Cisco Systems OL-5490-01 manual Administrator Guide

Page 16

Chapter 1 Understanding the VPN Client

VPN Client Features

Table 1-2 Program Features (continued)

 

 

 

 

Program Feature

Description

 

 

 

 

 

 

 

 

 

 

Automatic VPN Client

The ability to import a configuration file.

 

 

 

 

configuration option

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Event logging

The VPN Client log collects events for viewing and analysis.

 

 

 

 

 

 

 

 

 

 

NAT Transparency (NAT-T)

Enables the VPN Client and the VPN device to automatically detect

 

 

 

 

 

when to use IPSec over UDP to work properly in Port Address

 

 

 

 

 

Translation (PAT) environments.

 

 

 

 

 

 

 

 

 

 

Update of a centrally controlled

The VPN Client learns the backup VPN server list when the

 

 

 

 

backup server list

connection is established. This feature is configured on the VPN

 

 

 

 

 

device and pushed to the VPN Client. The backup servers for each

 

 

 

 

 

connection entry are listed on the Backup Servers tab.

 

 

 

 

 

 

 

 

 

 

Set MTU size

The VPN Client automatically sets a size that is optimal for your

 

 

 

 

 

environment. However, you can also set the MTU size manually. For

 

 

 

 

 

information on adjusting the MTU size, see the VPN Client

 

 

 

 

 

Administrator Guide.

 

 

 

 

 

 

 

 

 

 

Support for Dynamic DNS

The VPN Client sends its hostname to the VPN device when the

 

 

 

 

(DDNS hostname population)

connection is established. If this occurs, the VPN device can send

 

 

 

 

 

the hostname in a DHCP request. This causes the DNS server to

 

 

 

 

 

update its database to include the new hostname and VPN Client

 

 

 

 

 

address.

 

 

 

 

 

 

 

 

 

 

Notifications

Software update notifications from the VPN server upon

 

 

 

 

 

connection.

 

 

 

 

 

 

 

 

 

 

Launching from notification

Ability to launch a location site containing upgrade software from a

 

 

 

 

 

VPN server notification.

 

 

 

 

 

 

 

 

 

 

Alerts (Delete with reason)

The VPN Client provides you with a reason code or reason text

 

 

 

 

 

when a disconnect occurs. The VPN Client supports the delete with

 

 

 

 

 

reason function for client-initiated disconnects,

 

 

 

 

 

concentrator-initiated disconnects, and IPSec deletes.

 

 

 

 

 

 

If you are using a GUI VPN Client, a pop-up message appears

 

 

 

 

 

 

 

 

stating the reason for the disconnect, the message is appended

 

 

 

 

 

 

 

 

to the Notifications log, and is logged in the IPSec log (Log

 

 

 

 

 

 

 

 

Viewer window).

 

 

 

 

 

 

If you are using a command-line client, the message appears on

 

 

 

 

 

 

 

 

your terminal and is logged in the IPSec log.

 

 

 

 

 

 

For IPSec deletes, which do not tear down the connection, an

 

 

 

 

 

 

 

 

event message appears in the IPSec log file, but no message

 

 

 

 

 

 

 

 

pops up or appears on the terminal.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Note

 

The VPN Concentrator you are connected to must be

 

 

 

 

 

 

 

 

 

running software version 4.0 or later.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Single-SA

The ability to support a single security association (SA) per VPN

 

 

 

 

 

connection. Rather than creating a host-to-network SA pair for each

 

 

 

 

 

split-tunneling network, this feature provides a host-to-ALL approach,

 

 

 

 

 

creating one tunnel for all appropriate network traffic apart from

 

 

 

 

 

whether split-tunneling is in use.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

VPN Client User Guide for Mac OS X

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1-4

 

 

 

 

 

 

 

OL-5490-01

 

 

 

 

 

 

 

 

 

Image 16
Contents VPN Client User Guide for Mac OS VPN Client User Guide for Mac OS N T E N T S Authentication Changing the Password on a Personal Certificate Notifications Contents AudienceTerminology Related DocumentationDocument Conventions Obtaining Documentation Data FormatsCisco.com Documentation CD-ROMOrdering Documentation Obtaining Technical AssistanceDocumentation Feedback Technical Assistance Center Cisco TAC WebsiteObtaining Additional Publications and Information Cisco TAC Escalation CenterUnderstanding the VPN Client Connection TechnologiesVPN Client Overview VPN Client Features Program FeaturesAdministrator Guide Authentication Features IPSec FeaturesVPN Client IPSec Attributes IPSec Attribute DescriptionXauth OL-5490-01 Verifying System Requirements Gathering Information You NeedPreconfiguring the VPN Client Obtaining the VPN Client SoftwarePreconfiguring the User Profile Preconfiguring the Global ProfileInstalling the VPN Client AuthenticationAuthorization Window VPN Client Installation Process IntroductionAccepting the License Agreement Selecting the Application DestinationChoosing the Installation Type Select Destination WindowEasy Install Window 10 Install Software Progress Window 11 Successful Installation Confirmation Window Uninstalling the VPN Client CLI Version Install Script NotesSudo /usr/local/bin/vpnuninstall Enter your password OL-5490-01 Navigating the User Interface VPN Client MenuOperating in Simple Mode Choosing a Run ModeVPN Client Window-Simple Mode Connection Entries Menu Main Menus-Simple ModeStatus Menu Operating in Advanced Mode VPN Client Window-Advanced ModeToolbar Action Buttons-Advanced Mode Main Tabs-Advanced ModeMain Menus-Advanced Mode Connection Entries MenuCertificates Menu 10 Status MenuRight-Click Menus Log MenuConnection Entries Tab Right-Click Menu 14 Connection Entries Right-Click MenuCertificates Tab Right-Click Menu 15 Certificates Tab Right-Click MenuConfiguring Connection Entries Creating a Connection EntryVPN Client Window Authentication Methods Group AuthenticationMutual Group Authentication Certificate AuthenticationCertificate Authentication Transport Settings Transport ParametersTransparent Tunneling Mode Enable Transport TunnelingAllow Local LAN Access Backup Servers Peer Response TimeoutEnter the hostname or IP address of the backup server to add Configuring Connection Entries Backup Servers Checking Prerequisites Establishing a Connection2shows the VPN Client window in simple mode Connecting to a Default Connection Entry Choosing Authentication MethodsShared Key Authentication VPN Group Name and Password Authentication Radius Server AuthenticationSecurID Authentication User Authentication for RadiusUsing Digital Certificates User Authentication for RSA SecurIDUsing the Certificate Store Enrolling and Managing CertificatesEnrolling Certificates Certificate StoreOnline Certificate Enrollment Entry Field Description Viewing the Enrollment Request Managing Enrollment RequestsDeleting an Enrollment Request Changing the Password on an Enrollment Request Retrying an Enrollment RequestImporting a Certificate Viewing a CertificateCertificate Properties Exporting a Certificate Whether the export is successfulDeleting a Certificate Successful Export Prompt11 Password Prompt for Deleting Enrollment Certificates Verifying a CertificateChanging the Password on a Personal Certificate Managing Connection Entries Importing a Connection EntryModifying a Connection Entry Import VPN ConnectionConnection Entry Settings Deleting a Connection EntryEnable Logging Event LoggingClear Logging Set Logging OptionsLog Class Description Module Opening the Log Window Logging LevelsViewing Statistics Log WindowTunnel Details Field DescriptionCisco VPN Client Administrator Guide lists all Route DetailsNotifications Statistics Window-Route Details10 Notifications Window D E IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8