?
Solved

Cisco VPN?

Posted on 2011-03-07
13
Medium Priority
?
468 Views
Last Modified: 2012-06-27
Hi, I have a Cisco 2621 XM router at my office. I need to set up a VPN connection to this router and use the Cisco VPN client. Can someone let me know what I will need to get this done? Thank you.
0
Comment
Question by:aej1973
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
13 Comments
 
LVL 1

Expert Comment

by:pointermanks
ID: 35058685
Need more information that what is up there now.  Do you have firewalls/ASA's in the network?
0
 

Author Comment

by:aej1973
ID: 35058805
no, I do not have  an ASA firewall. I have a 2621XM router with the security package (sec/ k9). Will I need a ASA firewall to impliment this VPN tunnel?

Also, to use the Cisco VPN client software will I need to have a licence from Cisco? Thanks for the help.
0
 
LVL 1

Expert Comment

by:pointermanks
ID: 35058878
you need to get the *.pcl file for the VPN set up.  Should look something like this:  Also, if you have the software then no you do not need to have a license to have it work but you should....  

[main]
Description=VPN
Host=IP address
AuthType=1
GroupName=group name
GroupPwd= password
enc_GroupPwd=
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPPhonebook=
ISPCommand=
Username= user name
SaveUserPassword=0  (set these to 1 to save the password in the PCL file.)
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
PeerTimeout=90
EnableLocalLAN=0
0
The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

 

Author Comment

by:aej1973
ID: 35058934
Would I need a license if I have an ASA firewall? Also, I am not very sure how to update the router with *.plc file. Thank you for the help.

-A
0
 

Author Comment

by:aej1973
ID: 35063899
I did have  word with my Cisco vendor and he mentioned that there are VPN cards available for my 2621XM router, how would I use this? Thanks for the help.
0
 
LVL 1

Expert Comment

by:pointermanks
ID: 35069426
the PCL file resides on the computer you are using to connect with.  You will need to configure the ASA with the VPN connection opening the correct ports for the protocols you are utilizing.  I use a shared key then a user specific key that I generate utilizing keypass.  you will need to specify the ip address range that the VPN is going to be able to utilize as by default everything is blocked until you open it up.  If you are utilizing NAT then you will need to have the NAT rule set up to translate the public IP address to the private IP address of the router if that is what you are VPN'ng to.  I usually set up the VPN to go to the core router for the network then you can go from there to almost anywhere.  that allows me to RDC to servers and desktops to troubleshoot when I am off site.
0
 

Author Comment

by:aej1973
ID: 35078403
well, I guess I found the article I was looking for to configure a VPN connection on my 2621XM:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a00806ad10e.shtml

I am a lillte confused about  a few things:

1) In the last step it tells me to create a new pool of IP address, what are these addresses? My lan network has a pool of 10.13.3.0, do I need to put a subset of this pool?
2) In the VPN client what will be:

- connection entry
-Host
- In the group auth what will be the name and password?


Thank you for the help.

-A
0
 
LVL 1

Accepted Solution

by:
pointermanks earned 500 total points
ID: 35084793
If you want to restrict what people can access then you put in a new subnet then you can limit where they can go by a ACL.

Connection entity will be the name of what you want to call the VPN connection
host is the IP address that you are connecting to (public IP NAT to private)
group authentication is a user name and password you put in so that the person connecting has to do double authentication.  Basically tells the connection to accept it or not then you can authenicate username and password.  Another level of security.
0
 

Author Comment

by:aej1973
ID: 35348460
I would like to award pts and close this question.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35696411
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question