Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ipsec cisco vpn client <==> Cisco ios router

Hi,

I need to implement ipsec vpn for about 10-15 users. They all use cisco vpn client 5.x and we have a cisco ios router in the office. We already have a working situation for these users. However it has become a need that only known devices (company laptops) are allowed to setup a vpn.

I figure the only way to accomplish this is to use certificates. But we don't won't to buy certificates if there's a free way to set this up. So my question is

1) What options do I have to setup ipsec vpn, where only known devices can succesfully setup a vpn and all other unknown devices are blocked?

2) If certificates is the only way. Can I somehow produce these certificates myself using cisco ios router?

3) anyone have a example of a similar setup/configuration?

Thanks in advance.

Regards,

M.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Ipsec cisco vpn client <==> Cisco ios router

Unfortunately if you connect to IOS router, there is no other way except using certificate. If you are connecting to a Cisco ASA firewall, then you can identify company laptop using DAP (Dynamic Access Policy).

3 REPLIES
Cisco Employee

Ipsec cisco vpn client <==> Cisco ios router

1) Yes, you are on the right track. You can accomplish that with using certificate to authenticate the user.

2) Yes, you can configure the IOS router to be the CA server.

3) Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cfg_mng_cert_serv_ps10592_TSD_Products_Configuration_Guide_Chapter.html

Hope this helps.

New Member

Ipsec cisco vpn client <==> Cisco ios router

Thanks a lot Jennifer. I will have a look at this now.

Can I conclude that there is no other way of doing this other than using certificates?

Cisco Employee

Ipsec cisco vpn client <==> Cisco ios router

Unfortunately if you connect to IOS router, there is no other way except using certificate. If you are connecting to a Cisco ASA firewall, then you can identify company laptop using DAP (Dynamic Access Policy).

1915
Views
0
Helpful
3
Replies