Please enable JavaScript to view the comments powered by Disqus.CISCO™ VPN Client
Configure : VPN : CISCO™ VPN Client
CISCO VPN Client
This page describes how to configure an Cisco VPN client.
CISCOTM VPN Client is a software developed by CISCO that runs on Windows systems. It establishes encrypted VPN tunnels with highly secured remote connectivity for the remote workers.
1. Go to Configure > VPN > Cisco VPN Client .
2. Specify the General Settings.
CISCO™ VPN Client
Select to enable CISCO VPN Client.
All the fields will be available for configuration, once CISCO™ VPN Client is enabled.
Default: disabled.
Interface
Select an WAN port to act as endpoint.
IP Aliases created for WAN interfaces will be listed along with the default WAN interfaces.
Authentication Type
Select the authentication type.
Authentication of users depend on the connection type.
Available Options:
Preshared Key - Preshared key authentication is a mechanism whereby a single key is used for encryption and decryption. Both peers should possess the preshared key. The remote peer uses the preshared key for decryption. On selecting this option the user has to provide:
Preshared Key – Specify the preshared key to be used. The preshared key should be of minimum 5 characters.
Confirm Preshared Key – Provide the same preshared key to confirm it.
This preshared key will have to be shared or communicated to the peer at the remote end. At the remote end, the client will have to specify this key for authentication. If there is a mismatch in the key, the user will not be able to establish the connection.
Digital Certificate: Digital certificate authentication is a mechanism whereby sender and receiver both use a digital certificate issued by the certificate authority. Both sender and receiver must have each other’s certificate authority.
Local Certificate – Select the local certificate that should be used for authentication by the device
Remote Certificate – Select the remote certificate that should be used for authentication by the remote peer.
Local ID (available only if Authentication Type selected is Preshared Key)
Specify a value for the local ID selected.
Available Options:
DNS
IP Address
Email
DER ASN1 DN (X.509)
* DER ASN1 DN(X.509) can not be used for Preshared Key authentication.
If Digital Certificate is selected, the ID and its value is displayed automatically as specified in the Local Certificate.
Remote ID
Select a value for the remote ID selected.
Available Options:
DNS
IP Address
Email
DER ASN1 DN (X.509)
* DER ASN1 DN(X.509) can not be used for Preshared Key authentication.
Allowed User
Select all the users who are to be allowed to connect to the configured CISCO™ VPN client.
3. Specify the Client Information.
Name
Enter a unique name for the connection.
Assign IP from
Specify the IP address range.
The device will lease the IP address to the Cisco™ IPsec client from the specified IP address range.
* Do not configure the above IP address range in L2TP or PPTP configuration.
Allow leasing IP address from Radius server for L2TP, PPTP and CISCO VPN Client
Click to lease the IP address to the L2TP, PPTP and CISCO VPN client users through the Radius server.
Radius is a protocol that allows network devices to authenticate users against a central database. It can also store technical information used by network devices.
If enabled, the configured IP address is overridden with the IP address provided by the Radius server.
DNS Server 1
Provide a DNS server IP address to be pushed to CISCO VPN clients.
DNS Server 2
Provide a DNS server IP address to be pushed to CISCO VPN clients.
4. Specify the Advanced Settings.
Disconnect when tunnel is idle
Click to allow the device to delete an idle VPN session if it exceeds the specified idle session time interval.
Idle session time interval (available only if Disconnect when tunnel is idle option is enabled)
Specify the time limit after which an idle VPN session will be deleted by the device.
Acceptable Range: 120 to 999
Apply
Click to accept and save the Cisco VPN client configuration.
Export Connection (available only if a Cisco VPN connection is configured)
Click to export Cisco VPN client configuration.
Once the .tgb file has been exported, it has to be passed to the client.
On the client side, the client needs the Sophos IPsec client to import the .tbg file and establish a connection to Sophos XG Firewall.
The Sophos IPsec VPN client may be downloaded from https://www.sophos.com/en-us/support/utm-downloads.aspx.
* You cannot export the connection when an external certificate is selected as Remote Certificate.
Reset
Click to delete the entire Cisco VPN client configuration.