Just figured out how much (or how little) work is required to do this. The simple answer: just use the supplied CCA client-side tool to do it. I managed to get it right the first time, so I would assume it's really not that hard. From the client, select Security->VPN Server. That will bring up the VPN config form. There's only 3 things you need to do: 1. Create a user account That's about it really. I'm not sure what split tunneling means, so perhaps anyone who uses it can share this info. On the VPN client, when creating the config for this server, remember that the group name is EZVPN_GROUP_1. The name cannot be changed from the UI, but I suspect if you are to muck around the CLI you can have any name you desire. This is probably the easiest VPN config I've encountered to date!
|
|||
 |
UC500.comCisco Communication Manager Express, UC520, SMB VOIP reference and community |
PIX to UC500 VPN
Can anyone post the UC500 side of this if they have a working VPN to PIX or ASA? Thanks :)
Split Tunnels in UC500
This is basically allow you access to certian IP ranges within the VPN, if you want access to 10.1.10.1 CUE Default, you need to put in 10.1.10.0 (Allows access to all the 10.1.10.X ip addresses fromt the VPN) 255.255.255.0 (Full Class C). Also it's important to put your IP Address range that you are on so that you don't lose access to your network while VPN-ing into another network. Example 192.168.1.0 is a home address. you will need to specify this IP address in the Split Tunnel so that you can have access to your local network resources while you are VPN'ing into another network domain.
Cisco VPN Client
I did what was described in the first post, but when im trying to connect with Cisco VPN client, after i put in my configured username and passord, it just disconnects. any ideas why? All the pre-shared keys are identical
I have checked the Cisco
I have checked the Cisco site every day the last week, desperately looking for CCA 1.5, but it still says that 1.1 is the latest release. Romours are that it will be published tonight....
For very basic setup of the UC the CCA is OK, but it's totally useless if you want to go any further.
I know. That's why I ended up
I know. That's why I ended up back in CLI-level config. I do think there's value even in CCA 1.x in that it creates the basic stuff, then you jump in and clean it up.
Has anyone managed to create
Has anyone managed to create a static VPN from the UC to an ASA or Pix? I feel that the CCA leaves a lot to be desired here as well....
IPSec VPN
I have an IPSec static VPN between the UC520 and a Cisco 871 router with no problems. configured via CLI. should work the same with PIX or ASA.
CCA 1.5/2 may be better
Which version of CCA are you using? Mine came with 1.0 so that's not very useful. But as with all ver 1.0s, you'd should expect better with 1.5, or 2.0 if you can get it.
Me, I'm trying to get the cisco user account from my vendor so I can download it as well.
split tunneling
FYI, split tunneling allows the VPN client to access its current network as well as the remote VPN network at the same time. Without split tunneling, the client would only have access to the network of the remote VPN, and internet access would come through the remote site also. This is a security feature, so that the client can't be compromized from an external source and be used to access the VPN network. with split tunneling enabled, the vpn client can access remote VPN resources, as well as it's local network, and local internet connection. in most cases, where security isnt a concern, split tunneling can be enabled for ease of use.
I like that
Some VPNs I know route everything through the VPN. It's difficult for me to get some online reference while troubleshooting clients.
Sounds like this split tunnelling is what I'm looking for...
Changing the VPN group
I just renamed my VPN group via the CLI. It works, but it also means that you won't be able to use the CCA to manage it anymore. At least that's true for CCA 1.0. Hopefully with 1.1 it'll be better.