Global

On the Remote Access > Cisco VPN Client > Global tab you can configure basic options for setting up remote access via Cisco VPN Client.

Note – By default, the 96-bit Android-friendly version of CISCO VPN authentication is enabled. If you want to follow the official RFC (e.g. to use CISCO VPN with Nokia Smartphones), see the Sophos Knowledge Base.

To configure Sophos UTM on AWS to allow Cisco VPN Client connections, proceed as follows:

  1. On the Global tab enable Cisco VPN Client.

    Click the toggle switch.

    The toggle switch turns amber and the Server Settings area becomes editable.

  2. Specify the following settings:

    Interface: Select an interface to be used for Cisco VPN Client connections.

    Server certificate: Select the certificate with which the server identifies itself to the client.

    Pool network: Select a network pool to choose virtual network addresses from to assign them to connecting clients. By default VPN Pool (Cisco) is selected.

    Local networks: Select or add the local networks that should be reachable through the VPN tunnel. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.

    Users and groups: Select users or user groups, or add users that are allowed to connect to Sophos UTM on AWS via Cisco VPN Client. For how to add new users or groups, see Definitions & Users > Users & Groups > Users.

    Automatic firewall rules (optional): By selecting this option you can automatically add firewall rules that allow traffic for this connection. The rules are added as soon as the connection is enabled, and they are removed when the connection is disabled.

  3. Click Apply.

    Your settings will be saved.

    The switch turns green.

Live Log

Use the live log to track connection logs of the IPsec IKE daemon log. It shows information on establishing, upkeeping, and closing connections.