Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
Securing Cisco IOS Networks Study Guide - Carl Timm.pdf
9.74 Mб

Introduction to the Cisco VPN 3.5 Client


but as mentioned previously, they’re optional. Finally, in step 7, the show crypto map interface command can be used to verify Easy VPN Server operation.

Pre-Configuring the Cisco VPN 3.5 Client

I know that this book isn’t a how-to on customer relations, but I’ve often observed a direct correlation between users having software-related decisions to make and an increase in annoying telephone conversations between users and engineers. Therefore, it’s usually in everyone’s best interest to just remove that tempting ability from the keyboards of your expert users altogether. This is especially helpful because you’re ultimately concerned about the security of the entire network—your control is utterly essential to getting the job done right. Cisco seems to understand the ruinous potential of this little conflict and has provided a way to streamline the installation of the VPN 3.5 Client on Windows.

As the administrator of a Cisco VPN 3.5 Client installation, you have the ability to pre-configure the connection configuration covered in the section “Introduction to the Cisco VPN 3.5 Client” earlier in this chapter. And there’s more. You can even protect the user from making messy, uninformed decisions during the installation of the VPN Client, such as, “Which directory should I install the software into?” You do this by creating three text files, which you then place in the same directory as the setup.exe file you used to install the VPN Client software:

The oem.ini file The oem.ini file installs the VPN Client without user intervention. You get to perform tasks such as force the machine to reload after installation, select the directory to install the software into, and even my personal favorite, turn off all user prompts during installation— yes! In the end, the only thing the user is left to do is double-click the setup.exe icon, and the file takes care of every standard query that follows during installation.

The vpnclient.ini file The vpnclient.ini file is used to configure the global parameters of the VPN Client, which are not normally queried as part of the installation wizard and are therefore not covered in the oem.ini file. You can customize these global parameters to whatever settings are appropriate for your environment.

The .pcf files .pcf files add connection entries. You need to create one file for each connection you want to add, and you can use as many entries as you wish. Just put them in the same directory as the setup.exe file, and they’ll be added to the VPN Client.

Refer to the documentation that came with your particular VPN Client software for the exact syntax of these files.

So there you have it. By using these three files, you can completely pre-configure the Cisco VPN 3.5 Client and reclaim the network that is rightfully yours! The only thing left to do is send out a memo and somehow get users to run the setup.exe program on the VPN Client machine.

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.