we setup a VPN Server from the CCA. We used the default Security -> VPN Server path. We then exported the VPN Profile to a PCF file.
The Cisco VPN client works fine on 32bits operating systems.
How do we set this up on Vista and Windows 7? The Client installer says '64 bits not supported'
The Cisco AnyConnect VPN client has no option to import a PCF file. And the manual says it does not support IPSec/UDP.
What are we to do?
So went also installed SSL VPN. Which works okay, except for all the certificate warnings, and it doesn't work on mac Safari clients...
Does anyone know where we can install a certificate from the CCA?
If only PPTP were supported from the CCA. Or a SSLVPN client for 64bits were supported...
One more issue:
you can setup websites from the internet that can be used from the outside after logging on from the Cisco web interface, but without actually setting up the VPN.
This is a nice feature. It works fine for non-secure (http) websites. However, we also a https site on the inside with a self-signed certificate (iomega storage device). This device cannot be accessed this way.
So two questions remain (I've given up on the Mac issue):
* how do we install a new certificate for the SR520 from the CCA
* how do we get https websites to work
Working on this. Let me see if this can be done in CCA currently or not. If not, I will post something on how to add the cert manually. Once added manually, this should work without issue. What version of IOS are you running?
There is an enhancement in to disable certificate verification of the sites that are going through this.
CSCsy05978: ENH: IOS PKI should have a option to disable certificate validation
Let me see what I can do on this.
Here is what you can try.
Router(config)# crypto ca trustpoint
Router(config)# crypto ca authenticate
The router will then prompt you to paste in the CA certificate associated with the HTTPS site. This is going to be the CA cert in base64 (ascii) format.
Let me know if that works for you.