02-11-2011 09:26 PM
Hi,
I've just bought a Cisco 887 Router and i've deployed it to replace my client's exisiting ADSL router. I've configured it using Cisco CP, and it's working properly. I'm trying to setup the router for VPN connectivity, so that the users who use laptops can work from outside our office. I've gone through the wizard to setup an Easy VPN Server for client access and I've setup the Pre-Shared Key and IP Range. I was trying to download the Easy VPN client the site says I need some sort of agreement to be added to our exisiting partnership account. I was able to find download links after some googling, but none of the clients, during connection setup ask for a Pre-Shared Key. So I know I'm going wrong somewhere.
I'm a newbie at this, so any kind of help would be really appreciated.
Thanks,
Arun
Solved! Go to Solution.
02-12-2011 07:17 AM
Arun,
You need to have a valid CCO account with download rights to get the VPN client.
If you already have the client you need to set the group name and password (pre-shared key) to connect.
Federico.
02-12-2011 07:25 AM
Hi Arun,
Yes you need the cisco VPN Client in order to connect right? When you click on New, a lot of fields display
Connection Entry
Description
And Host
The first two can be whatever you want, the Host has to be the IP of the router where the clients are going to connect.
Check where it says Group Authentication. Where it says Name go ahead and put the group name that you create for your EZVpn. Where it says password, thats where you use the pre-shared key.
Once you have those fileds done, you will be able to connect.
Hope it helps.
Mike
02-12-2011 07:17 AM
Arun,
You need to have a valid CCO account with download rights to get the VPN client.
If you already have the client you need to set the group name and password (pre-shared key) to connect.
Federico.
02-12-2011 07:25 AM
Hi Arun,
Yes you need the cisco VPN Client in order to connect right? When you click on New, a lot of fields display
Connection Entry
Description
And Host
The first two can be whatever you want, the Host has to be the IP of the router where the clients are going to connect.
Check where it says Group Authentication. Where it says Name go ahead and put the group name that you create for your EZVpn. Where it says password, thats where you use the pre-shared key.
Once you have those fileds done, you will be able to connect.
Hope it helps.
Mike
02-16-2011 12:33 AM
Thank you for the replies.
I was able to configure the client using the settings suggested.
For any other newbie who might be facing this issue like me, I would like to note down the steps:
I'm setting up a Cisco 887 ISR where the internet facing interface is ADSL and this router is the main router for the LAN
Configure the Easy VPN server using Cisco Configuration Professional
1.Create a Loopback interface with IP address 10.10.10.10
2. Configure a Group Name along with a Pre-Shared Key.
3. I'm using a local user database for authentication by enabling AAA logins, so the user authentication is taken care of by the router.
for those who want to configure domain authentication, here's a link a found, but haven't tried yet.
http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/
4. Setup an IP range in your network which is not under the common DHCP pool for your vpn clients
I was facing a problem with getting a VPN client for this setup, because my CCO login doesnt have a technical agreement attached to it, and I couldn't find any pointers as to how i can add it.
So I googled and found a few links where I could download it from
http://helpdesk.ugent.be/vpn/en/akkoord.php
But this VPN client could only be installed on 32 bit systems, except for the AnyConnect client , but that supports only SSL connections, for which I would have to purchase individual user licenses.
One option to install the 32 bit client on a 64 bit Windows 7 system , was to run the client in XP mode, and then do a NAT to the host computer. A little complicated but, apparently it works!
http://blogs.nil.com/blog/2009/05/28/64-bit-windows-7-cisco-vpn-client-and-xp-mode-part-2/
After some more googling, I found that Cisco did release a 64 bit VPN client , even though it was in beta.
I'm sorry that I'm not able to paste the link for this client, because when I looked for the download link now, it's been taken offline. I tried to find it again, but all I could find were torrents. They should work too, but I haven't tried them.
The version number for this client is Cisco VPN Client 5.0.07.0290 x64
Once the client is running, you can configure the connection by giving your group name as Name and the Pre-Shared Key as your password.
Once the router has connected, you will be asked for your user login. This is where the user database comes in.
Once you put in the correct user details, you're logged in!
Hope this helps anyone who finds this.
And once again thanks to everyone for their support.
Arun Raveendran
02-18-2011 08:43 PM
Arun,
Thank you so much for taking your time in order to provide this detailed documentation. This is more important than you just posting this as resolved, but to have other people to use this post as a reference with your detailed explanation is really what we are looking for.
Cheers
Mike
04-15-2012 07:53 AM
Arun thanx for your detailed explanation.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: