Manualshelf

System information

ManualsBrandsCisco ManualsComputer equipment3005 - VPN Concentrator - Gateway
31323334353637383940
162 Chapter 4: Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys
That is all that you need to configure on the VPN concentrator. Click the Modify button to save
your work to the active configuration and return to the Groups screen shown in Figure 4-19. Be
sure to click the Save Needed icon to save your configuration changes to the boot configuration.
To configure the client firewall capability or hardware client features, or if you are using either
the PPTP or L2TP tunneling protocols, continue configuring the group settings using the Client
FW, HW Client, and PPTP/L2TP tabs discussed in the following sections.
Modify Groups—Client FW Tab
The Client FW tab permits you to configure firewall options for Cisco VPN Clients running on
a Microsoft Windows platform. Client firewall support is disabled by default but can be enabled
on this tab. A stateful firewall is built into the VPN Client, but other commercially available
firewalls can be used and operate as a separate application that runs on the Windows platform.
Firewalls inspect each inbound and outbound packet to determine if the packet should be
forwarded toward its destination or whether the packet should be dropped. These decisions are
made using rules defined in firewall policies. Firewalls provide an extra measure of protection
to systems and corporate networks, especially when split tunneling is used.
The VPN concentrator can support client firewalls in three different ways:
Each client can individually manage its own personal firewall policy.
The VPN concentrator can push a centralized firewall policy to each client.
A separate, standalone firewall server can be used to manage and enforce firewall policy
usage on VPN Client devices.
Figure 4-24 shows the configuration options that are available on the Client FW tab for these
three types of firewall management. The following bulleted items discuss the options shown on
the Client FW tab screen:
Firewall Setting—This attribute is used to enable or disable firewall support for the users
connecting through this group. The available settings are as follows:
No Firewall—This is the default setting for a new group. When this option is
checked, the VPN concentrator ignores VPN Client firewall settings.
Firewall Required—When this option is checked, every VPN Client peer that
connects through this group must use the firewall specified for this group. If the
peer is not using the correct firewall, the VPN concentrator drops the connection
and notifies the VPN Client of the mismatch.
Firewall Optional—Setting the firewall to optional can be used when all your
VPN Client users are not currently running firewalls on their systems. Choosing
this option lets users without firewalls connect, giving them a warning message.
Those users with firewalls installed must be using the correct firewall; the VPN
concentrator and VPN Client then manage the firewall policy according to the
settings contained on this Client FW tab.
chpt_04.fm Page 162 Friday, April 4, 2003 9:19 AM