Home > Articles > Cisco Certification > CCNP Security / CCSP > CCSP Cisco Secure VPN Exam: Remote Access Configuration

CCSP Cisco Secure VPN Exam: Remote Access Configuration

Chapter Description

This chapter discusses the process of implementing Internet Protocol Security (IPSec) using preshared keys on the Cisco VPN 3000 Series Concentrators. You'll read an overview of remote access using preshared keys, learn how to configure the Cisco VPN 3000 Concentrator Series and browsers for remote access, and discover configuration methods for users and groups. You'll also learn how to set up IPSec Windows clients.

Foundation Summary

The Foundation Summary is a collection of tables and figures that provides a convenient review of many key concepts in this chapter. For those of you already comfortable with the topics in this chapter, this summary could help you recall a few details. For those of you who just read this chapter, this review should help solidify some key facts. For anyone doing his or her final preparation before the exam, these tables and figures are hopefully a convenient way to review the material the day before the exam.

Types of Preshared Keys

The types of preshared keys are as follows:

  • Unique—Tied to a specific IP address

  • Group—Tied to a group

  • Wildcard—Not tied to anything

VPN 3000 Concentrator CLI Quick Configuration Steps

The steps to VPN 3000 Concentrator CLI Quick Configuration are as follows:

Step 1

Boot the VPN concentrator with default configuration.

Step 2

Login as admin/admin.

Step 3

Set the system time.

Step 4

Set the system date.

Step 5

Set the time zone.

Step 6

Set the daylight-savings time support.

Step 7

Enter an IP address for the Private interface.

Step 8

Enter a subnet mask for the Private interface.

Step 9

Select the speed of the interface.

Step 10

Select the duplex mode of the interface.

Step 11

Save and exit the CLI.


VPN 3000 Concentrator Browser-Based Manager Quick Configuration Steps

The steps to the VPN 3000 Concentrator browser-based Manager Quick Configuration are as follows:

Step 1

Ping the VPN concentrator from the administrator PC to verify connectivity.

Step 2

Start the web browser.

Step 3

Enter the address of the VPN concentrator (be sure to use https:// if you need to enable the VPN concentrator's SSL Certificate on your browser).

Step 4

Log in as admin/admin.

Step 5

Select Click here to start Quick Configuration.

Step 6

Select hotlink to Ethernet 2 (Public) interface.

Step 7

Enter the IP address, subnet mask, speed, and duplex mode.

Step 8

Verify the system name, date, time, time zone, and DST support.

Step 9

Enter the DNS server address.

Step 10

Enter the domain name.

Step 11

Enter the default gateway address.

Step 12

Select the tunneling protocols to use—IPSec.

Step 13

Select the methods of assigning IP address for the IPSec tunnel endpoints.

Step 14

Choose the method for user authentication (Internal Server).

Step 15

Add usernames and passwords.

Step 16

Supply the IPSec group name and password.

Step 17

Change the admin password.

Step 18

Click the Save Needed icon to save the configuration changes.


VPN Client Installation Steps

The steps for installing the VPN Client are as follows:

Step 1

Insert the Cisco VPN Client CD into your CD-ROM drive.

Step 2

View the CD's menu after Autorun starts the CD.

Step 3

Select Install Cisco VPN Client.

Step 4

Click Yes to permit disabling IPSec Policy Agent (if asked).

Step 5

Click Next on the Welcome screen.

Step 6

Read and accept the license agreement.

Step 7

Click Next to accept the default file location.

Step 8

Click Next to accept the default application location.

Step 9

Select the reboot option (now or later) and click Finish.


VPN Client Configuration Steps

The steps for configuring the VPN Client are as follows:

Step 1

Choose Start, Programs, Cisco Systems VPN Client, VPN Dialer to start the application.

Step 2

Click New to create a new connection.

Step 3

Enter the connection name and description.

Step 4

Enter the IP address or host name of the VPN concentrator.

Step 5

Enter the IPSec group name and password that you created on the VPN concentrator.

Step 6

Click Finish to complete the connection creation.

NOTE

You can customize the installation process to suit different client configurations. See the Cisco website, http://www.cisco.com, for more information.


VPN Client Program Options

VPN Client program options include the following:

  • Certificate Manager
  • Help
  • Log Viewer
  • Set MTU
  • Uninstall VPN Client
  • VPN Dialer

Limits for Number of Groups and Users

Table 4-4 shows the maximum number of groups and users.

Table 4-4 Maximum Combined Groups and Users per VPN Model

Model

Maximum Combined Number of Groups and Users

3005

100

3015

100

3030

500

3060

1000

3080

1000


Complete Configuration Table of Contents

Table 4-5 shows the complete configuration table of contents (TOC).

Table 4-5 Complete Expansion of the Configuration TOC

Configuration

 

 

 

 

>

Interfaces

 

 

 

>

System

 

 

 

 

>

Servers

 

 

 

 

>

Authentication

 

 

 

>

Accounting

 

 

 

>

DNS

 

 

 

>

DHCP

 

 

 

>

NTP

 

 

 

 

>

Parameters

 

 

 

>

Hosts

 

>

Address Management

 

 

 

>

Assignment

 

 

 

>

Roots

 

 

>

Tunneling Protocols

 

 

 

>

PPTP

 

 

 

>

L2TP

 

 

 

>

IPSec

 

 

 

 

>

LAN-to-LAN

 

 

 

>

IKE Proposals

 

 

 

>

IPSec over TCP

 

>

IP Routing

 

 

 

 

>

Static Routes

 

 

 

>

Default Gateways

 

 

>

OSPF

 

 

 

>

OSPF Areas

 

 

 

>

DHCP

 

 

 

>

Redundancy

 

 

 

>

Reverse Route Injection

 

>

Management Protocols

 

 

 

>

FTP

 

 

 

>

HTTP/HTTPS

 

 

 

>

TFTP

 

 

 

>

Telnet

 

 

 

>

SNMP

 

 

 

>

SNMP Communities

 

 

>

SSL

 

 

 

>

SSH

 

 

 

>

XML

 

 

>

Events

 

 

 

 

>

General

 

 

 

>

FTP Backup

 

 

 

>

Classes

 

 

 

>

Trap Destinations

 

 

>

Syslog Servers

 

 

 

>

SMTP Servers

 

 

 

>

E-mail Recipients

 

>

General

 

 

 

 

>

Identification

 

 

 

>

Time and Date

 

 

 

>

Sessions

 

 

 

>

Authentication

 

 

>

Client Update

 

 

 

 

>

Enable

 

 

 

>

Entries

 

 

>

Load Balancing

 

>

User Management

 

 

 

>

Base Group

 

 

 

>

Groups

 

 

 

>

Users

 

 

>

Policy Management

 

 

 

>

Access Hours

 

 

>

Traffic Management

 

 

 

>

Network Lists

 

 

 

>

Rules

 

 

 

>

SAs

 

 

 

>

Filters

 

 

 

>

NAT

 

 

 

 

>

Enable

 

 

 

>

Rules


Complete Administration Table of Contents

Table 4-6 shows the complete administration table of contents (TOC).

Table 4-6 Complete Expansion of the Administration TOC

Administration

 

 

 

 

>

Administer Sessions

 

 

>

Software Update

 

 

 

>

Concentrator

 

 

 

>

Clients

 

 

>

System Reboot

 

 

>

Ping

 

 

 

>

Monitoring Refresh

 

 

>

Access Rights

 

 

 

>

Administrators

 

 

 

>

Access Control List

 

 

>

Access Settings

 

 

>

AAA Servers

 

 

 

 

>

Authentication

 

>

File Management

 

 

 

>

Swap Config File

 

 

>

TFTP Transfer

 

 

 

>

File Upload

 

 

 

>

XML Export

 

 

>

Certificate Management

 

 

 

>

Enrollment

 

 

 

>

Installation

 

 


Complete Monitoring Table of Contents

Table 4-7 shows the complete monitoring table of contents (TOC).

Table 4-7 Complete Expansion of the Monitoring TOC

Monitoring

 

 

 

 

>

Routing Table

 

 

>

Filterable Event Log

 

 

 

>

Live Event Log

 

 

>

System Status

 

 

>

Sessions

 

 

 

 

>

Protocols

 

 

 

>

Encryption

 

 

 

>

Top Ten Lists

 

 

 

 

>

Data

 

 

 

>

Duration

 

 

 

>

Throughput

 

>

Statistics

 

 

 

 

>

PPTP

 

 

 

>

L2TP

 

 

 

>

IPSec

 

 

 

>

HTTP

 

 

 

>

Events

 

 

 

>

Telnet

 

 

 

>

DNS

 

 

 

>

Authentication

 

 

 

>

Accounting

 

 

 

>

Filtering

 

 

 

>

VRRP

 

 

 

>

SSL

 

 

 

>

DHCP

 

 

 

>

Address Pools

 

 

 

>

SSH

 

 

 

>

Load Balancing

 

 

>

Compression

 

 

 

>

Administrative AAA

 

 

>

NAT

 

 

 

>

MIP-II Stats

 

 

 

 

>

Interfaces

 

 

 

>

TCP/UDP

 

 

 

>

IP

 

 

 

>

RIP

 

 

 

>

OSPF

 

 

 

>

ICMP

 

 

 

>

ARP Table

 

 

 

>

Ethernet

 


3. Chapter Glossary | Next Section Previous Section