Microsoft Client Connections

Now that you have configured the Microsoft client(s) and VPN 3000 concentrator, the client can now establish a connection to the concentrator. The following sections will discuss how to establish a connection from the client to the concentrator. The network shown in Figure 13-21 illustrates the process.

Figure 13-21. L2TP/IPsec Client and VPN 3000 Concentrator Example

 

Connecting to a VPN Gateway

On the Microsoft computer, open the Network Connections window in one of the following ways:

  • On Windows 2000, go to Start > Settings > Network and Dialup Connections, right-click and choose Explore.
  • On Windows XP, go to Start > My Network Places > View network connections.

In this window there should be a section entitled Virtual Private Network, listing the VPN connections you have set up from the "Creating a Microsoft VPN Connection" section earlier in the chapter. Their statuses should say "Disconnected." Either double-click the name of the VPN connection profile or right-click the name and choose Connect. You should see the Connection window, shown in Figure 13-22.

Figure 13-22. Microsoft VPN Client Connection Window

Enter your username and password and click the Connect button. Assuming that you enabled the Display progress while connecting parameter for the connection profile, a window will pop up displaying the status of the building of the connection. Likewise, if you enabled the Show icon in the notification area when connected, you should see a PC icon in the taskbar once the connection is completed.

Verifying the Connection on the PC

To see status information about the connection, right-click the PC icon in the taskbar or right-click the connection profile name in the Network Connections window and choose Status. There are two tabs at the top of the screen: General and Details. The General tab displays how long the session has been up, how many bytes were sent and received, how many packets were compressed, and how many errors were sent and received. Clicking the Details tab, you can see how the connection is configured, as shown in Figure 13-23.

Figure 13-23. Microsoft VPN Client Status Detail Window

In this example, MS-CHAPv2 was used for authentication and MPPE RC-128 bit encryption for L2TP. For the IPsec data SA, 3DES is used for encryption. The address assigned to the client by the VPN gateway is 192.168.101.120. At this point, the client should be able to ping anything behind the concentrator, like 192.168.101.99, 192.168.101.66, and 192.168.101.77.

To disconnect the VPN session, right-click the PC icon in the taskbar or right-click the connection profile name in the Network Connections window and choose Disconnect.

Verifying the Connection on the Concentrator

Once the PPTP, L2TP, or L2TP/IPsec client makes a connection to the concentrator, you should be able to see the connection status on the concentrator by going to Monitor > Sessions, shown in Figure 13-24. As you can see from this figure, the user called "l2tp" has terminated a VPN connection on the concentrator and was assigned an IP address of 192.168.101.120. This connection is associated with the Base Group and is protected by L2TP/IPsec 3DES.

Figure 13-24. Session Overview Screen

Clicking the name of the user takes you to the screen in Figure 13-25. Here you can see how the connection is protected by IKE (DES, SHA, pre-shared keys, and DH group 1), IPsec (3DES, SHA, and transport mode), and L2TP (RC4-128 and MS-CHAPv2).

Figure 13-25. Session Detail Screen


Part I: VPNs

Overview of VPNs

VPN Technologies

IPsec

PPTP and L2TP

SSL VPNs

Part II: Concentrators

Concentrator Product Information

Concentrator Remote Access Connections with IPsec

Concentrator Remote Access Connections with PPTP, L2TP, and WebVPN

Concentrator Site-to-Site Connections

Concentrator Management

Verifying and Troubleshooting Concentrator Connections

Part III: Clients

Cisco VPN Software Client

Windows Software Client

3002 Hardware Client

Part IV: IOS Routers

Router Product Information

Router ISAKMP/IKE Phase 1 Connectivity

Router Site-to-Site Connections

Router Remote Access Connections

Troubleshooting Router Connections

Part V: PIX Firewalls

PIX and ASA Product Information

PIX and ASA Site-to-Site Connections

PIX and ASA Remote Access Connections

Troubleshooting PIX and ASA Connections

Part VI: Case Study

Case Study

Index



The Complete Cisco VPN Configuration Guide
The Complete Cisco VPN Configuration Guide
ISBN: 1587052040
EAN: 2147483647
Year: 2006
Pages: 178
Authors: Richard Deal

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net