Remote User VPN - ASA 5505 and Client 5.0.02

Can anyone point me to some references for how to set up a Remote User Connection using the above HW? I have the ASA up and running beside our existing Watchguard FW and am attempting to get it set up to accept a connection from my laptop running this version of the client.

We have our internal network 192.168.16.X. I believe I heard/read somewhere that I need a different pool than my internal LAN for the VPN Clients. I haven't found anything concrete that says this. The users will be using either their home high speed connection or a remote connection through a partner office. Do I need to set up objects with all external IPs to allow just them to VPN in?

I am not sure of what rules I need to set up to allow this and what network objects I need to set up and the best way. When I am done I will have about 15 remote users that I will be setting up.

I am not sure if I am to the point of needing to post a config, I need to figure out what to really sanitize it. My last job we had a support company that we threw these things to. I am now working at a non- profit and am doing things on my own by reading and hitting the groups.

I appreciate any help that anyone can give me.

Tim

Reply to
TimParker
Loading thread data ...

| Can anyone point me to some references for how to set up a Remote User | Connection using the above HW? I have the ASA up and running beside | our existing Watchguard FW and am attempting to get it set up to | accept a connection from my laptop running this version of the | client. | | We have our internal network 192.168.16.X. I believe I heard/read | somewhere that I need a different pool than my internal LAN for the | VPN Clients. I haven't found anything concrete that says this. The | users will be using either their home high speed connection or a | remote connection through a partner office. Do I need to set up | objects with all external IPs to allow just them to VPN in? | | I am not sure of what rules I need to set up to allow this and what | network objects I need to set up and the best way. When I am done I | will have about 15 remote users that I will be setting up. | | I am not sure if I am to the point of needing to post a config, I need | to figure out what to really sanitize it. My last job we had a support | company that we threw these things to. I am now working at a non- | profit and am doing things on my own by reading and hitting the | groups. | | I appreciate any help that anyone can give me.

Connect to the ASA using ASDM (or web interface). Then there is a VPN remote access wizard that makes it very easy to setup remote access using a VPN client.

Reply to
Morph

I have done that. But when I go back in there now, it shows the site to site and remote access wizard options and at the bottom it shows a message:

"only new VPN connections can be crated using this wizard. To edit an existing configuration, switch to the feature mode and select VPN."

I must be dense, but what do they mean by "feature mode?"

I get the following entries now when I try connect. the 1.2.3.4 is my home IP address that was changed, but it is correct in the log. My guess is my rules are not set up properly.

6 Jan 18 2009 04:07:16 106015 Tim_Home ASA_5505 Deny TCP (no connection) from Tim_Home/49321 to ASA_5505/10000 flags ACK on interface outside

4 Jan 18 2009 04:07:16 713903 Group =3D DefaultRAGroup, IP =3D 1.2.3.4 , Error: Unable to remove PeerTblEntry

3 Jan 18 2009 04:07:16 713902 Group =3D DefaultRAGroup, IP =3D 1.2.3.4, Removing peer from peer table failed, no match!

Reply to
TimParker

Nevermind. Got it connected. Now I just have to write some rules to allow me to access stuff! Thanks for the help.

Tim

Reply to
TimParker

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.