IPsec Remote Access VPN (ASA 8.4) – Part 1 (Basic)

To be honest, there isn’t much of a change in the configuration of an IPsec Remote Access VPN in ASA 8.3/8.4. There is just a minor change in some of the ‘crypto’ statements wherein you need to specify it as either IKEv1 or IKEv2.

So if you are planning to use the legacy IPsec VPN client (the one with that yellow lock icon) then you need to configure your Remote Access VPN with IKEv1 option. And if you’re planning to move to the new AnyConnect VPN client, then you need to configure your Remote Access VPN for IKEv2. AnyConnect does support IPsec VPN, it’s just that it will only work when you have the respective remote access VPN configured for IKEv2.

Please note that the ASA can simultaneously be configured for both IKEv1 and IKEv2. Though they use the same UDP port they are not interoperable but they work independently without any conflicts.

The following post covers the basic configuration that will be required for running an IKEv1 Remote Access VPN in ASA 8.3/8.4.  Continue reading