Questions

Cisco noob can't create a vpn

Tags:
+
0 Votes
Locked

Cisco noob can't create a vpn

jjcanaday
My company has several remote sites that currently use Remote Desktop to access shared files(!?!) and to run an inventory tracking program with SQL back end one of the servers. I thought switching over to VPN would be better and finally got the upgrade from a PIX 506e to an ASA 5510. I've been trying to set up a VPN for 3 weeks now and just can't get it working. For my test remote site, I can use either a Linksys RV042 or an RVL200. The RV042/RVL200 seem easy enough to set up but, starting with a clean ASA, could someone PLEASE give me the set of commands to run against the ASA to connect? Assume the following topology:

192.168.2.0 >> RV042 or RVL200 >> 12.23.34.45 >> Internet >> 56.67.78.89 >> ASA 5510 >> 10.0.0.0

I've tried the wizard, several configurations posted on several other sites, all to no avail. I can never get past Phase 1.

Clarifications

eboo98

Hi,
Just had a look on your solution, I was wondering if you still have the whole configuration for the VPN setting. Thanks Abraham

  • +
    0 Votes
    CG IT

    makes a difference on what type of VPN your trying to use.

    If your doing Host to Point, what VPN client program?

    +
    0 Votes
    jjcanaday

    I guess Point to Point.

    I would like multiple people on the remote side be able to open network shares at the same time. Also, they would have to connect to different servers here in the main office. I know some of this sounds kind of screwy but I'm starting out from where remote users were connecting into a server via Remote Desktop with Admin privileges! (Not my doing, it?s what I inherited.) I have high hopes that there is a configuration that would allow the remote users to log on to their computers with domain logins rather than local computer accounts.

    +
    0 Votes
    CG IT

    If you want remote users to be able to VPN into the main network, gain access to network resources, published shares in Active Directory, then RRAS is a way to go. you can configure PPTP or L2TP and IPSec for remote access clients.

    A VPN client program can be configured for users to provide 2 factor authentication and access to network resources [shared resources].

    Might want to look into Microsoft's ADAM. you can check out ADAM at Microsoft Technet. Allows appls to run as a user account rather than Network Service Account. ADAM Active Directory Application Mode.

    +
    0 Votes
    career

    Site to Site (or Lan to Lan) VPN is the way to go here.

    Are you sure the Linksys Routers support IPSec VPN? Cisco should have some type of config example out there for this, considering they own Linksys.

    +
    0 Votes
    jjcanaday

    but if there is one, I can't find it.

    BTW, I was on vacation when you posted this. I had forgotten about it until I received another post on this thread.

    The Linksys router was easy - it was the ASA that was giving me fits. I eventually got about 80% there with another white paper from proxicast. The tunnel formed (according to both sides) but computers couldn't see/ping each other. Cisco tech support finally got me up.

    +
    0 Votes
    dfindlay

    Did you get this to work? I have a customer who wants to do the exact same thing.

    +
    0 Votes
    jjcanaday

    I was able to finally get it about 80% working using proxicast's LAN-Cell to Cisco ASA VPN Example. (Google "technote LCTN0014) I used the non-Wizard mode starting on page 19. At that point, the VPN would connect but, computers couldn't see (or ping) each other.

    Finally, Cisco got it working by setting up the proper ACL. I can't find the log of her session right now -- I'll try to post it on Monday.

    +
    0 Votes
    dfindlay

    Did you get this to work? I have a customer who wants to do the exact same thing.

  • +
    0 Votes
    CG IT

    makes a difference on what type of VPN your trying to use.

    If your doing Host to Point, what VPN client program?

    +
    0 Votes
    jjcanaday

    I guess Point to Point.

    I would like multiple people on the remote side be able to open network shares at the same time. Also, they would have to connect to different servers here in the main office. I know some of this sounds kind of screwy but I'm starting out from where remote users were connecting into a server via Remote Desktop with Admin privileges! (Not my doing, it?s what I inherited.) I have high hopes that there is a configuration that would allow the remote users to log on to their computers with domain logins rather than local computer accounts.

    +
    0 Votes
    CG IT

    If you want remote users to be able to VPN into the main network, gain access to network resources, published shares in Active Directory, then RRAS is a way to go. you can configure PPTP or L2TP and IPSec for remote access clients.

    A VPN client program can be configured for users to provide 2 factor authentication and access to network resources [shared resources].

    Might want to look into Microsoft's ADAM. you can check out ADAM at Microsoft Technet. Allows appls to run as a user account rather than Network Service Account. ADAM Active Directory Application Mode.

    +
    0 Votes
    career

    Site to Site (or Lan to Lan) VPN is the way to go here.

    Are you sure the Linksys Routers support IPSec VPN? Cisco should have some type of config example out there for this, considering they own Linksys.

    +
    0 Votes
    jjcanaday

    but if there is one, I can't find it.

    BTW, I was on vacation when you posted this. I had forgotten about it until I received another post on this thread.

    The Linksys router was easy - it was the ASA that was giving me fits. I eventually got about 80% there with another white paper from proxicast. The tunnel formed (according to both sides) but computers couldn't see/ping each other. Cisco tech support finally got me up.

    +
    0 Votes
    dfindlay

    Did you get this to work? I have a customer who wants to do the exact same thing.

    +
    0 Votes
    jjcanaday

    I was able to finally get it about 80% working using proxicast's LAN-Cell to Cisco ASA VPN Example. (Google "technote LCTN0014) I used the non-Wizard mode starting on page 19. At that point, the VPN would connect but, computers couldn't see (or ping) each other.

    Finally, Cisco got it working by setting up the proper ACL. I can't find the log of her session right now -- I'll try to post it on Monday.

    +
    0 Votes
    dfindlay

    Did you get this to work? I have a customer who wants to do the exact same thing.