View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0027 - ASA Remote Access IPSec VPN with Pre-Shared Key and Certificate

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>

The video demonstrates configuration of remote access IPSec VPN with Windows software client on Cisco ASA firewall. We will look at both simple pre-shared key authentication as well as using client certificate. The client is placed behind a NAT router to demonstrate the significance of NAT Transparency, and compare it to raw IPSec, IPSec over UDP and IPSec over TCP. The order of precedence on encapsulation types will be investigated when they are all enabled simultaneously. 

Notes:
  • IPSec over UDP is only available on Cisco ASA and not router
  • IPSec over TCP takes precedence over NAT-T and IPSec over UDP given it is configured on the client
  • NAT-T takes precedence over IPSec over UDP when client is behind a NAT device
  • IPSec over UDP is used only when NAT-T is disabled or client is NOT behind a NAT device
Topic includes
  • Easy VPN (EZVPN) with Software IPSec Client to Cisco ASA
  • Client Pre-Shared Key and Certificate Authentication
  • NAT Transparency (UDP 4500)
  • IPSec over UDP
  • IPSec over TCP

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

2 comments

Could you please give the base config for your network diagram>

This is one of the older videos so we no longer have startup config for it. Sorry.