Scenario: Remote-Access VPN Configuration



Similar documents
Scenario: IPsec Remote-Access VPN Configuration

Cisco PIX 515E Security Appliance Getting Started Guide

Configuring IPsec VPN with a FortiGate and a Cisco ASA

This topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

VPN Wizard Default Settings and General Information

VNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide

Cisco ASA 5500-X Series ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X

Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication

VPN Configuration Guide. Cisco ASA 5500 Series

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

Understanding the Cisco VPN Client

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Configuring IPsec VPN between a FortiGate and Microsoft Azure

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Monitoring Remote Access VPN Services

Lab a Configure Remote Access Using Cisco Easy VPN

VPN Configuration Guide WatchGuard Fireware XTM

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

How To Industrial Networking

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Cisco SA 500 Series Security Appliance

Chapter 5 Virtual Private Networking Using IPsec

Configuring Remote Access IPSec VPNs

Connecting an Android to a FortiGate with SSL VPN

Configuring a VPN for Dynamic IP Address Connections

Configuring the PIX Firewall with PDM

Cisco ASA. Administrators

Configure IPSec VPN Tunnels With the Wizard

ASA 8.x: VPN Access with the AnyConnect VPN Client Using Self Signed Certificate Configuration Example

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

Global VPN Client Getting Started Guide

VPN L2TP Application. Installation Guide

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Table of Contents. Introduction

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

Cisco ASA 5505 Getting Started Guide

Network Security 2. Module 6 Configure Remote Access VPN

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Deploying Cisco ASA VPN Solutions

Cisco QuickVPN Installation Tips for Windows Operating Systems

If you have questions or find errors in the guide, please, contact us under the following address:

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

Windows XP VPN Client Example

Configure VPN between ProSafe VPN Client Software and FVG318

Cisco AnyConnect Secure Mobility Solution Guide

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Configuration Procedure

Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server. October

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

Lab Configure Remote Access Using Cisco Easy VPN

Expert Reference Series of White Papers. Integrating Active Directory Users with Remote VPN Clients on a Cisco ASA

Chapter 6 Virtual Private Networking

Global VPN Client Getting Started Guide

Virtual Data Centre. User Guide

Application Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.

This chapter describes how to set up and manage VPN service in Mac OS X Server.

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

How To Configure An Ipsec Tunnel On A Network With A Network Gateways (Dfl-800) On A Pnet 2.5V2.5 (Dlf-600) On An Ipse Vpn

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Connecting Remote Offices by Setting Up VPN Tunnels

Chapter 6 Basic Virtual Private Networking

7. Configuring IPSec VPNs

ADMINISTRATION GUIDE Cisco Small Business

Module 6 Configure Remote Access VPN

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

TechNote. Configuring SonicOS for MS Windows Azure

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

How to Set Up an IPsec Connection Between Two Ingate Firewalls/SIParators (including SIP)

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example

How To Set Up Checkpoint Vpn For A Home Office Worker

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

vcloud Director User's Guide

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Apliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide.

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

WatchGuard Mobile User VPN Guide

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Advanced Administration

VPN SECURITY POLICIES

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

HOWTO: How to configure IPSEC gateway (office) to gateway

Transcription:

CHAPTER 7 Scenario: Remote-Access VPN Configuration A remote-access Virtual Private Network (VPN) enables you to provide secure access to off-site users. ASDM enables you to configure the adaptive security appliance to create secure connections, or tunnels, across the Internet. Figure 7-1 shows an adaptive security appliance configured to accept requests from and establish secure connections with VPN clients over the Internet. Figure 7-1 Network Layout for Remote Access VPN Scenario DNS Server 10.10.10.163 ASA security appliance VPN client (user 1) Internal network Inside 10.10.10.0 Outside Internet VPN client (user 2) WINS Server 10.10.10.133 VPN client (user 3) 132209 7-1

Implementing the Remote-Access Scenario Chapter 7 Implementing the Remote-Access Scenario The following sections provide instructions for configuring the adaptive security appliance in a remote-access deployment, using example parameters from the remote-access scenario illustrated in Figure 7-1. Information to Have Available Range of IP addresses to be used for an IP pool List of users to be used in creating a local authentication database, unless you will be using a AAA server for authentication Networking information to be used by remote clients, including: IP addresses for the Primary and secondary DNS servers IP addresses for the Primary and secondary WINS servers Default domain name List of IP addresses for local hosts, groups and networks that should be made accessible to authenticated remote clients Configuring the Remote-Access VPN The ASDM VPN Wizard enables you to configure the adaptive security appliance as a remote-access VPN headend device in a series of simple steps: 1. Configure the Adaptive Security Appliance for Remote-Access VPN. 2. Select VPN Clients. 3. Specify the VPN Tunnel Group Name and Authentication Method. 4. Specify a User Authentication Method. 5. Configure User Accounts (optional). 6. Configure Address Pools. 7. Configure Client Attributes. 8. Configure the IKE Policy. 9. Configure IPSec Encryption and Authentication parameters. 7-2

Chapter 7 Implementing the Remote-Access Scenario 10. Specify Address Translation Exception and Split Tunneling. 11. Verify the Remote-Access VPN Configuration. Configure the Adaptive Security Appliance for Remote-Access VPN To begin the process for configuring a remote-access VPN, perform the following steps: Launch ASDM by entering the factory default IP address in the address field of a web browser: https://192.168.1.1/admin/. In the main ASDM window, click VPN Wizard option from the Wizards drop-down list. The VPN Wizard window appears. 7-3

Implementing the Remote-Access Scenario Chapter 7 Step 3 In of the VPN Wizard, perform the following steps: a. Click the Remote Access VPN option. b. From the drop-down list, click outside as the enabled interface for the incoming VPN tunnels. c. Click Next to continue. Select VPN Clients In of the VPN Wizard, perform the following steps: Click the radio button to allow remote access users to connect to the adaptive security appliance using either a Cisco VPN client or any other Easy VPN remote products. 7-4

Chapter 7 Implementing the Remote-Access Scenario Note Although there is currently only one selection on this screen, it is set up so that other tunnel types can be enabled easily as they become available. Click Next to continue. Specify the VPN Tunnel Group Name and Authentication Method In Step 3 of the VPN Wizard, perform the following steps: Enter a Tunnel Group Name (such as "CiscoASA") for the set of users that use common connection parameters and client attributes. 7-5

Implementing the Remote-Access Scenario Chapter 7 Step 3 Specify the type of authentication that you want to use by performing one of the following steps: To use static preshared keys for authentication, click Pre-Shared Key, and enter a key (such as "CisCo"). To use digital certificates for authentication, click Certificate, click the Certificate Signing Algorithm (rsa-sig/dsa-sig) from the drop-down list, and then click a pre-configured trustpoint name from the drop-down list. Click Next to continue. Specify a User Authentication Method Users can be authenticated either by a local authentication database or by using external authentication, authorization, and accounting (AAA) servers (RADIUS, TACACS+, SDI, NT, and Crabbers). In Step 4 of the VPN Wizard, perform the following steps: Click the appropriate radio button to specify the type of user authentication that you want to use: A local authentication database An external AAA server group Click a preconfigured server group from the drop-down list, or click New to add a new server group. 7-6

Chapter 7 Implementing the Remote-Access Scenario Step 3 Click Next to continue. Configure User Accounts (optional) If you have chosen to authenticate users with the local user database, create new user accounts. In Step 5 of the VPN Wizard, perform the following steps: To add a new user, enter a username and password, then click Add. 7-7

Implementing the Remote-Access Scenario Chapter 7 When you have finished adding new users, click Next to continue. Configure Address Pools For remote clients to gain access to your network, you must configure a pool of IP addresses that can be assigned to remote VPN clients as they are successfully connected. In this scenario, the pool is configured to use the range of IP addresses 209.165.201.1 to 209.166.201.20. In Step 6 of the VPN Wizard, perform the following steps: Step 3 From the drop-down list, enter a pool name or click a preconfigured pool. Enter the start of the range of IP addresses to be used in the pool. Enter the end of the range of IP addresses to be used in the pool. 7-8

Chapter 7 Implementing the Remote-Access Scenario Step 4 From the drop-down list, enter the subnet mask or click a preconfigured value. Step 5 Click Next to continue. Configure Client Attributes To access your network, each remote access client needs basic network configuration information, such as which DNS and WINS servers to use and the default domain name. Rather than configuring each remote client individually, you can provide the client information to ASDM. The adaptive security appliance pushes this information to the remote client when a connection is established. Ensure that you specify the correct values, or remote clients will not be able to use DNS names for resolution or use Windows networking. 7-9

Implementing the Remote-Access Scenario Chapter 7 In Step 7 of the VPN Wizard, perform the following steps: Enter the network configuration information to be used by remote clients. Click Next to continue. Configure the IKE Policy IKE is a negotiation protocol that includes an encryption method to protect data and ensure privacy; it is also an authentication method to ensure the identity of the peers. In most cases, the ASDM default values are sufficient to establish secure VPN tunnels. 7-10

Chapter 7 Implementing the Remote-Access Scenario To specify the IKE policy, perform the following steps: Click the Encryption (DES/3DES/AES), authentication algorithms (MD5/SHA), and the Diffie-Hellman group (1/2/5/7) used by the adaptive security appliance during an IKE security association. Click Next to continue. Configure IPSec Encryption and Authentication parameters In Step 9 of the VPN Wizard, perform the following steps: Click the Encryption algorithm (DES/3DES/AES) and authentication algorithm (MD5/SHA). 7-11

Implementing the Remote-Access Scenario Chapter 7 Click Next to continue. Specify Address Translation Exception and Split Tunneling The adaptive security appliance uses Network Address Translation (NAT) to prevent internal IP addresses from being exposed externally. You can make exceptions to this network protection by identifying local hosts and networks that should be exposed to authenticated remote users. Specify the resources to be exposed by host or network IP address, by name, or by group. (In this scenario, the entire inside network 10.10.10.0 is exposed to all remote clients.) 7-12

Chapter 7 Implementing the Remote-Access Scenario In 0 of the VPN Wizard, perform the following steps: Specify hosts, groups and networks that should be in the list of internal resources made accessible to authenticated remote users. To add or remove hosts, groups and networks dynamically from the Selected panel, click Add or Delete, as appropriate. Note Enable split tunneling by clicking the radio button at the bottom of the screen. Split tunneling allows traffic outside the configured networks to be sent out directly to the Internet instead of over the encrypted VPN tunnel. When you have finished specifying resources to expose to remote clients, click Next to continue. 7-13

Implementing the Remote-Access Scenario Chapter 7 Verify the Remote-Access VPN Configuration Review the configuration attributes for the VPN tunnel you just created. The displayed configuration should be similar to the following: If you are satisfied with the configuration, click Finish to complete the Wizard and apply the configuration changes to the adaptive security appliance. 7-14

Chapter 7 What to Do Next What to Do Next If you are deploying the adaptive security appliance solely in a remote-access VPN environment, you have completed the initial configuration. In addition, you may want to consider performing some of the following steps: To Do This... See... Refine configuration and configure optional and advanced features Learn about daily operations Review hardware maintenance and troubleshooting information Cisco Security Appliance Command Line Configuration Guide Cisco Security Appliance Command Reference Cisco Security Appliance Logging Configuration and System Log Messages Cisco ASA 5500 Series Hardware Installation Guide You can configure the adaptive security appliance for more than one application. The following sections provide configuration procedures for other common applications of the adaptive security appliance. To Do This... See... Configure the adaptive security appliance to protect a Web server in a DMZ Configure a site-to-site VPN Chapter 6, Scenario: DMZ Configuration Chapter 8, Scenario: Site-to-Site VPN Configuration 7-15

What to Do Next Chapter 7 7-16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information