Site-to-Site VPN tunnel configuration contains many steps, hence we will discuss here each step in detail.
Follow the steps shown below in the image Navigate to the “Configuration” page and then to the “ Site-to-Site VPN” tab.
This can be configured via CLI or Command Line Interface as well.Īccess the Firewall using the username and password through ASDM. We will use here Graphical User Interface method for the configuration. Model: ASA 5506-X, ASA 5506 W-X, ASA 5508-X, Cisco ASA 5500 Seriesĭescription: In this article , we will discuss the stepwise method to configure a Site-to-Site IPSec VPN tunnel on a Cisco ASA Firewall.