How to Configure Individual User Authentication for VPN 3002 Hardware Client

Document ID: 12412

Introduction
Prerequisites
      Requirements
      Components Used
      Network Diagram
      Conventions
Configure the Cisco VPN 3000 Concentrator for Individual User Authentication
Configure the Cisco VPN 3002 Hardware Client
Use the Individual User Authentication Feature
Verify
Troubleshoot
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document describes the procedures used to configure the Individual User Authentication feature for the Cisco VPN 3002 Hardware Client. The feature is introduced in version 3.5. With this feature enabled, users behind the Cisco VPN 3002 Hardware Client must perform a user authentication with the use of a web browser before they can send traffic through the VPN Hardware Client. This feature provides extra security since it only allows authorized users the capability to send traffic through the Cisco VPN 3002 Hardware Client.

Prerequisites

Requirements

This document assumes that the user is already familiar with how to set up IPSec VPN tunnels between the Cisco VPN 3002 Hardware Client and a VPN 3000 Concentrator.

Components Used

The information in this document is based on these software and hardware versions:

Cisco VPN 3030 Concentrator Version 3.5
Cisco VPN 3002 Hardware Client Version 3.5

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Network Diagram

This document uses this network setup:

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configure the Cisco VPN 3000 Concentrator for Individual User Authentication

This procedure describes the steps used to enable the Individual User Authentication feature for a Cisco VPN 3000 Concentrator.

Select Configuration > User Management > Groups > Modify and choose the VPN Concentrator you wish to configure.
Click the General tab and specify the Domain Name System (DNS) and Windows Internet Naming Service (WINS) server IP addresses that you want sent to the host behind the Cisco VPN 3002 Hardware Client.
Click the IPSec tab and select Internal from the Authentication drop-down list to use Internal Authentication for the Cisco VPN 3002 Hardware Client and click Apply.
Click the Mode Config tab and select Tunnel everything for the Split Tunneling Policy to send all traffic through the tunnel.
Click on the HW Client tab and select Require Individual User Authentication to turn on the Individual User Authentication feature and click Apply.
Select Configuration > User Management > Users > Modify vpn3002client. Enter vpn3002client next to User Name and click Apply to authenticate the Cisco VPN 3002 Hardware Client.
Enter user1 next to User Name and click Apply to add the Individual User Authentication.

Note: If the external authentication method is used for the Individual User Authentication feature, ensure that the authentication server is defined on top of the authentication servers list under Configuration > System > Servers > Authentication.

Configure the Cisco VPN 3002 Hardware Client

There are no configurations required for the Cisco VPN 3002 Hardware Client. This screen shot is from the VPN section.

Use the Individual User Authentication Feature

Complete these steps to use the Individual User Authentication feature.

Verify the VPN tunnel has been established between the Cisco VPN 3002 Hardware Client and Cisco VPN 3000 Concentrator.

This can be verified from either the VPN Hardware Client or the VPN Concentrator.
- From the Cisco VPN 3002 Hardware Client, select Monitoring > System Status.
- From the Cisco VPN 3000 Concentrator, select Monitoring > System Status.
Users behind the Cisco VPN 3002 Hardware Client who want to send traffic through the VPN tunnel must first perform a user authentication with the use of a web browser. Open a web browser and go to the internal IP address of the Cisco VPN 3002 Hardware Client or to any IP address reachable through the VPN tunnel.
Click Connection/Login Status.
Click Log In Now, enter your username and password, and click Continue.
After a successful user authentication, users can pass traffic through the Cisco VPN 3002 Hardware Client. When the authentication is finished, click Log Out Now.

Note: From the Cisco VPN 3000 Concentrator, an administrator can monitor which users behind the Cisco VPN 3002 Hardware Client have logged in. To do this, select Monitoring > Sessions > Detail.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.

NetPro Discussion Forums - Featured Conversations for VPN

Service Providers: VPN Service Architectures

Service Providers: Network Management

Virtual Private Networks: Security

Virtual Private Networks: General

Related Information

Updated: Jan 14, 2008

Document ID: 12412

Hierarchical Navigation

Cisco VPN 3000 Series Concentrators