This article covers the basics of how to set up VPN for your network. Although VPNs vary greatly in the level of complexity, these are the basic areas you need to configure in order to have your VPN up and running. The following examples refer to a hardware based setup, more specifically for Cisco devices. However, the fundamental principles remain the same for other vendors.
This guide assumes that you have already made the necessary decisions — such as whether to have a site-to-site or remote-access setup — that you have a fixed IP to which to connect, and that this is the first VPN device on your network. (You may use your donated equipment to connect to an existing VPN server.)
The setup of your VPN will depend greatly on the extent to which you need to open up your network to clients outside your premises, the number of clients it will support, and the type clients they are.
If you are using an ASA security device, like the ASA5510, you can use the Cisco Adaptive Security Device Manager (ASDM) to configure your VPN settings, along with other features like firewall rules and network address translation (NAT) settings. The GUI will depend on the ASA version you are running, and the corresponding version of the ASDM. Check the comprehensive ASA Series Documentation page for complete links. You may also choose to use the CLI if you are familiar with the commands used.
If you are using an Integrated Services Router (ISR), like the 800 Series, you can use the Cisco Configuration Professional (CCP) tool or the CLI.
If you are using a Cisco Smart Business Communications product, such as the SR500 series router, you can use the Cisco Configuration Assistant program to set up your device.
There are three key aspects of the VPN connection: identity, encryption, and tunneling. Each has a specific set of standards to make it all work together.
To simplify the management of all these aspects, your Cisco donation may have a default setup called "Easy VPN," which is a single group with common characteristics. Users only need a pre-shared key — like you would need when joining a Wi-Fi network, for instance — with the addition of a username and password authentication.
Your clients who work away from the office need an application to connect to the server you just set up. Cisco client applications, also called "AnyConnect," are available for all major platforms, including Apple devices. Default operating system VPN client applications may also work, depending on your setup. You can download a Cisco VPN client from the Cisco site. You will need your Cisco.com login to access this download.
Your device may support "SSL VPN" licensing, which allows clients to connect to the VPN using a browser. SSL VPN involves using a standard web browser for authentication and access to your VPN server, without a separate client. This is particularly useful for allowing access to web applications hosted internally, but it can be extended to other applications and servers as well. If your SSL VPN users exceed the number of licenses given, you can upgrade your device using an SSL VPN license pack.
Image: VPN (Virtual Private Network) - Illustration Concept in Flat Design Style for presentation, booklet, website etc. Network security illustration., Shutterstock
Join today to access donations and discounts for your nonprofit or library.
Already a member?