2. Clients
There is nothing that inherently stops clients other than the Cisco VPN client from connecting to the OUCS VPN Service. For example, the open-source vpn client vpnc works well. However, many vendors choose not to support the protocols needed.
The following parameters may help in the configuration of a third-party IPSec client.
| Parameter | Value |
|---|---|
| Server platform | Cisco ASA 5500 series |
| Server hostname | vpn.ox.ac.uk |
| Transport mode | IPSec, IPSec/TCP or IPSec/UDP |
| Authentication mode | IKE Extended Authentication (Xauth) |
| IPSec group name | oxford |
| IPSec group password | See the IPSec secret in
this document.
|
| Xauth username | your Remote Access username |
| Xauth password | your Remote Access password |
The following IKE proposals are supported.
| Authentication Algorithm | Encryption Algorithm | Diffie-Hellman Group |
|---|---|---|
| MD5/HMAC-128 | 3DES-168 | Group 2 |
| MD5/HMAC-128 | 3DES-168 | Group 5 |
| SHA/HMAC-160 | AES-128 | Group 2 |
The service does not allow split tunnelling by VPN clients.
Up: Contents Previous: 1. Firewalls