Tuto regarding software installation and router configuration.
There is 2 kind of install :
- From a WebVPN portal : connected users can download an .exe file that can be installed on their computers. Nice idea but facing lots of issues (security bugs and so on ).
- A pre-deployed kit can be installed on users computer, this is what we are going to do
For this lab I am using windows client 4.1 (can be found on the Internet). My router is a CISCO 1841 IOS 15.1
Why using the software instead of Portal Web ?
- AES crypto instead of rc4
- After connection, you feel like on your own LAN
- Multiplatform software that can be easily installed on Android devices for free.
- Use of SSL meaning less firewall issues
- The software needs to be installed
- Router crypto card (for my stuff) doesn’t work with AES protocol and so kill my processor !
Let’s start :
Until the end of process :
A network connection is created :
ip interface FastEthernet0/1 port 443
ssl encryption rc4-md5
ssl trustpoint HomePKI
ssl encryption aes-sha1
ssl authenticate verify all
policy group Anyconnect
svc address-pool « SSL »
svc split dns XXXX.XXXX.me »
svc split include 192.168.0.0 255.255.255.0
svc wins-server primary 192.168.0.20
- AES is used in the context to encrypt data
- A split is configured in order to be able to surf on the Internet and send the protected traffic.
- DTLS activated, Wins server configured (for Windows shared drive)
IP addresses pool
A virtual interface
ip address 10.3.20.1 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp