I was helping a client get VPN connectivity into the network to allow for easy administration and support. Using remote control software like gotomeeting, logmeinpro, or crossloop was ok for a while it requires somebody to initiate a request for the connection. Unattended features are available but it involves sharing owner credentials which might not be ideal. This is why I still like to set up VPN connectivity as a secure alternative.
The first step was to determine if the appliance currently in place was VPN-capable. It was. Next is to conigure it, assumimg passwords were known which they weren’t. Then we had to locate the console cable and determine the correct ios revision in order to download the correct version of the password recovery tool. Once the correct tool version is downloaded, I had to find a tftp server because the PIX model was disk-less. I usually use tftp32.exe which is a free download and easy to use. Once tftp daemon server service was all set up, I was able to run the password recovery tool to erase the passwords and change them to something else.
Now that I was able to login, I changed the current vpngroup user password. I used an unsecured wireless connection in the building and this allowed me to test connecting via the Cisco VPN client. It worked out well on the first attempt and I was connected with no issues. I was lucky the vpn configurations was previously set up and all I neeeded to do was change the passowrds. I was also lucky that there was an unsecured wireless connection I could test from.
The only thing left to do now is to tie the logins to an LDAP server. I wonder if a newer cisco VPN client is needed for that. Where can I download that without requiring an online cisco userid and password? I don’t think this is important right now. I’m sure it will need to be addressed soon as we continue to use VPN in this company for a broader range of audiences with varying needs.