dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3607
share rss forum feed

zillah
Premium
join:2005-01-30
NewZeland

1 edit

How to configure Cisco Systems VPN client v5 ?

Hi Experts

I tried to search google for the below phrase (and many others):

»www.google.com.au/search?hl=en&s···&bih=585

Looking for a document shows step by step walk-through how to configure Cisco Systems VPN client v5.0.07 to connect a mobile laptop (windows 7) over the internet to a small LAN office behind one of those branded router (D-link, Netgear , Linksys,,,etc).

Previously I had used TheGreen Bow but not Cisco System VPN client

Regards

HELLFIRE
Premium
join:2009-11-25
kudos:18
Not really much to configure on the Cisco VPN client -- see here

Key questions really are the IP / hostname you're VPN'ing to, ensuring the the means / method of authentication
match with your VPN headend, and away you go.

Regards

zillah
Premium
join:2005-01-30
NewZeland
Thanks HELLFIRE for the screenshot that you have posted

As the your posted sceernshot shows under Cisco vpn client there is tab called 'Authentication', under that tab there are three options as below :

Group Authentication
Mutual Group Authentication
Certificate Authentication

But when you configure your vpn server (D-link router, netgear router , linksys,,,,etc) we have got different options names something like :
Encryption , Authentication , Group Key,,,,,etc

By comparing options names on a cisco vpn client and a vpn server they are not same.

I would assume (could be wrong) that we should have those options matching between server and client for a VPN tunnel to work

On a Cisco vpn client I would assume I should be able to see options similar (not same) to the below picture to match the options on a vpn server

»i45.tinypic.com/3477cyt.jpg

zillah
Premium
join:2005-01-30
NewZeland
reply to zillah
For example the snapshot below for one of the SG 300 router that I did configure IPSec VPN for it and it worked for The GreenBow vpn client.

»i49.tinypic.com/28rmrly.jpg



As you have noticed on the vpn server (SG 300 router) we have got many options : phase1 and phase2 and Diffie Hillman Group and 3DES-SHA,,,etc

We can't find such a option on a cisco vpn client !!!! does that mean cisco vpn client won't be able to work with such a router ?

Regards

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to zillah
Is the SG 300 settings what you're trying to match for the Cisco VPN client, zillah?

If so, then under group authentication, should just have to add the name and password you need it to send
to the SG 300. I'll have to find a machine on my side with the VPN client installed, but IIRC Cisco VPN
client doesn't have options to configure the phase 1 / 2 settings, it just lets the VPN server tell it what
to use.

Try that and let me know how that goes.

Regards

zillah
Premium
join:2005-01-30
NewZeland

1 edit
quote:
Is the SG 300 settings what you're trying to match for the Cisco VPN client, zillah ?
Yes.

quote:
but IIRC Cisco VPN
client doesn't have options to configure the phase 1 / 2 settings, it just lets the VPN server tell it what to use.
Noted.

quote:
If so, then under group authentication, should just have to add the name and password you need it to send
to the SG 300.
Which username and password ? any username and password ? because I don't remember I have used username and password to configure SG 300 router, unless you meant passphrase

Regards

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to zillah
Taking a look at your screenshots of the SG300 again, I'd almost swear they were only doing site to site
and not remote access IPSec VPN.

You'll have to do alittle experimentation on the username / password part. I'm VERY sure I have a PC with
Cisco VPN loaded... just don't remember which one

Regards

zillah
Premium
join:2005-01-30
NewZeland
reply to zillah
quote:
Taking a look at your screenshots of the SG300 again, I'd almost swear they were only doing site to site
and not remote access IPSec VPN.
Sorry I was away from my computer for a while.
Yes you are right this was site to site VPN configuration , but I posted the snapshot to show you that we could have couple of options that we won't be able to find them at cisco client VPN.

quote:
You'll have to do a little experimentation on the username / password part.
I haven't got chance to practice that one yet to find out if cisco vpn client will work with a non cisco (pix, ASA, concentrator) hardware vpn server ?
For sure I will try that and see how it goes.

I have just remembered that I had posted similar question while a go (2 years back) on the Tek-Tips forum as in the link below :

»www.tek-tips.com/viewthread.cfm?qid=1589620

zillah
Premium
join:2005-01-30
NewZeland
reply to zillah
quote:
If so, then under group authentication, should just have to add the name and password you need it to send
to the SG 300.
I did a test just now I have got a router DrayTek 2820Vn I enabled VPN IPSec for a remote laptop to login to the router.

I setup TheGreenBow ( third part ) VPN client and I was able to establish a VPN tunnel successfully from the laptop to the router with no problem.

I tried to use Cisco VPN client instead , but when I tried to establish a VPN tunnel , it asked me to enter the values for " Name " and " Password " for the " Group Authentication " option.

Since I haven't configured that on the DrayTek 2820Vn router , I didn't know what to type in !!!!

I thought I will leave it blank but I received the error below :
quote:
Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to zillah
I'd have to dig around on that one zillah -- I still suspect it's due to the Cisco client EXPECTING to provide a
username / password, but I'm not sure.

If you use a blank username / password, does the Cisco VPN client take that as a valid config?

Regards

zillah
Premium
join:2005-01-30
NewZeland
reply to zillah
quote:
If you use a blank username / password, does the Cisco VPN client take that as a valid config?
Yes this is what I had tried as below :
quote:
I thought I will leave it blank but I received the error below :
Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding
I guess I would struggle with Cisco VPN client to make it works
»www.tek-tips.com/viewthread.cfm?qid=1589620
quote:
I believe you will struggle to get the cisco vpn client working with non cisco routers.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to zillah
At this point, if the SG300 is doing a site to site VPN config and the GreenBow is happily chugging along,
why are you tossing in the Cisco VPN client into the mix?

The Cisco client is FULLY compatible with IPSec, just not the particular TYPE of VPN (site to site) you have
configured -- like I said, the client expects to send a username / password for authentication, which the
SG isn't doing.

What's under the PPTP and L2TP VPN Client config options of the SG?

Regards

zillah
Premium
join:2005-01-30
NewZeland
reply to zillah
quote:
At this point, if the SG300 is doing a site to site VPN config and the GreenBow is happily chugging along
It was a mistake when I posted the "site to site" VPN configuration, I should have posted the " Client to Site" VPN, but I don't have it handy now otherwise I would have posted.
And as you have noticed that I have configured another router for a "client to site" VPN as below :
quote:
I did a test just now I have got a router DrayTek 2820Vn I enabled VPN IPSec for a remote laptop to login to the router
quote:
The Cisco client is FULLY compatible with IPSec, just not the particular TYPE of VPN (site to site) you have configured --
Okay I do agree with that , no problem , I would assume Cisco client is not compatible with SG router.

quote:
the client expects to send a username / password for authentication, which the SG isn't doing.
Not only SG router wouldn't support that , DrayTek as well wouldn't support that for "Client to Site" VPN with Cisco Client VPN.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to zillah
Post the screenshot of the 'client to site' VPN config for the SG and draytek if you can zillah

Regards

zillah
Premium
join:2005-01-30
NewZeland

2 edits
Click for full size
quote:
Post the screenshot of the 'client to site' VPN config for the SG and DrayTek if you can zillah
»i47.tinypic.com/1054knq.jpg



For SG I wouldn't be able to get that.

Regards

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to zillah
Just as a really dumb question, for the vigor if you configure an actual username and password there and try to connect
with the Cisco VPN client, does it work then?

Regards

zillah
Premium
join:2005-01-30
NewZeland
quote:
Just as a really dumb question, for the vigor if you configure an actual username and password there and try to connect
with the Cisco VPN client, does it work then?
I have just tried it again unfortunately it didn't work as well

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to zillah
Short of me checking it out onsite, I'm completely stumped. If TheGreenBow client works, stick with it.

Regards

zillah
Premium
join:2005-01-30
NewZeland
reply to zillah
Thanks for your help.

Regards