Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco VPN 3000 Series Concentrators

Configuring the Cisco VPN 3000 Concentrator and the Network Associates PGP Client

Downloads

Document ID: 10135


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Configure the Network Associates PGP Client to Connect to the Cisco VPN 3000 Concentrator
Configure the Cisco VPN 3000 Concentrator to Accept Connections from Network Associates PGP Client
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document describes how to configure both the Cisco VPN 3000 Concentrator and the Network Associates Pretty Good Privacy (PGP) Client running version 6.5.1 to accept connections from each other.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco VPN 3000 Concentrator Version 4.7

  • Networks Associates PGP Client version 6.5.1

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configure the Network Associates PGP Client to Connect to the Cisco VPN 3000 Concentrator

Use this procedure to configure the Network Associates PGP Client to connect to the VPN 3000 Concentrator.

  1. Launch PGPNet > Hosts.

  2. Click Add and then click Next.

  3. Choose the Gateway option, and click Next.

    PGP_VPN01.gif

  4. Enter a descriptive name for the connection and click Next.

    PGP_VPN02.gif

  5. Enter the host domain name or the IP address of the public interface of the VPN 3000 Concentrator and click Next.

    PGP_VPN03.gif

  6. Choose Use public-key cryptographic security only and click Next.

    PGP_VPN04.gif

  7. Select Yes, and click Next. When you add a new host or subnet, it allows you to reach private networks after your connection is secured.

    PGP_VPN05.gif

  8. Select Subnet and click Next.

    PGP_VPN06.gif

  9. Choose Allow insecure communications and click Next.

    The VPN 3000 Concentrator handles the security of the connection, not the PGP client software.

    PGP_VPN07.gif

  10. Enter a descriptive name to uniquely identify the networks to which you connect and click Next.

    PGP_VPN08.gif

  11. Enter the network number and the subnet mask for the network behind the VPN 3000 Concentrator and click Next.

    PGP_VPN09.gif

  12. If there are more internal networks, choose Yes. Otherwise, choose No and click Next.

    PGP_VPN10.gif

Configure the Cisco VPN 3000 Concentrator to Accept Connections from Network Associates PGP Client

Use this procedure to configure the Cisco VPN 3000 Concentrator to accept connections from a Network Associates PGP Client:

  1. Select Configuration > Tunneling and Security > IPSec > IKE Proposals.

  2. Activate the IKE-3DES-SHA-DSA proposal by selecting it in the Inactive Proposals column. Next, click the Activate button and then click the Save Needed button.

  3. Select Configuration > Policy Management > Traffic Management > SAs.

  4. Click Add.

  5. Leave all except these fields at their default settings:

    • SA Name: Create a unique name to identify this.

    • Digital Certificate: Choose the installed server identify certificate.

    • IKE Proposal: Select IKE-3DES-SHA-DSA.

  6. Click Add.

  7. Select Configuration > User Management > Groups, click Add Group, and configure these fields:

    Note: If all your users are PGP Clients, you can use the Base Group (Configuration > User Management > Base Group) instead of creating new groups. If so, skip the steps for the Identity tab and complete steps 1 and 2 for the IPSec tab only.

    Under the Identity tab, enter this information:

    1. Group Name: Enter a unique name. (This group name must be equal to the OU field in the PGP Client's digital certificate.)

    2. Password: Enter the password for the group.

    Under the IPSec tab, enter this information:

    1. Authentication: Set this to None.

    2. Mode Configuration: Uncheck this.

  8. Click Add.

  9. Save as needed throughout.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.
NetPro Discussion Forums - Featured Conversations for VPN
Service Providers: VPN Service Architectures
Service Providers: Network Management
Virtual Private Networks: Security
Virtual Private Networks: General

Related Information

Updated: Jan 14, 2008Document ID: 10135