Cisco ASA VPN integration with Symantec VIP Access

I have been working on migrating the Cisco ASA VPN from an RSA key solution to a Symantec VIP Access solution that integrates with smart devices e.g. iPhone, iPad through an App.

For this to work I ran through the below:

Active Directory

  1. Create a service account for Symantec VIP to be able to read AD
  2. Create a group for enabled users to be able to access ASA-VIP VPN

Symantec VIP server

  1. Create a user store
  2. Attach the above AD group for enabled users
  3. Configure RADIUS Validation details including port and shared secret

Cisco ASA

  1. Create a new IPSec Connection Profile with a new Pre-shared key
  2. Configure a new AAA Server Group which used the RADIUS authentication protocol
  3. Create a AAA Server (the Symantec VIP server)
  4. Set the Server Authentication and Accounting ports as well as the RADIUS Server Secret Key and Common Password which were initially setup on the VIP server
  5. Assign the DHCP Servers
  6. Assign the Group Policy

Note: The IPSec Connection Profile is case-sensitive.

On the client machine, I changed the corresponding profile parameters e.g. Connection Profile and Pre-shared key. The destination address points to the Outside interface of the ASA. When you hit connect button, the authentication box appears followed by a prompt on the iPhone VIP App seeking approval for the access. When approval is granted, the VPN connection completes and the padlock is displayed within the Cisco VPN client.

Microsoft Send as permissions

Recently I have been working on Microsoft Exchange Send as permissions with shared mailboxes.

When setting the Send as permission in Active Directory you have to select the mailbox you want to configure and go to the properties of the account. Select the Security tab and either select or add the name or group. In the permission pane scroll down to Send as permission and check the Allow box then click Apply and OK.

For the changes to take effect and to get this to work in Outlook 2013, I had to restart the Outlook session.