Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
224
Views
0
Helpful
0
Comments

Setup Access to Cisco VPN Client by Remote DNS on SA540 Security Appliance

smallbusiness
Community Manager
Community Manager

‎08-18-2017 07:31 PM - edited ‎03-21-2019 12:13 AM

Article ID:2984

Setup Access to Cisco VPN Client by Remote DNS on SA540 Security Appliance

Objectives

The Cisco VPN Client gives the option to use the remote DNS server(s) when connecting to the network so network names could be resolved. In this document a method on how to configure the devices so that names can be resolved without having to use the IP Addresses is explained.

Applicable Devices

• SA540 Security Appliance

Software Version

• v2.1.71

Remote DNS Setup

Topology Set

• PC1

• DNS Server – This PC1 is configured to work as a DNS Server. This configuration is done by installing a software SimpleDNS server. However any software could be installed on the PC1 which could configure it to work as a DNS Server.

• Static IP – The Static IP set is 192.168.75.101/24.

• SA540

• WAN Status – DHCP IP Address 192.168.3.118.

• LAN IP – 192.168.75.1.

• PC2

• Cisco VPN Client 5.x installed. This PC2 is used for connecting to the SA 540 network using Cisco VPN Client.

• DHCP IP – The IP Address of the PC2 is 192.168.3.221/24.

Setup Cisco VPN Client on SA540

Set VPN Policy

Step 1. Choose VPN > IP Sec > VPN Wizard from the Security Appliance Configuration Utility of the SA540. The VPN Wizard page opens.

Step 2. Choose Remote Access option from the Select VPN Type drop-down menu.

Step 3. Check the Enable Cisco VPN Client check box.

Step 4. Enter DNStest in the What is the new Connection Name field.

Step 5. Enter cisco123 as the pre-shared key in the What is the pre-shared-key? field. Any pre-shared can be chosen; but for this document purpose cisco123 is used.

Step 6. Choose Dedicated WAN option from the Local WAN Interface drop-down menu.

Step 7. Choose IP Address option from the Local Gateway Type drop-down menu.

Step 8. Click Apply to apply the settings.

After creation of VPN Policy now it is needed to set the Dynamic IP Range the VPN Client will use.

Create Dynamic IP Range for VPN Client

Step 1. Choose VPN > IP Sec > Dynamic IP Range from the Security Appliance Configuration Utility of the SA540. The Dynamic IP Range page opens.

Step 2. Choose Full Tunnel option from the Tunnel Mode drop-down menu as all traffic from VPN clients is sent to the VPN corporate network no matter what the destination.

Step 3. Enter 192.168.254.90 in the Start IP Address Field.

Step 4. Enter 192.168.254.99 in the End IP Address field.

The VPN Client that tries to access SA500 has an IP address in the range entered.

Step 5. Enter 192.168.75.101, which is the address of PC1 where the DNS Server is running in the Primary DNS (Optional) field.

Now it is required to add the user.

Create User Credentials for VPN Client

Step 1. Choose VPN > IP Sec > IP Sec Users from the Security Appliance Configuration Utility of the SA540. The IP Sec Users page opens.

Step 2. Enter the desired username in the User Name Field.

Step 3. Enter appropriate password in the Password field and Confirm Password field.

Step 4. Click Apply to apply the settings.

DNS Setup Overview on PC1

Here nico.com is the domain created on PC1. This domain name can be anything. The lab-pc3 is the name of computer PC1. ping-pc.nico.com is the dns name of the PC1. This domain name can be anything. sa520.nico.com is the dns name of SA540 device. This will be used by the PC2 to access with DNS names.

Setup VPN Client on PC2

Step 1. Enter the name of VPN connection in Connection Entry Field.

Step 2. Enter the desired description of the connection for any future reference in the Description field.

Step 3. Enter the WAN IP that is 192.168.3.118 of the SA540 as it is the Remote Endpoint in Host field.

Step 4. Click Group Authentication radio button to choose the Group Authentication option. This is due to the VPN Policy settings configured on SA540.

Step 5. Enter the name DNStest in Name field and exact password in Password and Confirm Password field as it was set during configuring VPN policy settings on SA540 in step 5 of set up VPN policy.

Step 6. Click Save to save the settings.

Step 7. After saving select the connection and click connect. The User Authentication dialog appears. Enter the same Username and Password as configured during IPSec user configuration on SA540 in Step 3 of Create User Credentials for VPN Client.

Step 9. Click Ok.

Step 10.To check the connection status Right click on the connection icon in the taskbar.

Step 11. Now in the browser, in the URL section enter the dns name of SA540 device to directly access SA540 device. In this case the dns name is www.sa520.nico.com.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents