Easy VPN Remote

SDM allows you to configure your router as a client to an Easy VPN server or concentrator. Your router must be running a Cisco IOS software image that supports Easy VPN Phase II.

To be able to complete the configuration, you must have the following information ready.

Configure an Easy VPN Remote Client

This wizard guides you through the configuration of an Easy VPN Remote Phase II Client.

Note If the router is not running a Cisco IOS image that supports Easy VPN Remote Phase II or later, you will not be able to configure an Easy VPN client.

Connection Settings

The information entered in this window identifies the Easy VPN tunnel, the Easy VPN server or concentrator that the router will connect to, and the way you want traffic to be routed in the VPN.

Easy VPN Tunnel Name

Enter the name that you want to give this Easy VPN connection. The name must be unique among Easy VPN tunnel names for this router and must not contain spaces or special characters such as question marks (?).

Easy VPN Server 1

Enter the IP address or the hostname of the primary Easy VPN server or concentrator to which the router will connect. If you enter a hostname, there must be a Domain Name System( DNS) server on the network that can resolve the hostname to the correct IP address for the peer device.

Easy VPN Server 2

The Easy VPN Server 2 field appears when the Cisco IOS image on the router supports Easy VPN Remote Phase III. This field does not appear when the Cisco IOS image does not support Easy VPN Remote Phase III.

Enter the IP address or the hostname of the secondary Easy VPN server or concentrator to which the router will connect. If you enter a hostname, there must be a DNS server on the network that can resolve the hostname to the correct IP address for the peer device.

Mode

Choose Client if you want the PCs and other devices on the router's inside networks to form a private network with private IP addresses. Network Address Translation ( NAT) and Port Address Translation ( PAT) will be used. Devices outside the LAN will not be able to ping devices on the LAN, or reach them directly.

Choose Network Extension if you want the devices connected to the inside interfaces to have IP addresses that are routable and reachable by the destination network. The devices at both ends of the connection will form one logical network. PAT will be automatically disabled, allowing the PCs and hosts at both ends of the connection to have direct access to one another.

Consult with the administrator of the Easy VPN server or concentrator before choosing this setting.

If you choose Network Extension, you can enable remote management of the router by checking the box to request a server-assigned IP address for your router. This IP address can be used for connecting to your router for remote management and troubleshooting (ping, Telnet, and Secure Shell). This mode is known as Network Extension Plus.

Note If the router is not running a Cisco IOS image that supports Easy VPN Remote Phase IV or later, you will not be able to set Network Extension Plus.

Authentication

Device Authentication

Note The Digital Certificates option is available only if supported by the Cisco IOS image on your router.

To use a preshared key, enter the IPSec group name. The group name must match the group name defined on the VPN concentrator or server. Obtain this information from your network administrator.

Enter the IPSec group key. The group key must match the group key defined on the VPN concentrator or server. Obtain this information from your network administrator. Reenter the key to confirm its accuracy.

User Authentication (XAuth)

User authentication (XAuth) appears in this window if the Cisco IOS image on the router supports Easy VPN Remote Phase III. If user authentication does not appear, it must be set from the router command-line interface.

Note

The web browser option appears only if supported by the Cisco IOS image on your router.

The Easy VPN server may use XAuth to authenticate the router. If the server allows the save password option, you can eliminate the need to enter the username and password each time the Easy VPN tunnel is established by this option. Enter the username and password provided by the Easy VPN server administrator, and then reenter the password to confirm its accuracy. The information is saved in the router configuration file and used each time the tunnel is established.

Interfaces

In this window, you specify the interfaces that will be used in the Easy VPN configuration.

Inside Interfaces

Choose the inside (LAN) interface to associate with this Easy VPN configuration. You can choose multiple inside interfaces, with the following restrictions:

•

If you choose an interface that is already used in another Easy VPN configuration, you are told that an interface cannot be part of two Easy VPN configurations.

•

If you choose interfaces that are already used in a VPN configuration, you are informed that the Easy VPN configuration you are creating cannot coexist with the existing VPN configuration. You will be asked if you want to remove the existing VPN tunnels from those interfaces and apply the Easy VPN configuration to them.

•

An existing interface does not appear in the list of interfaces if it cannot be used in an Easy VPN configuration. For example, loopback interfaces configured on the router do not appear in this list.

•

An interface cannot be designated as both an inside and an outside interface.

Up to three inside interfaces are supported on Cisco 800 and Cisco 1700 series routers. You can remove interfaces from an Easy VPN configuration in the Edit Easy VPN Remote window.

Outside Interface

Choose the outside interface that connects to the Easy VPN server or concentrator.

Note Cisco 800 routers do not support the use of interface E 0 as the outside interface

Connection Control

With the manual setting, you must click the Connect or Disconnect button in the Edit Easy VPN Remote window to establish or take down the tunnel, but you will have full manual control over the tunnel in the Edit Easy VPN Remote window. Additionally, if a security association ( SA) timeout is set for the router, you will have to manually reestablish the VPN tunnel whenever a timeout occurs. You can change SA timeout settings in the VPN Components VPN Global Settings window.

With the automatic setting, the VPN tunnel is established automatically when the Easy VPN configuration is delivered to the router configuration file. However, you will not be able to control the tunnel manually in the VPN Connections window. The Connect or Disconnect button is disabled when this Easy VPN connection is chosen.

With the traffic-based setting, the VPN tunnel is established whenever outbound local (LAN side) traffic is detected.

Note The option for traffic-based activation appears only if supported by the Cisco IOS image on your router.

Summary of Configuration

This window shows you the Easy VPN configuration that you have created, and it allows you to save the configuration. A summary similar to the following appears:

You can review the configuration in this window and click the Back button to change any items.

Clicking the Finish button writes the information to the router's running configuration, and, if the tunnel has been configured to operate in automatic mode, the router attempts to contact the VPN concentrator or server.

If you want to change the Easy VPN configuration at a later time, you can make the changes in the Edit Easy VPN Remote window.

Note In many cases, your router establishes communication with the Easy VPN server or concentrator after you click Finish, or after you click Connect in the Edit Easy VPN Remote window or VPN Connections windows. However, if the device has been configured to use XAuth, it challenges the router for a username and password. When this happens, you must first supply a Secure Shell (SSH) login ID and password to log on to the router and then provide the XAuth login and password for the Easy VPN server or concentrator. You must follow this process when you click Finish and the configuration is delivered to the router, and when you disconnect and then reconnect the tunnel in the Edit Easy VPN Remote window. Find out whether XAuth is used, and determine the required username and password.

Test VPN Connectivity

If you choose to test the VPN connection you have just configured, the results of the test are shown in another window.

Edit Easy VPN Remote

Easy VPN connections are managed from this window. An Easy VPN connection is a connection configured between an Easy VPN client and an Easy VPN server or concentrator to provide for secure communications with other networks that the server or concentrator supports.

The list of connections displays information about the configured Easy VPN Remote connections.

The status of the connection, which is indicated by the following icons and text alerts:


	The connection is up. When an Easy VPN connection is up, the Disconnect button enables you to deactivate the connection if manual tunnel control is used.
	The connection is down. When an Easy VPN connection is down, the Connect button enables you to activate the connection if manual tunnel control is used.
	The connection is being established. Xauth Required—The Easy VPN server or concentrator requires an XAuth login and password. Use the Login button to enter the login ID and password and establish the connection. Configuration Changed—The configuration for this connection has been changed, and needs to be delivered to the router. If the connection uses manual tunnel control, use the Connect button to establish the connection.

Choose client or network extension. In client mode, the VPN concentrator or server assigns a single IP address to all traffic coming from the router; devices outside the LAN have no direct access to devices on the LAN. In network extension mode, the VPN concentrator or server does not substitute IP addresses, and it presents a full routable network to the peers on the other end of the VPN connection.

Details

Choose an Easy VPN Remote connection from the list to see the values of the following settings for that connection.

Choose digital certificates or preshared key. The preshared key option shows the user group sharing the key.

These are the inside interfaces included in this Easy VPN connection. All hosts connected to these interfaces are part of the VPN.

The names or IP addresses of the Easy VPN servers or concentrators. If the Cisco IOS image on your router supports Easy VPN Remote Phase III, you can identify two Easy VPN servers or concentrators during configuration using SDM.

The addresses of subnets which are not directly connected to the router but which are allowed to use the tunnel. An ACL defines the subnets allowed to use the tunnel.

If the connection is configured with the Manual setting, you must click the Connect button to establish the tunnel, but you can start or stop the tunnel at any time by clicking the Connect or Disconnect button.

If the connection is configured with the Auto setting, the VPN tunnel is established automatically when the Easy VPN configuration is delivered to the router configuration file. However, the Connect or Disconnect button is not enabled for this connection.

If the connection is configured with the traffic-based setting, the VPN tunnel is established automatically when inside traffic qualifies for outside routing. However, the Connect or Disconnect button is not enabled for this connection.

A backup Easy VPN remote connection that has been set up. Backup connections are configured in the SDM Interfaces and Connections task.

If XAuth is enabled, the value shows one of the following about how the XAuth credentials are sent:

•

The credentials are automatically sent because they have been saved on the router

Add Button

Edit Button

Delete Button

Reset Connection Button

Test Tunnel Button

Click to test a specified VPN tunnel. The results of the test appear in another window.

Connect or Disconnect or Login Button

•

The tunnel is waiting for XAuth credentials (the connection has been initiated)

If the connection is set to automatic or traffic-based tunnel control, this button is disabled.

What Do You Want to Do?


If you want to:	Do this:
Create a new Easy VPN connection.	Click Add in the Edit Easy VPN Remote window. Configure the connection in the Add Easy VPN Remote window, and click OK. Then click Connect in this window to connect to the Easy VPN server.
Modify an existing Easy VPN connection.	In the Edit Easy VPN Remote window, choose the connection you want to modify and click Edit. You may also wish to consult the following procedure: • How Do I Edit an Existing Easy VPN Connection?
Delete an Easy VPN connection.	In the Edit Easy VPN Remote window, choose the connection you want to delete and click Delete.
Reset an established connection between the router and a remote VPN peer. The connection is cleared and reestablished.	Choose an active connection, and click Reset. The status window that is displayed reports the success or failure of the reset.
Connect to an Easy VPN server for which the router has a configured connection.	If the connection uses manual tunnel control, choose the connection, then click Connect. Connections that use automatic or traffic-based tunnel control cannot be brought up manually through SDM. Note If the Easy VPN server or concentrator is configured to use XAuth, the Connect button changes to Login, and you must enter a username and password to complete the connection each time it is established. Obtain this information from your network administrator. If the remote Easy VPN server or concentrator asks for this authentication, you must first supply a Secure Shell (SSH) login ID and password to log in to the router, and then the XAuth login and password for the Easy VPN server or concentrator.
Disconnect from an Easy VPN server for which the router has a configured connection.	If the connection uses manual tunnel control, choose the connection, and click Disconnect. Connections that use automatic or traffic-based tunnel control cannot be disconnected manually through SDM.
Determine whether an Easy VPN connection is established.	The connection icon is displayed in the Status column when a connection is established.
Configure an Easy VPN concentrator. Configuration instructions for Easy VPN servers and concentrators are available on www.cisco.com.	The following link provides guidelines for configuring a Cisco VPN 3000 series concentrator to operate with an Easy VPN Remote Phase II client, along with other useful information. http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a00800a8565.html The following link connects you to Cisco VPN 3000 series documentation. http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_getting_started_guide_book09186a00800bbe74.html
Permit traffic to my Easy VPN concentrator through a firewall.	See How Do I Permit Traffic Through a Firewall to My Easy VPN Concentrator?

Add or Edit Easy VPN Remote

Use this window to configure your router as an Easy VPN client. Your router must have a connection to an Easy VPN concentrator or server on the network.

Note This window appears if the Cisco IOS image on your router supports Easy VPN Client Phase II.

The Cisco Easy VPN Remote feature implements the Cisco Unity Client protocol, which allows most VPN parameters to be defined at a VPN remote access server. This server can be a dedicated VPN device, such as a VPN 3000 concentrator or a Cisco PIX Firewall, or it can be a Cisco IOS router that supports the Cisco Unity Client protocol.

Note

•

If the Easy VPN server or concentrator has been configured to use XAuth, it requires a username and password whenever the router establishes the connection, including when you deliver the configuration to the router, and when you disconnect and then reconnect the tunnel. Find out whether XAuth is used and the required username and password.

•

If the router uses Secure Shell (SSH) you must enter the SSH login and password the first time you establish the connection.

Name

Mode

Client—Choose Client if you want the PCs and other devices on the router's inside networks to form a private network with private IP addresses. Network Address Translation ( NAT) and Port Address Translation ( PAT) will be used. Devices outside the LAN will not be able to ping devices on the LAN or to reach them directly.

Network Extension—Choose Network Extension if you want the devices connected to the inside interfaces to have IP addresses that are routable and reachable by the destination network. The devices at both ends of the connection will form one logical network. PAT will be automatically disabled, allowing the PCs and hosts at both ends of the connection to have direct access to one another.

Consult with the administrator of the Easy VPN server or concentrator before choosing this setting.

Tunnel Control

With the Manual setting, you must click the Connect button in the Edit Easy VPN Remote window to establish the tunnel, but you will have full manual control over the tunnel in the VPN Connections window. The Connect and Disconnect buttons are enabled whenever you choose a VPN connection with the Manual tunnel control setting.

With the Auto setting, the VPN tunnel is established automatically when the Easy VPN configuration is delivered to the router configuration file. However, you will not be able to control the tunnel manually in the VPN Connections window. The Connect and Disconnect buttons are disabled when this Easy VPN connection is chosen.

Easy VPN Concentrator or Server

Specify the name or the IP address of the VPN concentrator or server that the router connects to. Choose IP address if you are going to provide an IP address or choose Hostname if you are going to provide the hostname of the concentrator or server. Then specify the appropriate value in the field underneath. If you specify a hostname, there must be a DNS server on the network that can resolve the hostname to the proper IP address. If you enter an IP address, use standard dotted decimal format, for example, 172.16.44.1.

Group

Enter the IPSec group name. The group name must match the group name defined on the VPN concentrator or server. Obtain this information from your network administrator.

Enter the IPSec group password. The group password must match the group password defined on the VPN concentrator or server. Obtain this information from your network administrator.

Interfaces

Choose the interface that has the connection to the Easy VPN server or concentrator.

Note Cisco 800 routers do not support the use of interface E 0 as the outside interface.

Specify the inside interfaces to include in this Easy VPN configuration. All hosts connected to these interfaces will be part of the VPN. As many as three inside interfaces are supported on Cisco 800 series and Cisco 1700 series routers.

Note An interface cannot be designated as both an inside interface and an outside interface.

Add or Edit Easy VPN Remote: Easy VPN Settings

Use this window to configure your router as an Easy VPN client. Your router must have a connection to an Easy VPN concentrator or server on the network.

Note This window appears if the Cisco IOS image on your router supports Easy VPN Client Phase III.

The Cisco Easy VPN Remote feature implements The Cisco Unity Client protocol, which allows most VPN parameters to be defined on a VPN remote access server. This server can be a dedicated VPN device, such as a VPN 3000 concentrator or a Cisco PIX Firewall, or it can be a Cisco IOS router that supports the Cisco Unity Client protocol.

Name

Mode

Client—Choose Client if you want the PCs and other devices on the router's inside networks to form a private network with private IP addresses. Network Address Translation ( NAT) and Port Address Translation ( PAT) will be used. Devices outside the LAN will not be able to ping devices on the LAN or to reach them directly.

Network Extension—Choose Network Extension if you want the devices connected to the inside interfaces to have IP addresses that are routable and reachable by the destination network. The devices at both ends of the connection will form one logical network. PAT will be automatically disabled, allowing the PCs and hosts at both ends of the connection to have direct access to one another.

Consult the administrator of the Easy VPN server or concentrator before you choose this setting.

Tunnel Control

With the Manual setting, you must click the Connect button in the VPN Connections window to establish the tunnel, but you will have full manual control over the tunnel in the VPN Connections window. The Connect and Disconnect buttons are enabled whenever you choose a VPN connection with the Manual tunnel control setting.

Servers

You can specify up to ten Easy VPN servers by IP address or hostname, and you can order the list to specify which servers the router will attempt to connect to first.

Click to specify the name or the IP address of a VPN concentrator or server for the router to connect to; then enter the address or hostname in the window displayed.

Click to move the specified server IP address or hostname up in the list. The router attempts to contact routers in the order in which they appear in this list.

Outside Interface Toward Server or Concentrator

Choose the interface that has the connection to the Easy VPN server or concentrator.

Note Cisco 800 routers do not support the use of interface E 0 as the outside interface.

Inside Interfaces

Note An interface cannot be designated as both an inside and an outside interface.

Add or Edit Easy VPN Remote: Authentication Information

This window appears if the Cisco IOS image on your router supports Easy VPN Client Phase III. If the image supports Easy VPN Client Phase II, a different window appears.

Use this window to enter the information required for the router to be authenticated by the Easy VPN server or concentrator.

Device Authentication

Enter the IPSec group name. The group name must match the group name defined on the VPN concentrator or server. Obtain this information from your network administrator.

This field displays asterisks (*) if there is a current IKE key value. This field is blank if no key has been configured.

Reenter the new key for confirmation. If the values in the New Key and Confirm Key field are not the same, SDM prompts you to reenter the key values.

User Authentication (XAuth)

If the Easy VPN server or concentrator has been configured to use XAuth, it requires a username and password whenever the router establishes the connection, including when you deliver the configuration to the router, and when you disconnect and reconnect the tunnel. Find out whether XAuth is used, and obtain the required username and password.

If user authentication does not appear, it must be set from the router command-line interface.

Manually enter the username and password in a web browser window. If you choose this option, you can check the checkbox to use basic HTTP authentication to compensate for legacy web browsers that don't support HTML 4.0 or JavaScript.

Note

The web browser option appears only if supported by the Cisco IOS image on your router.

Enter SSH Credentials

If the router uses Secure Shell (SSH), you must to enter the SSH login and password the first time you establish the connection. Use this window to enter SSH or Telnet login information.

Please Enter the Username

Enter the SSH or Telnet account username that you will use to log in to this router.

Please Enter the Password

Enter the password associated with the SSH or Telnet account username that you will use to log in to this router.

XAuth Login Window

This window appears when the Easy VPN server requests extended authentication. Respond to the challenges by entering the information requested, such as the account username, password, or any other information, to successfully establish the Easy VPN tunnel. If you are unsure about the information that should be provided, contact your VPN administrator.

Add or Edit Easy VPN Remote: General Settings

Use this Window to configure your router as an Easy VPN client. Your router must have a connection to an Easy VPN concentrator or server on the network.

Note This window appears if the Cisco IOS image on your router supports Easy VPN Client Phase IV.

The Cisco Easy VPN Remote feature implements the Cisco Unity Client protocol, which allows most VPN parameters to be defined on a VPN remote access server. This server can be a dedicated VPN device, such as a VPN 3000 concentrator or a Cisco PIX Firewall, or it can be a Cisco IOS router that supports the Cisco Unity Client protocol.

Name

Servers

You can specify up to ten Easy VPN servers by IP address or hostname, and you can order the list to specify which servers the router will attempt to connect to first.

Click the Add button to specify the name or the IP address of a VPN concentrator or server for the router to connect to, and then enter the address or hostname in the window displayed.

Click the Move Up button to move the specified server IP address or hostname up in the list. The router attempts to contact routers in the order in which they appear in this list.

Click the Move Down button to move the specified IP address or hostname down the list.

Mode

Client—Choose Client mode if you want the PCs and other devices on the router's inside networks to form a private network with private IP addresses. Network Address Translation ( NAT) and Port Address Translation ( PAT) will be used. Devices outside the LAN will not be able to ping devices on the LAN or to reach them directly.

Network Extension—Choose Network Extension if you want the devices connected to the inside interfaces to have IP addresses that are routable and reachable by the destination network. The devices at both ends of the connection will form one logical network. PAT will be automatically disabled, allowing the PCs and hosts at both ends of the connection to have direct access to one another.

Consult the administrator of the Easy VPN server or concentrator before you choose this setting.

To allow subnets not directly connected to your router to use the tunnel, click the Options button and configure the network extension options.

You can enable remote management of the router by checking the box to request a server-assigned IP address for you router. This IP address can be used for connecting to your router for remote management and troubleshooting (ping, Telnet, and Secure Shell). This mode is called Network Extension Plus.

Network Extension Options

To allow subnets not directly connected to your router to use the tunnel, follow these steps:

Step 1

In the Options window, check the check box to allow multiple subnets.

Step 2

Choose to enter the subnets manually, or choose an existing Access Control List (ACL).

Step 3

To enter the subnets manually, click the Add button and enter the subnet address and mask. SDM will generate an ACL automatically.

Step 4

To add an existing ACL, enter its name or choose it from the drop-down list.

Add or Edit Easy VPN Remote: Authentication Information

Use this window to enter the information required for the router to be authenticated by the Easy VPN server or concentrator.

Device Authentication

If using a preshared key, obtain the IPSec group name and IKE key value from your network administrator. The group name must match the group name defined on the VPN concentrator or server.

Enter the IPSec groupname in the Group Name field and the new IKE key value in the New Key field. Reenter the new key for confirmation in the Confirm Key field. If the values in the New Key and Confirm Key field are not the same, SDM prompts you to reenter the key values.

The Current Key field displays asterisks (*) if there is a current IKE key value. This field is blank if no key has been configured.

User Authentication

If the Easy VPN server or concentrator has been configured to use XAuth, it requires a username and password whenever the router establishes the connection, including when you deliver the configuration to the router, and when you disconnect and reconnect the tunnel. Find out whether XAuth is used, and obtain the required username and password.

If the server allows passwords to be saved, you can eliminate the need to enter the username and password each time the Easy VPN tunnel is established. The information is saved in the router configuration file and used each time the tunnel is established.

Note

The web browser option appears only if supported by the Cisco IOS image on your router.

The Easy VPN server may use XAuth to authenticate the router. If the server allows passwords to be saved, you can eliminate the need to enter the username and password each time the Easy VPN tunnel is established by this option. Enter the username and password provided by the Easy VPN server administrator, and then reenter the password to confirm its accuracy.

Note

The Current Password field displays asterisks (*) if there is a current password value. This field is blank if no password has been configured.

The information is saved in the router configuration file and used each time the tunnel is established.

Add or Edit Easy VPN Remote: Interfaces and Connections

In this window you can set the inside and outside interfaces, and specify how the tunnel is brought up.

Inside Interfaces

Choose the inside (LAN) interface to associate with this Easy VPN configuration. You can choose multiple inside interfaces, with the following restrictions:

•

If you choose interfaces that are already used in another Easy VPN configuration, you are notified that an interface cannot be part of two Easy VPN configurations.

•

If you choose interfaces that are already used in a standard VPN configuration, you are notified that the Easy VPN configuration you are creating cannot coexist with the existing VPN configuration. SDM will ask if you want to remove the existing VPN tunnels from those interfaces and apply the Easy VPN configuration to them.

•

An interface cannot be designated as both an inside and an outside interface.

Up to three inside interfaces are supported on Cisco 800 and Cisco 1700 series routers. You can remove interfaces from an Easy VPN configuration in the Edit Easy VPN Remote window.

Outside Interface

Choose the outside interface that connects to the Easy VPN server or concentrator.

Note Cisco 800 routers do not support the use of interface E 0 as the outside interface

Connection Control

With the automatic setting, the VPN tunnel is established automatically when the Easy VPN configuration is delivered to the router configuration file. However, you will not be able to control the tunnel manually in the VPN Connections window. The Connect (or Disconnect) button is disabled when you choose this Easy VPN connection setting.

With traffic-based activation, the VPN tunnel is established whenever outbound local (LAN side) traffic is detected. The Connect (or Disconnect) button is disabled when you choose this Easy VPN connection setting.

Note The option for traffic-based activation appears only if supported by the Cisco IOS image on your router.

How Do I...

This section contains procedures for tasks that the wizard does not help you complete.

How Do I Edit an Existing Easy VPN Connection?

Step 3

Click the Edit Easy VPN Remote tab and choose the connection that you want to edit.

Step 5

In the Edit Easy VPN Remote window, click the tabs to display the values that you want to change.

How Do I Configure a Backup for an Easy VPN Connection?

To configure a backup for an Easy VPN Remote connection, your router must have an ISDN, async, or analog modem interface available for the backup.

If the ISDN, async, or analog modem interface has not been configured, follow these steps:

Step 4

Click the Create New Connection button and use the wizard to configure the new interface.

Step 5

In the appropriate wizard window, set the new interface as a backup for an Easy VPN Remote connection.

If the ISDN, async, or analog modem interface has been configured, follow these steps:

Step 3

Choose an ISDN, async, or analog modem interface from the list of configured interfaces.

Step 5

Click the Backup tab and configure the backup for an Easy VPN Remote connection.

Table Of Contents

Easy VPN Remote

Create Easy VPN Remote

Configure an Easy VPN Remote Client

Connection Settings

Easy VPN Tunnel Name

Easy VPN Server 1

Easy VPN Server 2

Mode

Authentication

Device Authentication

User Authentication (XAuth)

Interfaces

Inside Interfaces

Outside Interface

Connection Control

Summary of Configuration

Test VPN Connectivity

Edit Easy VPN Remote

Details

Add Button

Edit Button

Delete Button

Reset Connection Button

Test Tunnel Button

Connect or Disconnect or Login Button

What Do You Want to Do?

Add or Edit Easy VPN Remote

Name

Mode

Tunnel Control

Easy VPN Concentrator or Server

Group

Interfaces

Add or Edit Easy VPN Remote: Easy VPN Settings

Name

Mode

Tunnel Control

Servers

Outside Interface Toward Server or Concentrator

Inside Interfaces

Add or Edit Easy VPN Remote: Authentication Information

Device Authentication

User Authentication (XAuth)

Enter SSH Credentials

Please Enter the Username

Please Enter the Password

XAuth Login Window

Add or Edit Easy VPN Remote: General Settings

Name

Servers

Mode

Network Extension Options

Add or Edit Easy VPN Remote: Authentication Information

Device Authentication

User Authentication

Add or Edit Easy VPN Remote: Interfaces and Connections

Inside Interfaces

Outside Interface

Connection Control

How Do I...

How Do I Edit an Existing Easy VPN Connection?

How Do I Configure a Backup for an Easy VPN Connection?