2. Clients

There is nothing that inherently stops clients other than the Cisco VPN client from connecting to the OUCS VPN Service. For example, the open-source vpn client vpnc works well. However, many vendors choose not to support the protocols needed.

The following parameters may help in the configuration of a third-party IPSec client.

ParameterValue
Server platform Cisco ASA 5500 series
Server hostname vpn.ox.ac.uk
Transport mode IPSec, IPSec/TCP or IPSec/UDP
Authentication mode IKE Extended Authentication (Xauth)
IPSec group name oxford
IPSec group password See the IPSec secret in this document.
Xauth username your Remote Access username
Xauth password your Remote Access password

The following IKE proposals are supported.

Authentication AlgorithmEncryption AlgorithmDiffie-Hellman Group
MD5/HMAC-128 3DES-168 Group 2
MD5/HMAC-128 3DES-168 Group 5
SHA/HMAC-160 AES-128 Group 2

The service does not allow split tunnelling by VPN clients.

Up: Contents Previous: 1. Firewalls