Working with the Cisco VPN Client. (IPSEC)

KB ID 0000171

Problem

Both at work, and while posting in forums, I have to explain how to configure the Cisco Client VPN software, so to save me writing lots of documentation, it’s about time I posted some information to cover every eventuality.

Here we are dealing with the IPSEC VPN client, not the newer Cisco AnyConnect SSL client. Using this software you can connect from a remote location to your office network (or any other network) that is protected by a Cisco Device e.g. Cisco ASA, Cisco Router or a Cisco VPN Concentrator.

So if your reading this, either myself, or your IT staff have given you some software to set up your VPN connection and you don’t know what to do with it.

Pre-Requisites:

1. This article is concerned with configuring the client software NOT the hardware device that’s going to handle the VPN’s, there’s plenty of info on how to do that elsewhere on the site.

2. Your remote PC/Laptop needs to be running x32 bit Windows (CLICK HERE if your unsure). If you’re running a x64 bit version of Windows you CAN ONLY use the Cisco VPN client on Windows 7 and Vista, for other OS’s, CLICK HERE instead.

Solution

1. The first thing to do is get hold of the software, if your IT dept has given it to you, or you have it on the CD that came with the device, skip forward. If you need to download it you need two things:

a. A Valid Cisco CCO account (free to setup)

b. A Valid support agreement or SmartNet that’s linked to your CCO account. Once you have a and b above go here to log in and download the software.

Update: the software is no longer available from Cisco, see the following link.

Download Cisco VPN Client Software

2. You need to Install the Cisco client software (See Part 1 of the Video below).

3. Once you have the software installed, you need to configure it, this can be done in one of two ways.

a. With a VPN configuration file (this is called a PCF file) which you import into the the client software, and it configures it for you. If you have your PCF file, See Part 4 of the Video below.

b. By entering the VPN information into the client software. To do this you need three pieces of information. These need to be given to you by your IT department/Service provider.

i. The IP address or DNS name of your Cisco Device (Called “Host” in the client software). ii. Your VPN Group Name (Called “Name” in the client software). iii. Your VPN Shared Secret (Called “Password” in the client software).

Once you have this information See Part 3 of the video below.

If you would like to generate your own PCF file to give to your staff then See Part 5 of the Video below.

 

Security Notice:

PCF files should NOT be sent via email (where possible) because i’ts easy to reverse engineer them to get some of the information needed to hack your VPN, either give them to your users directly or at least email them in a password protected .ZIP file.

Related Articles, References, Credits, or External Links

KB0000163 KB0000070 KB0000071 KB0000049