160 likes | 183 Views
Network Security 2. Module 6 – Configure Remote Access VPN. Lesson 6.3 Implementing the Cisco VPN Client. Module 6 – Configure Remote Access VPN. Cisco VPN Client. The Cisco VPN Client is simple to deploy and operate
E N D
Network Security 2 Module 6 – Configure Remote Access VPN
Lesson 6.3 Implementing the Cisco VPN Client Module 6 – Configure Remote Access VPN
Cisco VPN Client • The Cisco VPN Client is simple to deploy and operate • It allows organizations to establish end-to-end, encrypted VPN tunnels for secure connectivity for mobile employees or teleworkers
Cisco VPN Client Configuration Tasks • Install Cisco VPN Client • Create a new client connection entry • Configure the client authentication properties • Configure transparent tunneling • Enable and add backup servers • Configure a connection to the Internet through dialup networking
Create a New Client Connection Entry—Main Window (Task 2) 1. 2. VPN Client Main Window
Creating a New Connection Entry (Task 2) 3. 4. 5. 6.
Group Authentication • The network administrator usually configures group authentication. However, if group authentication has not been configured complete this procedure shown : • Select the Group Authentication radio button • In the Name field, enter the name of the IPsec group belonged to. This entry is case sensitive. • In the Password field, enter the password (which is also case sensitive) for the IPsec group. The field displays only asterisks • Verify the password in the Confirm Password field
Configuring ClientAuthentication Properties (Task 3) • Authentication options: Group preshared secrets (group name and group secret) Mutual authentication (import CA certificate first; group name and secret) Digital certificates (enroll with the CA first; select the certificate) 1. 2. 3. 4.
Mutual Group Authentication (Task 3) Mutual authentication should be used instead of group preshared secrets. Group preshared secrets are vulnerable to man-in-the-middle attacks if the attacker knows the group preshared secret. 1. 2.
Configuring Transparent Tunneling (Task 4) Transparent tunneling is on by default. NAT-T enables IPsec and IKE over a standard UDP port 4500, allowing the VPN Client to be behind a NAT or PAT device. 1. 2.
Status > Statistics > Route Details 2. The Statistics window provides information about tunnel details, the routing table, and personal firewall. 1.
Enable Backup Servers • To enable backup servers from the VPN Client, click the Backup Servers tab in the VPN Client Properties form: • Check the Enable Backup Servers check box. This box is unchecked by default. • Click Add to enter the backup server address. A new window appears • Enter the host name or IP address of the backup server, using a maximum of 255 characters. Click OK when done
Enable and Add Backup Servers (Task 5) List backup VPN servers that are to be used in case the primary VPN server is not reachable. 1. 2. 3.
Configuring the Dialup Connection • The final task is configuring the dialup connection to the Internet. • To connect to a private network using a dialup connection, perform the following: • Use a dialup connection to your Internet service provider (ISP) to connect to the Internet. • Use the VPN Client to connect to the private network through the Internet. • To enable and configure this feature, check the Connect to Internet via dial-up check box in the Dial-Up tab of the VPN Client Properties form. This box is unchecked by default.