© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Implementing the Cisco VPN Client
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco VPN Client Configuration Tasks
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Cisco VPN Client Configuration Tasks 1. Install Cisco VPN Client. 2. Create a new client connection entry. 3. Configure the client authentication properties. 4. Configure transparent tunneling. 5. Enable and add backup servers. 6. Configure a connection to the Internet through dial-up networking.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Use the Cisco VPN Client to Establish an RA VPN Connection and Verify the Connection Status
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Use the Cisco VPN Client to Establish a VPN Connection and Verify the Connection Status Installation process: –Download the latest version of the Cisco VPN Client from the CCO. –Remove any previous versions of the Cisco VPN Client. –Start the setup process that will guide you through the installation steps. Configuration process: –Start the VPN Client. –Create and configure VPN connections. –Test VPN connections.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 1: Install Cisco VPN Client
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 2: Create a New Client Connection Entry
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 2: Create a New Client Connection Entry (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 3: Configure Client Authentication Properties Authentication options: Group preshared secrets (group name and group secret) Mutual authentication (import CA certificate first; group name and secret) Digital certificates (enroll with the CA first; select the certificate)
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Mutual Group Authentication Mutual authentication should be used instead of group preshared secrets. Group preshared secrets are vulnerable to man-in-the-middle attacks if the attacker knows the group preshared secret.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 4: Configure Transparent Tunneling On by default. NAT-T enables IPsec and IKE over a standard UDP port 4500, allowing the VPN Client to be behind a NAT or PAT device.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Routing Table The Statistics window provides information about tunnel details, routing table, and personal firewall
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 5: Enable and Add Backup Servers List backup VPN servers to be used in case the primary VPN server is not reachable
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Task 6: Configure Connection to the Internet Through Dial-Up Networking Optionally, tie a VPN connection to a dial-up connection defined in the Networking section of Windows.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Summary You can install the VPN Client on your system through either of two different applications: InstallShield and MSI. Connection entries include: –The VPN device (the remote server) to access –Preshared keys –Certificates –Optional parameters Authentication methods include: –Group authentication –Mutual group authentication –Certificate authentication
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v Summary (Cont.) Transparent tunneling allows secure transmission through a router serving as a firewall, which may also be performing NAT or PAT. Access to local LAN resources can be made available. The private network may include one or more backup VPN servers to use if the primary server is not available. You can connect to the Internet using the VPN Client application in either of the following ways: –Microsoft Dial-Up Networking –A third-party dial-up program, usually from your ISP
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v