Cisco Systems OL-5490-01 manual VPN Client IPSec Attributes, IPSec Attribute Description

Page 18

Chapter 1 Understanding the VPN Client

VPN Client Features

Table 1-4 IPSec Features (continued)

IPSec Feature

Description

 

 

Split tunneling

The ability to simultaneously direct packets over the Internet in

 

clear text and encrypted through an IPSec tunnel. The VPN device

 

supplies a list of networks to the VPN Client for tunneled traffic.

 

You enable split tunneling on the VPN Client and configure the

 

network list on the VPN device.

 

 

Support for Split DNS

The ability to direct DNS packets in clear text over the Internet to

 

domains served through an external DNS (serving your ISP) or

 

through an IPSec tunnel to domains served by the corporate DNS.

 

The VPN server supplies a list of domains to the VPN Client for

 

tunneling packets to destinations in the private network. For

 

example, a query for a packet destined for corporate.com would go

 

through the tunnel to the DNS that serves the private network, while

 

a query for a packet destined for myfavoritesearch.com would be

 

handled by the ISP's DNS. This feature is configured on the VPN

 

server (VPN Concentrator) and enabled on the VPN Client by

 

default. To use Split DNS, you must also have split tunneling

 

configured.

 

 

VPN Client IPSec Attributes

The VPN Client supports the IPSec attributes listed in Table 1-5.

Table 1-5 IPSec Attributes

IPSec Attribute

Description

 

 

 

 

Main Mode and Aggressive

Ways to negotiate phase one of establishing ISAKMP Security

 

Mode

Associations (SAs)

 

 

 

 

Authentication algorithms

HMAC (Hashed Message Authentication Coding) with MD5

 

 

 

(Message Digest 5) hash function

 

 

HMAC with SHA-1 (Secure Hash Algorithm) hash function

 

 

 

 

 

Authentication Modes

Preshared Keys

 

 

Mutual Group Authentication

 

 

X.509 Digital Certificates

 

 

 

 

Diffie-Hellman Groups

Group 1 = 768-bit prime modulus

 

 

Group 2 = 1024-bit prime modulus

 

 

Group 5 = 1536 prime modulus

 

 

 

 

 

 

 

 

 

Note See the Cisco VPN Client Administrator Guide for more

 

 

 

 

 

information about DH Group 5.

 

 

 

 

 

 

 

 

Encryption algorithms

56-bit DES (Data Encryption Standard)

 

 

168-bit Triple-DES

 

 

AES 128-bit and 256-bit

 

 

 

 

 

 

 

VPN Client User Guide for Mac OS X

1-6

OL-5490-01

 

 

Image 18
Contents VPN Client User Guide for Mac OS VPN Client User Guide for Mac OS N T E N T S Authentication Changing the Password on a Personal Certificate Notifications Contents AudienceRelated Documentation TerminologyDocument Conventions Cisco.com Obtaining DocumentationData Formats Documentation CD-ROMObtaining Technical Assistance Ordering DocumentationDocumentation Feedback Technical Assistance Center Cisco TAC WebsiteObtaining Additional Publications and Information Cisco TAC Escalation CenterUnderstanding the VPN Client Connection TechnologiesVPN Client Overview VPN Client Features Program FeaturesAdministrator Guide Authentication Features IPSec FeaturesVPN Client IPSec Attributes IPSec Attribute DescriptionXauth OL-5490-01 Verifying System Requirements Gathering Information You NeedPreconfiguring the VPN Client Obtaining the VPN Client SoftwarePreconfiguring the User Profile Preconfiguring the Global ProfileInstalling the VPN Client AuthenticationAuthorization Window VPN Client Installation Process IntroductionAccepting the License Agreement Selecting the Application DestinationChoosing the Installation Type Select Destination WindowEasy Install Window 10 Install Software Progress Window 11 Successful Installation Confirmation Window Uninstalling the VPN Client CLI Version Install Script NotesSudo /usr/local/bin/vpnuninstall Enter your password OL-5490-01 Navigating the User Interface VPN Client MenuChoosing a Run Mode Operating in Simple ModeVPN Client Window-Simple Mode Main Menus-Simple Mode Connection Entries MenuStatus Menu Operating in Advanced Mode VPN Client Window-Advanced ModeToolbar Action Buttons-Advanced Mode Main Tabs-Advanced ModeMain Menus-Advanced Mode Connection Entries MenuCertificates Menu 10 Status MenuRight-Click Menus Log MenuConnection Entries Tab Right-Click Menu 14 Connection Entries Right-Click MenuCertificates Tab Right-Click Menu 15 Certificates Tab Right-Click MenuConfiguring Connection Entries Creating a Connection EntryVPN Client Window Authentication Methods Group AuthenticationMutual Group Authentication Certificate AuthenticationCertificate Authentication Transport Settings Transport ParametersEnable Transport Tunneling Transparent Tunneling ModeAllow Local LAN Access Backup Servers Peer Response TimeoutEnter the hostname or IP address of the backup server to add Configuring Connection Entries Backup Servers Checking Prerequisites Establishing a Connection2shows the VPN Client window in simple mode Choosing Authentication Methods Connecting to a Default Connection EntryShared Key Authentication VPN Group Name and Password Authentication Radius Server AuthenticationSecurID Authentication User Authentication for RadiusUsing Digital Certificates User Authentication for RSA SecurIDUsing the Certificate Store Enrolling and Managing CertificatesEnrolling Certificates Certificate StoreOnline Certificate Enrollment Entry Field Description Managing Enrollment Requests Viewing the Enrollment RequestDeleting an Enrollment Request Changing the Password on an Enrollment Request Retrying an Enrollment RequestImporting a Certificate Viewing a CertificateCertificate Properties Exporting a Certificate Whether the export is successfulDeleting a Certificate Successful Export Prompt11 Password Prompt for Deleting Enrollment Certificates Verifying a CertificateChanging the Password on a Personal Certificate Managing Connection Entries Importing a Connection EntryModifying a Connection Entry Import VPN ConnectionConnection Entry Settings Deleting a Connection EntryEnable Logging Event LoggingClear Logging Set Logging OptionsLog Class Description Module Opening the Log Window Logging LevelsViewing Statistics Log WindowTunnel Details Field DescriptionCisco VPN Client Administrator Guide lists all Route DetailsNotifications Statistics Window-Route Details10 Notifications Window D E IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8