© 2006 Cisco Systems, Inc. All rights reserved.ISCW v1.04-1 IPsec VPNs Implementing the Cisco VPN Client.

Презентация:



Advertisements
Похожие презентации
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Configuring Cisco Easy VPN and Easy VPN Server Using SDM.
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved.CIPT2 v Monitor and Manage IP Telephony Introducing Cisco Unified CallManager Serviceability.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Site-to-Site IPsec VPN Operation.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Cisco High Availability Options.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Module Summary The IKE protocol is a key management protocol standard used in conjunction with.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Configuring a Cisco IOS Firewall Configuring a Cisco IOS Firewall with the Cisco SDM Wizard.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Configuring GRE Tunnels over IPsec.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 14 Configuring the Cisco Virtual Private Network 3000 Series Concentrator for IPSec.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Configuring IPsec Site-to-Site VPN Using SDM.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v BGP Overview Establishing BGP Sessions.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Completing ISDN Calls Configuring ISDN BRI and PRI.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
© 2006 Cisco Systems, Inc. All rights reserved.SND v Building Cisco IPsec VPNs Building Remote Access VPNs.
© 2006 Cisco Systems, Inc. All rights reserved.ONT v Implement the DiffServ QoS Model Implementing QoS Preclassify.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Module Summary The Cisco Discovery Protocol is an information-gathering tool used by network.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
© 2005 Cisco Systems, Inc. All rights reserved. IPTX v Configuring Additional Cisco CallManager Express Features Configuring Cisco CallManager Express.
© 2006 Cisco Systems, Inc. All rights reserved. BSCI v Manipulating Routing Updates Implementing Advanced Cisco IOS Features: Configuring DHCP.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Module Summary An IPsec VPN is a collection of protocols that help you to hook up your company.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 9 Routing.
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Implementing the Cisco VPN Client

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco VPN Client Configuration Tasks

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco VPN Client Configuration Tasks 1. Install Cisco VPN Client. 2. Create a new client connection entry. 3. Configure the client authentication properties. 4. Configure transparent tunneling. 5. Enable and add backup servers. 6. Configure a connection to the Internet through dial-up networking.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Use the Cisco VPN Client to Establish an RA VPN Connection and Verify the Connection Status

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Use the Cisco VPN Client to Establish a VPN Connection and Verify the Connection Status Installation process: –Download the latest version of the Cisco VPN Client from the CCO. –Remove any previous versions of the Cisco VPN Client. –Start the setup process that will guide you through the installation steps. Configuration process: –Start the VPN Client. –Create and configure VPN connections. –Test VPN connections.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 1: Install Cisco VPN Client

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 2: Create a New Client Connection Entry

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 2: Create a New Client Connection Entry (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 3: Configure Client Authentication Properties Authentication options: Group preshared secrets (group name and group secret) Mutual authentication (import CA certificate first; group name and secret) Digital certificates (enroll with the CA first; select the certificate)

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Mutual Group Authentication Mutual authentication should be used instead of group preshared secrets. Group preshared secrets are vulnerable to man-in-the-middle attacks if the attacker knows the group preshared secret.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 4: Configure Transparent Tunneling On by default. NAT-T enables IPsec and IKE over a standard UDP port 4500, allowing the VPN Client to be behind a NAT or PAT device.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Routing Table The Statistics window provides information about tunnel details, routing table, and personal firewall

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 5: Enable and Add Backup Servers List backup VPN servers to be used in case the primary VPN server is not reachable

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 6: Configure Connection to the Internet Through Dial-Up Networking Optionally, tie a VPN connection to a dial-up connection defined in the Networking section of Windows.

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Summary You can install the VPN Client on your system through either of two different applications: InstallShield and MSI. Connection entries include: –The VPN device (the remote server) to access –Preshared keys –Certificates –Optional parameters Authentication methods include: –Group authentication –Mutual group authentication –Certificate authentication

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Summary (Cont.) Transparent tunneling allows secure transmission through a router serving as a firewall, which may also be performing NAT or PAT. Access to local LAN resources can be made available. The private network may include one or more backup VPN servers to use if the primary server is not available. You can connect to the Internet using the VPN Client application in either of the following ways: –Microsoft Dial-Up Networking –A third-party dial-up program, usually from your ISP

© 2006 Cisco Systems, Inc. All rights reserved.ISCW v