Remote Access VPN enables a remote user to access a corporate network through a secure connection over Internet.
Follow this step by step procedure to configure Remote Access VPN in CISCO ASA Firewall:
> Telnet and login to firewall
> enable
#configure t
(config)#
Step 1: (config)# isakmp policy 1 authentication pre-share
>> Authenticity. To verify the identity of the remote peer
Step 2: (config)# isakmp policy 1 encryption 3des
>> Confidentiality. Privacy.
Step 3: (config)# isakmp policy 1 hash sha
>> Integrity. To ensure the data is not modified during transit
Step 4: (config)# isakmp policy 1 group 2
>> Diffie-Hellman Group to set the size of encryption key
Step 5: (config)# isakmp policy 1 lifetime 43200
>> 12 hours life time for encryption key
Step 6: (config)# isakmp enable outside
>> Enable ISAKMP on the outside interface (name of interface connected to Internet)
Step 7: (config)# ip local pool rvpn_pool 192.168.100.1-192.168.101.5
>> To differentiate during traffic monitoring, provide different segment other than LAN
Step 8: (config)# username rvpn_user1 password *********
>> Username and Password to establish a remote access VPN
Step 9: (config)# tunnel-group rvpn type remote-access
>> Setting up tunnel group as remote acess
Step 10: (config)# tunnel-group rvpn general-attributes
>> Associate Address Pool to this tunnel group
Step 11: (config-general)# address-pool rvpn_pool
Step 12: (config-general)# exit
Step 13: (config)# tunnel-group rvpn ipsec-attributes
>> Associate Pre-shared key with this tunnel group
Step 14: (config-ipsec)# pre-shared-key ******
Step 15: (config)# crypto ipsec transform set rvpn_set esp-3des esp-md5-hmac
Step 16: (config)# crypto dynamic-map dyn1 1 set transform-set rvpn_set
Step 17: (config)# crypto dynamic-map dyn1 1 set reverse-route
Step 18: (config)# crypto map qmap 1 ipsec-isakmp dynamic dyn1
Step 19: (config)# crypto map qmap interface outside
Step 20: (config)# wr mem