cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2609
Views
0
Helpful
3
Replies

Ipsec cisco vpn client <==> Cisco ios router

michellp
Level 1
Level 1

Hi,

I need to implement ipsec vpn for about 10-15 users. They all use cisco vpn client 5.x and we have a cisco ios router in the office. We already have a working situation for these users. However it has become a need that only known devices (company laptops) are allowed to setup a vpn.

I figure the only way to accomplish this is to use certificates. But we don't won't to buy certificates if there's a free way to set this up. So my question is

1) What options do I have to setup ipsec vpn, where only known devices can succesfully setup a vpn and all other unknown devices are blocked?

2) If certificates is the only way. Can I somehow produce these certificates myself using cisco ios router?

3) anyone have a example of a similar setup/configuration?

Thanks in advance.

Regards,

M.

1 Accepted Solution

Accepted Solutions

Unfortunately if you connect to IOS router, there is no other way except using certificate. If you are connecting to a Cisco ASA firewall, then you can identify company laptop using DAP (Dynamic Access Policy).

View solution in original post

3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

1) Yes, you are on the right track. You can accomplish that with using certificate to authenticate the user.

2) Yes, you can configure the IOS router to be the CA server.

3) Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cfg_mng_cert_serv_ps10592_TSD_Products_Configuration_Guide_Chapter.html

Hope this helps.

Thanks a lot Jennifer. I will have a look at this now.

Can I conclude that there is no other way of doing this other than using certificates?

Unfortunately if you connect to IOS router, there is no other way except using certificate. If you are connecting to a Cisco ASA firewall, then you can identify company laptop using DAP (Dynamic Access Policy).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: