Client configuration:

IKEv1 is supported on the Cisco VPN client only. For IKEv2 you need to use the Cisco Anyconnect VPN client.

  1. Download the Cisco VPN Client (Yellow Padlock) via the Cisco website and install (I am using v5.0.07.290)

  2. Open the VPN client and click New.

  3. Give the VPN a name under "Connection Entry".

  4. Enter the outside IP Address of the ASA in the "Host" box(needs to be a public IP).

  5. Click the Authentication tab, in the Group Authentication box, type in the VPN Tunnel name, in my case it's "ipsec_tunnel".

  6. Enter the pre-shared key under "Password" and "Confirm Password", in my case it's "mysecureC1scopresharedkey". Click Save

  7. Click Connect. Enter the username and password of the user you created in the local username database, in my case it's vpnuser1.

  8. The VPN client should minimize to the taskbar, at which point you can test if you can reach your permitted access remotely.

  9. To confirm, on the ASA type:

show crypto isakmp sa

  1. You should see the remote client's route by typing:

show route

The route should disappear once you disconnect the client.