Global

On the Remote Access > Cisco VPN Client > Global tab you can configure basic options for setting up remote access via Cisco VPN Client.

Note – By default, the 96-bit Android-friendly version of CISCO VPN authentication is enabled. If you want to follow the official RFC (e.g. to use CISCO VPN with Nokia Smartphones), see the Sophos Knowledge Base.

To configure Sophos UTM on AWS to allow Cisco VPN Client connections, proceed as follows:

  1. On the Global tab enable Cisco VPN Client.

    Click the toggle switch.

    The toggle switch turns amber and the Server Settings area becomes editable.

  2. Make the following settings:

    Interface: Select an interface to be used for Cisco VPN Client connections.

    Server certificate: Select the certificate with which the server identifies itself to the client.

    Pool network: Select a network pool to choose virtual network addresses from to assign them to connecting clients. By default VPN Pool (Cisco) is selected.

    Local networks: Select or add the local networks that should be reachable through the VPN tunnel. How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.

    Users and groups: Select users or user groups, or add users that are allowed to connect to Sophos UTM on AWS via Cisco VPN Client. How to add users is explained on the Definitions & Users > Users & Groups > Users page.

    Automatic firewall rules (optional): By selecting this option you can automatically add firewall rules that allow traffic for this connection. The rules are added as soon as the connection is enabled, and they are removed when the connection is disabled.

  3. Click Apply.

    Your settings will be saved.

    The toggle switch turns green.

Live Log

Use the live log to track connection logs of the IPsec IKE daemon log. It shows information on establishing, upkeeping, and closing connections.