Stanford's VPN allows you to connect to Stanford's network as if you were on campus, making access to restricted services possible. The built-in VPN client for Mac is another option but is more likely to suffer from disconnects.
(I also had to expand the split tunnel network access list, but I suspect that that was needed for the An圜onnect users, too.Cisco An圜onnect is the recommended VPN client for Mac. I will say that I started with an already-working An圜onnect config and then just added these lines: tunnel-group TG_VPN ipsec-attributes I'm guessing it's using the local accounts as a result of: user-identity default-domain LOCALīut if you can get this working with local users, you can probably work to get auth set up differently if you need. The username and password are locally defined in the ASA with lines like: username user password ***** encrypted privilege 15 Then set up your MacOS "Cisco IPSec" client to use the same shared secret as is found in the "ikev1 pre-shared-key" line and the group name is the tunnel-group, in this case "TG_VPN". Replace with the external FQDN and IP address of your ASA. The file disk0:/examplevpn.xml contains: Tunnel-group-map default-group IPSecProfile ! *** Replace with your own shared secret ! *** Replace with your internal DNS zoneĪnyconnect profiles value ExampleVPN type user Split-tunnel-network-list value Split_Tunnel Vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless ! *** Replace with your internal DNS server ! *** See below for the content of this fileĪnyconnect profiles ExampleVPN disk0:/examplevpn.xml (Look out for ! *** comments.) ! *** This is a pool of IPs that will be allocated to VPN clients I have expurgated it of localized information, so I may have typoed something along the way. I've copied and pasted what I hope is the relevant config out of my ASA (5525) where this is working for both An圜onnect and MacOS-native clients.
0 kommentar(er)
