This article walks through how to configure a remote access VPN connection on a Cisco ASA 5500-series firewall.

1.  Log in to the Cisco ASDM
2.  Go to the Wizards menu and run the VPN Wizard.
3.  Choose the ‘Remote Access’ type on the VPN Tunnel Type page:


4.  Choose “Cisco VPN Client” for the VPN client type.
5.  Set your pre-shared key and your Tunnel Group Name
6.  Choose the client authentication method, either using the local user database or an AAA server group
7.  Add a DHCP pool to be used for users connecting using a VPN client; use a different subnet than one already in use on your LAN



8.   Configure the DHCP scope options, such as DNS, WINS, and default domain name
9.   Set the IKE and IPSec policies; I normally use the defaults, which currently are 3DES-SHA
10. Set the Address Translation Exemption and split tunneling options.  Typically, I use the internal network that the VPN-connected client will need access to and enable split tunneling.
11. Click Next, then Finish.
12. Go check the NAT exemption rules.  You should have a rule on the inside interface, exempting any traffic that is going to the VPN subnet (in this case 10.0.2.0/24) from NAT.  Should look like this:

13. That is it; you are done!  You should be able to set up your Cisco VPN client, connect to the network, and test by pinging one of the servers on the internal LAN subnet.

    Posted via email from Aaron Johnstone

    Leave a Reply

    Your email address will not be published. Required fields are marked *