To use the VPN Client, at least one connection entry must be configured to define the following information:
The Cisco VPN Remote Server to connect to.
Preshared keys—The IPSec group to which the system administrator assigned the client. The group determines the level and type of access that will be available once connected. The group membership could define the user authentication method used, the hours the client can access the network, if and how many simultaneous logins are allowed, and even the IKE and IPSec algorithms the VPN Client will use.
Certificates—The name of the certificate being used for authentication (if used).
Optional parameters.
You can create multiple connection entries so the VPN Client software can be used to connect to multiple networks, although not at the same time.
Because the order of the following steps is important, we’ll view this as if it were a lab exercise. While it isn’t difficult, if the end user is going to do the initial configuration, the network administrator should furnish the information in written form with at least minimal instructions.
Start the VPN Client by choosing Start | Programs | Cisco Systems VPN Client | VPN Dialer from the Start button menu. Figure 12-2 shows the menu sequence.
Figure 12-2: Starting the Cisco VPN Client software
The VPN Dialer application starts and displays the Cisco Systems VPN Client, as shown in Figure 12-3.
Figure 12-3: Cisco Systems VPN Client opening dialog box
On the Cisco Systems VPN Client main dialog box, click the NEW button. The first New Connection Entry Wizard dialog box appears, as shown in Figure 12-4.
Figure 12-4: Define connection name and description
Each connection on a host machine must have a unique name. The same name can be used for all users in a group who don’t share a computer. If the users are configuring this unique name, the name and description might be defined by the network administrator to reduce any possible user doubt. Both the name and description can contain spaces and neither is case-sensitive. When the entries are complete, click the NEXT button.
The next dialog box appears asking for host name or IP address of the server. This is the VPN head-end device to which the client will be connecting. Depending on the network, this could be either an IP address or a host name. The network administrator will furnish the proper form. This needs to be typed in exactly. Figure 12-5 shows an example of using an IP address to define a VPN device.
Figure 12-5: Using an IP address to define a VPN head-end device
After typing the host name or IP address of the remote VPN device, click the NEXT button. The third New Connection Entry Wizard dialog box appears, asking for either the group information supplied by the network administrator or the digital certificate to be used to authenticate this client. Figure 12-6 shows an example of choosing group authentication. Notice the group name is displayed in Cleartext, but the passwords are masked for security. What isn’t so obvious is that all three entries are case-sensitive. When the entries are complete, click the NEXT button.
Figure 12-6: Entering the IPSec group and password
Figure 12-7 shows the fourth and final New Connection Entry Wizard dialog box. The BACK button can be used to change earlier entries or the FINISH button can complete the process. When the final dialog box closes, the new connection entry now appears in the Connection Entry drop-down list on the VPN Client’s main dialog box.
Figure 12-7: Final New Connection Entry Wizard dialog box
Use the following steps to Start the VPN Dialer:
Start the VPN Client just as before. The VPN Dialer displays the Cisco Systems VPN Client main dialog box with the connection information from the earlier steps, as shown in Figure 12-8. If multiple connections were created, the Connection Entry: drop-down list would be used to choose the desired connection entry.
Figure 12-8: The Cisco Systems VPN Client main dialog box is ready to connect.
Clicking the CONNECT button starts the connection. Figure 12-9 shows the connection progress dialog box.
Figure 12-9: VPN connection progress dialog box
The remaining screens will vary, depending on the authentication system used to verify the user. Figure 12-10 displays a Windows-type login screen.
Figure 12-10: Windows user authentication box
Figure 12-11 shows how to customize the connection and the available options. From copying (cloning) the connection settings, to deleting it, to launching third-party applications, this tool offers some useful options. A new feature is support for the following personal firewalls (in addition to PIX support).
Cisco Integrated Firewall (CIC)
ZoneAlarmPro 2.6.3.57
ZoneAlarm 2.6.3.57
Zone Integrity
BlackIce Agent and BlackIce Defender 2.5