Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN With Cisco ASA 5510 Security Appliance

Status
Not open for further replies.

dmz740

IS-IT--Management
Aug 9, 2005
45
US
We recently set up a Cisco VPN using a Cisco ASA 5510 Security Appliance (Firewall). The VPN works great for Internet connectivity. The problem is we can see no network assets. No shared drives etc. I am confused on how this is supposed to authenticate with our PRIVATE network. I could go through a list of ping options but when we try to ping our server or anything on the inside of the private network the ping fails. I have tried the VPN setup wizard in XP and it does not provide us with authentication. We start the Cisco VPN software and it shows the VPN connected, we can connect to the internet but have no access to our network assets file server etc... The Cisco engineer says once this VPN is established, you use remote desktop to access the network. We are not comfortable with that because of the security issues we are operating under (Bank). I would be interested to see if anyone has set one of these up and how they authenticted from the VPN client on a public connection to a Private LAN. VPN running Cisco client is an XP machine our server is running Windows Server 2003. Any help would be appreciated.
 
I usual install IAS on the windows active directory server and authenticate users that are in the remote users group. Once you are connected to the vpn you can connect to mapped drives and everything else just as if you were plugged into the network. Sounds like you need a new engineer.
 
What version OS do you have on the ASA?

Do you have the following items.

VPN address pool.

Exclusion of VPN IP addresses from NAT.

ACL from VPN IP addresses to internal network.

Route from default gateway to VPN Address pool.

For authentication with 8.0(3) you can use RADIUS
TACACS+, NT Domain, MS Active Directory, LDAP.

We use a combination of RADIUS and MS Active Directory.

But for file/print shares you need a script on the VPN Client to do the mappings.

I have tried to get the logon script to work but have not had much success.


 
Larry,

We are running version 7.2(4) on the ASA5510. As for the rest of the questions that you asked, no we don't have those. I have been sidetracked for a few weeks but I have to get back to this VPN issue. Cisco has been little or no help. Like I said previously, they got the tunnel established where we could get on the Internet and then they just kind of gave up. I did the research on the IAS and that sounds like part of the solution but you obviously are telling me there is much more. Any help would be a ppreciated.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top