It’s quite unstable and you may have to remove a crypto map from an interface and re-add it for the VPN to come up. Note: I found many issues with the VPN configuration on the Cisco ASA in Packet Tracer 6.2.
To confirm that the traffic is indeed being encrypted using the VPN tunnel, we need to check the IPsec SAs using the show crypto ipsec sa command: Now if we check the ISAKMP SA on one of the ASAs, we should see an SA between this ASA and the other one:
The easiest traffic to test with is ICMP traffic so let’s go with that: Now, we can initiate traffic from any of the inside user devices. Also, you may get a warning about the tunnel-group name you have chosen on a real device, this should only show if you configure a named tunnel-group and not an IP address.īefore initiating traffic between the two protected networks, we can first check the ISAKMP SAs which should be empty: Note: Packet Tracer may give you a warning message that the crypto map is incomplete. However, with the ASA on Packet Tracer, VPN traffic does not automatically bypass ACL checks and must be manually allowed. Something else to keep in mind is that on real ASAs, the sysopt connection permit-vpn command is configured by default and it allows VPN traffic to automatically bypass ACL checks. The commands to configure NAT exemption are not available on Packet Tracer 6.2 so we will just rely on routing. If you then want to configure VPN, you will need to exempt the VPN traffic from NAT. Note: In most real-life scenarios, you will have NAT configuration for internal users to connect to the Internet just like we had in the previous lab. Even though the ASA on Packet Tracer supports only a limited set of features for VPN, it supports just enough to configure basic site-to-site VPN. You can go over this article on the Intense School site that discusses the components of VPN on the Cisco ASA. Also create a group policy that contains the URL you created and attach this group policy to the “sslvpnuser” username.
CISCO ASA 5505 SITE TO SITE VPN PASSWORD
Create a user on ASA0 called “sslvpnuser” with password “sslvpn123”. When a user logs into the WebVPN, there should be a bookmark link called “Packet Tracer Web Page” pointing to. Enable clientless SSL VPN (WebVPN) on the outside interface of ASA0.