Cisco Secure VPN Client

The Cisco Secure VPN Client is a low-cost application available to the Internet community. You may need to purchase a license at a minimal cost. The VPN Client is free when you buy a VPN gateway and support contract, and is included with all models of Cisco VPN 3000 Series Concentrators and most Cisco PIX 500 Security Appliances. Customers with Cisco SMARTnet support contracts and encryption entitlement may download the Cisco Secure VPN Client from the Cisco Software Center at no additional cost.

The Cisco Secure VPN Client allows for an IPSec termination to Cisco VPN Concentrators. Additionally, the VPN Client supports:

■ Dynamically pushed VPN-policy configuration on a per-group basis, which eliminates the need for manual client configuration

■ Internal IP addresses, primary and secondary Windows Internet Name Service (WINS), and Domain Name System (DNS)

■ Split-tunnel or no-split-tunnel options on a per-group basis

■ Policy-database support either locally on the router or via RADIUS

■ Authentication of users via extended authentication

■ The latest revisions of the mode configuration and extended authentication IKE extensions

Once the application is installed on the operating system platform, you then start the VPN Client by clicking Start > Programs > Cisco Systems VPN Client > VPN Dialer.

Note for Version 4.x the path is Start > Programs > Cisco Systems VPN Client > VPN Client.

For Microsoft Windows platforms, this brings you to the screen shown in Figure 5-14.

Figure 5-14 Cisco Secure VPN Client

Figure 5-14 displays a blank connection; by clicking the New button, you are presented with configurable options. Figure 5-15 displays the first of these options.

Figure 5-15 Cisco Secure VPN Client Configurable Options

Figure 5-15 Cisco Secure VPN Client Configurable Options

The IP address you enter in Figure 5-15 is that of the publicly routable address. In this scenario, that IP address is 131.108.1.2 (see Figure 5-9).

Finally, you need to define the groups. Figure 5-16 configures the VPN Group (vpngroup12) to match the setting configured on the VPN Concentrator (see Figure 5-10).

Figure 5-16 Cisco Secure VPN Client Group Options

Figure 5-16 Cisco Secure VPN Client Group Options

For completeness, you should also read about the Cisco VPN Hardware Client. Details can be found at http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_ example09186a0080094cf8.shtml. The VPN Hardware Client is a feature available to the PIX Firewalls and is used to create an IPSec tunnel with a VPN 3000 Concentrator. This is a task you will surely be asked to complete in the CCIE Security lab exam.

0 0

Post a comment