Solved

Cisco VPN?

Posted on 2011-03-07
13
452 Views
Last Modified: 2012-06-27
Hi, I have a Cisco 2621 XM router at my office. I need to set up a VPN connection to this router and use the Cisco VPN client. Can someone let me know what I will need to get this done? Thank you.
0
Comment
Question by:aej1973
  • 5
  • 4
13 Comments
 
LVL 1

Expert Comment

by:pointermanks
Comment Utility
Need more information that what is up there now.  Do you have firewalls/ASA's in the network?
0
 

Author Comment

by:aej1973
Comment Utility
no, I do not have  an ASA firewall. I have a 2621XM router with the security package (sec/ k9). Will I need a ASA firewall to impliment this VPN tunnel?

Also, to use the Cisco VPN client software will I need to have a licence from Cisco? Thanks for the help.
0
 
LVL 1

Expert Comment

by:pointermanks
Comment Utility
you need to get the *.pcl file for the VPN set up.  Should look something like this:  Also, if you have the software then no you do not need to have a license to have it work but you should....  

[main]
Description=VPN
Host=IP address
AuthType=1
GroupName=group name
GroupPwd= password
enc_GroupPwd=
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPPhonebook=
ISPCommand=
Username= user name
SaveUserPassword=0  (set these to 1 to save the password in the PCL file.)
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
PeerTimeout=90
EnableLocalLAN=0
0
 

Author Comment

by:aej1973
Comment Utility
Would I need a license if I have an ASA firewall? Also, I am not very sure how to update the router with *.plc file. Thank you for the help.

-A
0
 

Author Comment

by:aej1973
Comment Utility
I did have  word with my Cisco vendor and he mentioned that there are VPN cards available for my 2621XM router, how would I use this? Thanks for the help.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Expert Comment

by:pointermanks
Comment Utility
the PCL file resides on the computer you are using to connect with.  You will need to configure the ASA with the VPN connection opening the correct ports for the protocols you are utilizing.  I use a shared key then a user specific key that I generate utilizing keypass.  you will need to specify the ip address range that the VPN is going to be able to utilize as by default everything is blocked until you open it up.  If you are utilizing NAT then you will need to have the NAT rule set up to translate the public IP address to the private IP address of the router if that is what you are VPN'ng to.  I usually set up the VPN to go to the core router for the network then you can go from there to almost anywhere.  that allows me to RDC to servers and desktops to troubleshoot when I am off site.
0
 

Author Comment

by:aej1973
Comment Utility
well, I guess I found the article I was looking for to configure a VPN connection on my 2621XM:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a00806ad10e.shtml

I am a lillte confused about  a few things:

1) In the last step it tells me to create a new pool of IP address, what are these addresses? My lan network has a pool of 10.13.3.0, do I need to put a subset of this pool?
2) In the VPN client what will be:

- connection entry
-Host
- In the group auth what will be the name and password?


Thank you for the help.

-A
0
 
LVL 1

Accepted Solution

by:
pointermanks earned 125 total points
Comment Utility
If you want to restrict what people can access then you put in a new subnet then you can limit where they can go by a ACL.

Connection entity will be the name of what you want to call the VPN connection
host is the IP address that you are connecting to (public IP NAT to private)
group authentication is a user name and password you put in so that the person connecting has to do double authentication.  Basically tells the connection to accept it or not then you can authenicate username and password.  Another level of security.
0
 

Author Comment

by:aej1973
Comment Utility
I would like to award pts and close this question.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now