|
This chapter describes how to establish a VPN connection with a private network using the VPN client and the user authentication methods supported by the VPN device that is providing your connection.
Before you can establish a VPN connection, you must have:
Contact your network administrator for prerequisite information.
To establish a VPN connection:
The main VPN client window appears. Figure 5-2 shows the VPN client window in Simple mode.
Figure 5-3 shows the VPN client window in advanced mode.
See "Navigating the User Interface" for more information on Simple mode and Advanced mode.
Step 2 From the Connection Entries tab, select the connection entry to use for this VPN session (advanced mode only).
Step 3 Click Connect at the top of the VPN client window or double-click the selected connection entry (for simple mode, click the Connect button).
Step 4 Respond to all user authentication prompts.
The user authentication prompts that appear depend on the configuration for this connection entry. See the "Choosing Authentication Methods" section for information about user authentication methods the VPN client supports.
The status bar at the bottom of the main VPN client window displays your connection status. When connected, the left side of the status bar indicates the connection entry name and the right side displays the amount of time that the VPN tunnel has been established.
The VPN client supports authentication for the VPN device combined with authentication for the user. The authentication prompts displayed during the connection process depend on the configuration of your IPSec group, which is managed by the network administrator. Each connection entry has a unique authentication configuration.
VPN device authentication means that a connection entry is authorized to use a VPN device to gain access to the private network. The VPN client supports shared key or VPN group name and group password for authenticating the VPN device.
The shared key authentication method uses the username and shared key password for authentication (Figure 5-4). The shared key password must be the same as the shared key password configured on the VPN device that is providing the connection to the private network.
Enter your username and password and click OK.
The VPN group login method uses your VPN group name and password for authentication (Figure 5-5). You can use VPN group authentication alone or with other authentication methods.
Enter your group name and password and click OK. The group name is the name of the IPSec group configured on the VPN device for this connection entry.
User authentication means proving that you are a valid user of this private network. User authentication is optional. Your network administrator determines whether user authentication is required.
The VPN client supports RADIUS server, RSA Security (SecurID), Digital Certificates for authenticating the user.
Note User names and passwords are case-sensitive. You have three opportunities to enter the correct information before an error message indicates that authentication failed. Contact your network administrator if you cannot pass user authentication. |
You can use RADIUS server authentication with VPN group authentication. With this type of authentication, two prompts appear. The first prompt is for the VPN group name and password, and the RADIUS user authentication prompt follows (Figure 5-6).
Enter your username and password and click OK.
Check the Save Password check box if you do not want to be prompted for your RADIUS password each time you start a VPN session using this connection entry.
Note If you cannot choose the Save Password option, your system administrator does not allow this option. If you can choose this option, be aware that using it might compromise system security, because your password is stored on your PC and is available to anyone who uses your PC. |
If Save Password is checked and authentication fails, your password may be invalid. To eliminate a saved password, choose Erase User Password from the Connection Entries menu.
RSA SecurID authentication methods include physical SecurID cards and keychain fobs, and PC software called SoftID for passcode generation. The passcode might be combination of a PIN and a card code, or you might be required to enter a PIN on the card to display the passcode. Ask your network administrator for the correct procedure.
When you use SecurID passcodes for authentication:
In most configurations, you use SecurID with VPN group authentication. With this type of authentication, two prompts appear. The first prompt is for the VPN group name and password, and the SecurID user authentication prompt follows (Figure 5-7).
Enter your username and SecurID passcode and click OK.
The VPN client works with Certificate Authorities (CAs) that support SCEP, manual enrollment, or Public-Key Cryptography Standards (PKCS) import.
Each time you establish a VPN connection using a certificate, the VPN client verifies that your certificate is not expired.
Each digital certificate is protected by a password. If the connection entry you are using requires a digital certificate for authentication, the VPN Certificate Authentication dialog box appears (Figure 5-8).
Enter the certificate password and click OK.
For more information on digital certificates, see "Managing Certificates."
Posted: Mon Dec 23 16:31:42 PST 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.