How to configure Remote Access VPN using ASA?

Remote Access VPN (Easy VPN) provides a secure tunnel over the public network to the off-site users. Easy VPN is a proper client-server model, that is why we will try to perform maximum configurations on the sever end and use Cisco VPN client software at user end to establish connection. Basic steps for Easy VPN Configuration: 1- First configure the ASA interface Interface name Security level IP address Enable crypto isakmp on ASA 2- Configure IP pool Pool name Range of IP addresses to be used in pool 3- Configure user accounts Username Password 3- First define the ISAKMP Policy. Authentication Hash Encryption Group 4- Establish IPsec transform set. Esp-des Esp-md5-hmac Esp-aes Asp-sha-hmac 5- Configure tunnel group Group name Group policies 6- Now apply crypto map on the outside interface. Used to verify the outgoing interface traffic Configuration of ASA ASA(config)#interface GigabitEthernet 0/1 ASA(config-if)# no shutdown ASA(config-if)# nameif outside ASA(config-if)# ip address 20.1.1.50 255.0.0.0 ASA(config-if)#exit ASA(config)# crypto isakmp enable outside (To enable crypto isakmp on ASA) ASA(config)# ip local poolname 30.1.1.1-30.1.1.50 (define IP pool) ASA(config)# route outside 0 0 20.0.0.0 ASA(config)# username Mark password Cisco (define username and password) Now defined the IKE polices on ASA ASA-(config)#crypto isakmp policy 10 (10 is isakmp policy number) ASA(config-isakmp)#encryption des (enable encryption des) ASA(config-isakmp)#hash md5 (enable algorithm md5 for hashing) ASA(config-isakmp)#authentication pre-share (enable Pre-shared method) ASA(config-isakmp)#group 2 (enable diffie-Helman group 2) ASA(config-isakmp)#exit (Exit from crypto isakmp mode) ASA(config)#crypto ipsec transform-set ts2 esp-des esp-md5-hmac (Here encryption type is des and hashing technique is md5-hmac) ASA(config)# crypto dynamic-map dmap 10 set transform-set ts2 (apply the transform set) ASA(config)#crypto map imap 10 ipsec-isakmp dynamic dmap (call dynamic-map in crypto map name imap) ASA(config)# tunnel-group marketing type ipsec-ra (create a group for marketing department) ASA(config)# tunnel-group marketing general-attributes ASA(config-general)# address-pool poolname ASA(config-general)# exit ASA(config)# tunnel-group marketing ipsec-attributes ASA(config-ipsec)# pre-shared-key Cisco ASA(config-ipsec)# exit ASA-B(config)# crypto map imap interface outside (Apply crypto map on outside interface) Now to verify the secure tunnel, dial connection from user end using Cisco VPN client