VPN
Configuring Teleworker VPN Client
Cisco ISA500 Series Integrated Security Appliances Administration Guide 371
8
the connection will form one logical network. PAT will be automatically
disabled, allowing the PCs and hosts at both ends of the connection to
have direct access to one another.
• VLAN: If you choose NEM, specify the VLAN that permits access from and
to the private network of the IPsec VPN server.
• User Name: Enter the username used by the Teleworker VPN client to
establish a VPN connection.
• User Password: Enter the password used by the Teleworker VPN client to
establish a VPN connection.
STEP 4 In the Zone Access Control tab, you can control access from the zones in your
network to the remote network if the Teleworker VPN client works in Client mode.
Click Permit to permit access, or click Deny to deny access.
NOTE: The VPN firewall rules that are automatically generated by the zone access
control settings will be added to the list of firewall rules with the priority higher
than the default firewall rules, but lower than the custom firewall rules.
STEP 5 In the Advanced Settings tab, enter the following information.
• Backup Server 1/2/3: Enter the IP address or hostname for the backup
server. You can specify up to three servers as backup. When the connection
to the primary IPsec VPN server fails, the security appliance can initiate the
VPN connection to the backup servers. The backup server 1 has the highest
priority and the backup server 3 has the lowest priority.
NOTE: The Teleworker VPN client can get the backup servers from the IPsec
VPN server during the tunnel negotiation. The backup servers specified on
the IPsec VPN server have higher priority than the back servers specified on
the Teleworker VPN client. When the primary connection fails, first try to
connect to the backup servers specified on the IPsec VPN server, and then
try to connect to the backup servers specified on the Teleworker VPN client.
• Peer Timeout: Enter the value of detection timeout in seconds. If no
response and no traffic from the primary server or the backup server over
the timeout, declare the peer dead. The default value is 120 seconds.
STEP 6 Click OK to save your settings.
STEP 7 A warning message appears saying “Do you want to make this connection active
when the settings are saved? (Only one connection can be active at a time.)”