Guest

Cisco VPN 3000 Series Concentrators

Configuring the Cisco VPN 3000 Concentrator and the Network Associates PGP Client

Cisco - Configuring the Cisco VPN 3000 Concentrator and the Network Associates PGP Client

Document ID: 10135

Updated: Jan 14, 2008

   Print

Introduction

This document describes how to configure both the Cisco VPN 3000 Concentrator and the Network Associates Pretty Good Privacy (PGP) Client running version 6.5.1 to accept connections from each other.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco VPN 3000 Concentrator Version 4.7

  • Networks Associates PGP Client version 6.5.1

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configure the Network Associates PGP Client to Connect to the Cisco VPN 3000 Concentrator

Use this procedure to configure the Network Associates PGP Client to connect to the VPN 3000 Concentrator.

  1. Launch PGPNet > Hosts.

  2. Click Add and then click Next.

  3. Choose the Gateway option, and click Next.

    PGP_VPN01.gif

  4. Enter a descriptive name for the connection and click Next.

    PGP_VPN02.gif

  5. Enter the host domain name or the IP address of the public interface of the VPN 3000 Concentrator and click Next.

    PGP_VPN03.gif

  6. Choose Use public-key cryptographic security only and click Next.

    PGP_VPN04.gif

  7. Select Yes, and click Next. When you add a new host or subnet, it allows you to reach private networks after your connection is secured.

    PGP_VPN05.gif

  8. Select Subnet and click Next.

    PGP_VPN06.gif

  9. Choose Allow insecure communications and click Next.

    The VPN 3000 Concentrator handles the security of the connection, not the PGP client software.

    PGP_VPN07.gif

  10. Enter a descriptive name to uniquely identify the networks to which you connect and click Next.

    PGP_VPN08.gif

  11. Enter the network number and the subnet mask for the network behind the VPN 3000 Concentrator and click Next.

    PGP_VPN09.gif

  12. If there are more internal networks, choose Yes. Otherwise, choose No and click Next.

    PGP_VPN10.gif

Configure the Cisco VPN 3000 Concentrator to Accept Connections from Network Associates PGP Client

Use this procedure to configure the Cisco VPN 3000 Concentrator to accept connections from a Network Associates PGP Client:

  1. Select Configuration > Tunneling and Security > IPSec > IKE Proposals.

  2. Activate the IKE-3DES-SHA-DSA proposal by selecting it in the Inactive Proposals column. Next, click the Activate button and then click the Save Needed button.

  3. Select Configuration > Policy Management > Traffic Management > SAs.

  4. Click Add.

  5. Leave all except these fields at their default settings:

    • SA Name: Create a unique name to identify this.

    • Digital Certificate: Choose the installed server identify certificate.

    • IKE Proposal: Select IKE-3DES-SHA-DSA.

  6. Click Add.

  7. Select Configuration > User Management > Groups, click Add Group, and configure these fields:

    Note: If all your users are PGP Clients, you can use the Base Group (Configuration > User Management > Base Group) instead of creating new groups. If so, skip the steps for the Identity tab and complete steps 1 and 2 for the IPSec tab only.

    Under the Identity tab, enter this information:

    1. Group Name: Enter a unique name. (This group name must be equal to the OU field in the PGP Client's digital certificate.)

    2. Password: Enter the password for the group.

    Under the IPSec tab, enter this information:

    1. Authentication: Set this to None.

    2. Mode Configuration: Uncheck this.

  8. Click Add.

  9. Save as needed throughout.

Related Information

Updated: Jan 14, 2008
Document ID: 10135