Cisco Systems OL-5490-01 manual Authentication Features, IPSec Features

Page 17

Chapter 1 Understanding the VPN Client

VPN Client Features

Table 1-2 Program Features (continued)

Program Feature	Description

Connect on open	This feature lets a user connect to the default user profile when starting
	the VPN Client. You can enable this feature on the Preferences menu
	under the VPN Client tab.

VPN Client API	VPN Client provides an application programming interface for
	performing VPN Client tasks without using the command-line or
	graphical interfaces that Cisco provides. This API comes with a user
	guide for programmers, which is in a format that can be edited.

Authentication Features

The VPN Client supports the authentication features listed in Table 1-3.

Table 1-3 Authentication Features

Authentication Feature	Description

User authentication through	• Internal through the VPN device’s database
VPN central-site device	• RADIUS (Remote Authentication Dial-In User Service)
	• RADIUS (Remote Authentication Dial-In User Service)
	• NT Domain (Windows NT)
	• RSA (formerly SDI) SecurID or SoftID

Certificate Management	Allows you to manage the certificates in the certificate stores.

Certificate Authorities (CAs)	CAs that support PKI SCEP enrollment.

Peer Certificate Distinguished	Prevents a VPN Client from connecting to an invalid gateway by
Name Verification	using a stolen but valid certificate and a hijacked IP address. If the
	attempt to verify the domain name of the peer certificate fails, the
	VPN Client connection also fails.

IPSec Features

The VPN Client supports the IPSec features listed in Table 1-4

Table 1-4 IPSec Features

		IPSec Feature	Description

		Tunnel Protocol	IPSec

		Transparent tunneling	• IPSec over UDP for NAT and PAT
			• IPSec over TCP for NAT and PAT

		Key Management protocol	Internet Key Exchange (IKE)

		IKE Keepalives	A tool for monitoring the continued presence of a peer and report
			the VPN Client’s continued presence to the peer. This lets the VPN
			Client notify you when the peer is no longer present. Another type
			of keepalives keeps NAT ports alive.

			VPN Client User Guide for Mac OS X
			VPN Client User Guide for Mac OS X

	OL-5490-01				1-5
	OL-5490-01				1-5

Image 17

Contents VPN Client User Guide for Mac OS VPN Client User Guide for Mac OS N T E N T S Authentication Changing the Password on a Personal Certificate Notifications Audience ContentsDocument Conventions Related DocumentationTerminology Data Formats Obtaining DocumentationCisco.com Documentation CD-ROMDocumentation Feedback Obtaining Technical AssistanceOrdering Documentation Cisco TAC Website Technical Assistance CenterCisco TAC Escalation Center Obtaining Additional Publications and InformationConnection Technologies Understanding the VPN Client VPN Client Overview Program Features VPN Client FeaturesAdministrator Guide IPSec Features Authentication FeaturesIPSec Attribute Description VPN Client IPSec AttributesXauth OL-5490-01 Gathering Information You Need Verifying System RequirementsObtaining the VPN Client Software Preconfiguring the VPN ClientPreconfiguring the Global Profile Preconfiguring the User ProfileAuthentication Installing the VPN ClientAuthorization Window Introduction VPN Client Installation ProcessSelecting the Application Destination Accepting the License AgreementSelect Destination Window Choosing the Installation TypeEasy Install Window 10 Install Software Progress Window 11 Successful Installation Confirmation Window CLI Version Install Script Notes Uninstalling the VPN ClientSudo /usr/local/bin/vpnuninstall Enter your password OL-5490-01 VPN Client Menu Navigating the User InterfaceVPN Client Window-Simple Mode Choosing a Run ModeOperating in Simple Mode Status Menu Main Menus-Simple ModeConnection Entries Menu VPN Client Window-Advanced Mode Operating in Advanced ModeMain Tabs-Advanced Mode Toolbar Action Buttons-Advanced ModeConnection Entries Menu Main Menus-Advanced Mode10 Status Menu Certificates MenuLog Menu Right-Click Menus14 Connection Entries Right-Click Menu Connection Entries Tab Right-Click Menu15 Certificates Tab Right-Click Menu Certificates Tab Right-Click MenuCreating a Connection Entry Configuring Connection EntriesVPN Client Window Group Authentication Authentication MethodsCertificate Authentication Mutual Group AuthenticationCertificate Authentication Transport Parameters Transport SettingsAllow Local LAN Access Enable Transport TunnelingTransparent Tunneling Mode Peer Response Timeout Backup ServersEnter the hostname or IP address of the backup server to add Configuring Connection Entries Backup Servers Establishing a Connection Checking Prerequisites2shows the VPN Client window in simple mode Shared Key Authentication Choosing Authentication MethodsConnecting to a Default Connection Entry Radius Server Authentication VPN Group Name and Password AuthenticationUser Authentication for Radius SecurID AuthenticationUser Authentication for RSA SecurID Using Digital CertificatesEnrolling and Managing Certificates Using the Certificate StoreCertificate Store Enrolling CertificatesOnline Certificate Enrollment Entry Field Description Deleting an Enrollment Request Managing Enrollment RequestsViewing the Enrollment Request Retrying an Enrollment Request Changing the Password on an Enrollment RequestViewing a Certificate Importing a CertificateCertificate Properties Whether the export is successful Exporting a CertificateSuccessful Export Prompt Deleting a CertificateVerifying a Certificate 11 Password Prompt for Deleting Enrollment CertificatesChanging the Password on a Personal Certificate Importing a Connection Entry Managing Connection EntriesImport VPN Connection Modifying a Connection EntryDeleting a Connection Entry Connection Entry SettingsEvent Logging Enable LoggingSet Logging Options Clear LoggingLog Class Description Module Logging Levels Opening the Log WindowLog Window Viewing StatisticsField Description Tunnel DetailsRoute Details Cisco VPN Client Administrator Guide lists allStatistics Window-Route Details Notifications10 Notifications Window D E IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8