04.19.2012

Configuring Cisco ASA for VPN with Android and Windows 7

When attempting to configure my Cisco Adaptive Security Appliance (ASA) 5505 firewall for VPN connections from my Droid, I found a number of sites that provided information but none that worked perfectly. Part of the problem may be that my ASA is not running the latest version of the IOS. The IOS is 7.2(3) and the Droid is currently running 2.3.6.

Follow up:

My configuration includes authentication for the VPN via Active Directory and RADIUS. The pertinent portions of the ASA config are as follows:

Code:


ip local pool VPN-POOL <address range for VPN clients>
aaa-server VPN-AUTH protocol radius
aaa-server VPN-AUTH host <radius server IP>
  timeout 5
  key <key value>
aaa-server RADIUS protocol radius
crypto ipsec transform-set trans esp-3des esp-sha-hmac
crypto ipsec transform-set trans mode transport
crypto dynamic-map dyno 10 set transform-set trans
crypto map vpn 65535 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal  3600
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value <dns server IP>
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value <yourdomain.com>
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-POOL
authentication-server-group VPN-AUTH
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key <preshared key>
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
authentication eap-proxy

NOTE: You will need to replace the items within the less-than and greater-than symbols with your network information.