VPN

8

 

Configuring Teleworker VPN Client

 

 

 

 

 

IKE Authentication Method: The VPN client must be properly authenticated before it can access the remote network. Choose one of the following authentication methods:

-Pre-shared Key: Choose this option if the IPsec VPN server uses a simple, password-based key to authenticate and then enter the following information:

Group Name: Enter the name of the IPsec Remote Access group policy that is defined on the IPsec VPN server. The security appliance will use this group policy to establish the VPN connection with the IPsec VPN server. The IPsec VPN server pushes the security settings over the VPN tunnel to the security appliance.

Password: Enter the pre-shared key specified in the selected group policy to establish a VPN connection. The pre-shared key must be entered exactly the same here and on the IPsec VPN server.

-Certificate: Choose this option if the IPsec VPN server uses the digital certificate from a third party Certificate Authority (CA) to authenticate. Select a CA certificate as your local certificate from the Local Certificate drop-down list and select the CA certificate used on the remote IPsec VPN server as the remote certificate from the Peer Certificate drop-down list for authentication.

NOTE: You must have valid CA certificates imported on your security appliance before choosing this option. Go to the Device Management > Certificate Management page to import the CA certificates. See Managing Certificates for Authentication, page 418.

Mode: The operation mode determines whether the inside hosts relative to the Cisco VPN hardware client are accessible from the corporate network over the VPN tunnel. Specifying an operation mode is mandatory before making a VPN connection because the Cisco VPN hardware client does not have a default mode. For more information about the operation mode, see Modes of Operation, page 365.

-Choose Client if you want the PCs and other devices on the security appliance’s inside networks to form a private network with private IP addresses. Network Address Translation (NAT) and Port Address Translation (PAT) will be used. Devices outside the LAN will not be able to ping devices on the LAN, or reach them directly.

-Choose NEM (Network Extension Mode) if you want the devices connected to the inside interfaces to have IP addresses that are routable and reachable by the destination network. The devices at both ends of

Cisco ISA500 Series Integrated Security Appliances Administration Guide

370

Page 370
Image 370
Casio ISA550WBUN3K9 manual Vpn