Solved

Cisco VPN?

Posted on 2011-03-07
13
459 Views
Last Modified: 2012-06-27
Hi, I have a Cisco 2621 XM router at my office. I need to set up a VPN connection to this router and use the Cisco VPN client. Can someone let me know what I will need to get this done? Thank you.
0
Comment
Question by:aej1973
  • 5
  • 4
13 Comments
 
LVL 1

Expert Comment

by:pointermanks
ID: 35058685
Need more information that what is up there now.  Do you have firewalls/ASA's in the network?
0
 

Author Comment

by:aej1973
ID: 35058805
no, I do not have  an ASA firewall. I have a 2621XM router with the security package (sec/ k9). Will I need a ASA firewall to impliment this VPN tunnel?

Also, to use the Cisco VPN client software will I need to have a licence from Cisco? Thanks for the help.
0
 
LVL 1

Expert Comment

by:pointermanks
ID: 35058878
you need to get the *.pcl file for the VPN set up.  Should look something like this:  Also, if you have the software then no you do not need to have a license to have it work but you should....  

[main]
Description=VPN
Host=IP address
AuthType=1
GroupName=group name
GroupPwd= password
enc_GroupPwd=
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPPhonebook=
ISPCommand=
Username= user name
SaveUserPassword=0  (set these to 1 to save the password in the PCL file.)
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
PeerTimeout=90
EnableLocalLAN=0
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:aej1973
ID: 35058934
Would I need a license if I have an ASA firewall? Also, I am not very sure how to update the router with *.plc file. Thank you for the help.

-A
0
 

Author Comment

by:aej1973
ID: 35063899
I did have  word with my Cisco vendor and he mentioned that there are VPN cards available for my 2621XM router, how would I use this? Thanks for the help.
0
 
LVL 1

Expert Comment

by:pointermanks
ID: 35069426
the PCL file resides on the computer you are using to connect with.  You will need to configure the ASA with the VPN connection opening the correct ports for the protocols you are utilizing.  I use a shared key then a user specific key that I generate utilizing keypass.  you will need to specify the ip address range that the VPN is going to be able to utilize as by default everything is blocked until you open it up.  If you are utilizing NAT then you will need to have the NAT rule set up to translate the public IP address to the private IP address of the router if that is what you are VPN'ng to.  I usually set up the VPN to go to the core router for the network then you can go from there to almost anywhere.  that allows me to RDC to servers and desktops to troubleshoot when I am off site.
0
 

Author Comment

by:aej1973
ID: 35078403
well, I guess I found the article I was looking for to configure a VPN connection on my 2621XM:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a00806ad10e.shtml

I am a lillte confused about  a few things:

1) In the last step it tells me to create a new pool of IP address, what are these addresses? My lan network has a pool of 10.13.3.0, do I need to put a subset of this pool?
2) In the VPN client what will be:

- connection entry
-Host
- In the group auth what will be the name and password?


Thank you for the help.

-A
0
 
LVL 1

Accepted Solution

by:
pointermanks earned 125 total points
ID: 35084793
If you want to restrict what people can access then you put in a new subnet then you can limit where they can go by a ACL.

Connection entity will be the name of what you want to call the VPN connection
host is the IP address that you are connecting to (public IP NAT to private)
group authentication is a user name and password you put in so that the person connecting has to do double authentication.  Basically tells the connection to accept it or not then you can authenicate username and password.  Another level of security.
0
 

Author Comment

by:aej1973
ID: 35348460
I would like to award pts and close this question.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35696411
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cradle point vpn to sonicwall 5 79
configure ASA Vlan Interface 14 60
Palo Alto Networks - find the sec zone 3 49
Sonicwall guest user accounts 2 10
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question