Operation: Configure CiscoTM VPN Client
Description: To Configure connection for CISCO VPN client. 

Sample Configuration
<CISCOVPNClient> <CISCOClientConfiguration>Enable/Disable</CISCOClientConfiguration> <Name>connectionname</Name> <Interface>interfacename</Interface> <!-- For alias wan port --> <AliasInterface>alias interfacename</AliasInterface> <AuthenticationType>PresharedKey/DigitalCertificate</AuthenticationType> <!-- for preshared key --> <PresharedKey>key</PresharedKey> <!-- for Certificate --> <LocalCertificate>{certificatename}</LocalCertificate> <RemoteCertificate>{certificatename}</RemoteCertificate> <LocalIDType>DNS/IP Address/Email/DER ASN1 DN (X.509)</LocalIDType> <LocalID>localid</LocalID> <RemoteIDType>DNS/IP Address/Email/DER ASN1 DN (X.509)</RemoteIDType> <RemoteID>remoteid</RemoteID> <AllowedUsers> <User>username</User> : </AllowedUsers> <AssignIP> <StartIP>ip address</StartIP> <EndIP>ip address</EndIP> </AssignIP> <LeaseIPFromRadiusServer>Enable/Disable</LeaseIPFromRadiusServer> <DNSServer1>ip address</DNSServer1> <DNSServer2>ip address</DNSServer2> <DisconnectOnIdleInterval>600</DisconnectOnIdleInterval> </CISCOVPNClient>



Parameter Mandatory Default Description
CISCOClientConfigurationNo Disable 
Configure Cisco client information.
CISCOClientConfiguration confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
AliasInterfaceYes  
Select interface from the list of WAN ports on which user will connect VPN.
AliasInterface confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
AuthenticationTypeYes  
Select Authentication type for the Cisco VPN Client.
AuthenticationType confines to:
  • Type is 'SCALAR'.
  • Only 'PresharedKey', 'DigitalCertificate' are allowed.
PresharedKeyNo  
Specify Preshared key or Select Local Certificate to be used by Appliance for authentication based on the Authentication type selected.
PresharedKey confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 1000.
RemoteCertificateNo  
Select Certificate to be used for authentication by the remote peer.
RemoteCertificate confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
LocalIDTypeYes  
Select Local ID type.
LocalIDType confines to:
  • Type is 'SCALAR'.
  • Only 'DNS', 'IP Address', 'Email', 'DER ASN1 DN (X.509)' are allowed.
LocalIDYes  
Specify value for Local ID selected.
LocalID confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
RemoteIDTypeYes  
Select Remote ID type.
RemoteIDType confines to:
  • Type is 'SCALAR'.
  • Only 'DNS', 'IP Address', 'Email', 'DER ASN1 DN (X.509)' are allowed.
RemoteIDYes  
Specify value for Remote ID selected.
RemoteID confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
UserNo  
Specify users to be allowed to connect to CISCO VPN Client.
User confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 50.
  • Multiple values are allowed.
NameYes  
Specify client's name to be displayed.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first characters: (A-Za-z). For other characters: (A-Za-z0-9_)
StartIPYes  
Specify the starting IP Address for the range from which IP Address is leased to the Client.
StartIP confines to:
  • Type is 'SCALAR'.
  • Datatype is 'IPADDRESS'.
  • Maximum characters allowed are 15.
  • IP Class other than 'MULTICAST', 'RESERVED', 'LOCALHOST', 'UNSPECIFIED', 'BROADCAST', 'LINKLOCAL' is allowed.
EndIPYes  
Specify the ending IP Address for the range from which IP Address is leased to the Client.
EndIP confines to:
  • Type is 'SCALAR'.
  • Datatype is 'IPADDRESS'.
  • Maximum characters allowed are 15.
  • IP Class other than 'MULTICAST', 'RESERVED', 'LOCALHOST', 'UNSPECIFIED', 'BROADCAST', 'LINKLOCAL' is allowed.
DNSServer1No  
Provide DNS Server IP Address.
DNSServer1 confines to:
  • Type is 'SCALAR'.
  • Datatype is 'IPADDRESS'.
  • Maximum characters allowed are 15.
  • IP Class other than 'MULTICAST', 'RESERVED', 'LOCALHOST', 'UNSPECIFIED', 'BROADCAST', 'LINKLOCAL' is allowed.
DNSServer2No  
Provide Second DNS Server IP Address.
DNSServer2 confines to:
  • Type is 'SCALAR'.
  • Datatype is 'IPADDRESS'.
  • Maximum characters allowed are 15.
  • IP Class other than 'MULTICAST', 'RESERVED', 'LOCALHOST', 'UNSPECIFIED', 'BROADCAST', 'LINKLOCAL' is allowed.
LeaseIPFromRadiusServerNo Disable 
Enable to lease IP Address through the Radius Server.
LeaseIPFromRadiusServer confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
DisconnectOnIdleIntervalNo 
Disconnect on idle interval.
DisconnectOnIdleInterval confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 120 to 999 is allowed.
  • Maximum digits allowed are 3.



Operation   Status   Message
Configure CiscoTM VPN Client200
Configure CiscoTM VPN Client201
Configure CiscoTM VPN Client500
Configure CiscoTM VPN Client502
Configure CiscoTM VPN Client503
Configure CiscoTM VPN Client511
Configure CiscoTM VPN Client512
Configure CiscoTM VPN Client541


© Copyright 2019 Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.