Chapter 1 Understanding the VPN Client
VPN Client Features
Table
IPSec Feature | Description |
|
|
Split tunneling | The ability to simultaneously direct packets over the Internet in |
| clear text and encrypted through an IPSec tunnel. The VPN device |
| supplies a list of networks to the VPN Client for tunneled traffic. |
| You enable split tunneling on the VPN Client and configure the |
| network list on the VPN device. |
|
|
Support for Split DNS | The ability to direct DNS packets in clear text over the Internet to |
| domains served through an external DNS (serving your ISP) or |
| through an IPSec tunnel to domains served by the corporate DNS. |
| The VPN server supplies a list of domains to the VPN Client for |
| tunneling packets to destinations in the private network. For |
| example, a query for a packet destined for corporate.com would go |
| through the tunnel to the DNS that serves the private network, while |
| a query for a packet destined for myfavoritesearch.com would be |
| handled by the ISP's DNS. This feature is configured on the VPN |
| server (VPN Concentrator) and enabled on the VPN Client by |
| default. To use Split DNS, you must also have split tunneling |
| configured. |
|
|
VPN Client IPSec Attributes
The VPN Client supports the IPSec attributes listed in Table
Table
IPSec Attribute | Description |
| |||
|
|
| |||
Main Mode and Aggressive | Ways to negotiate phase one of establishing ISAKMP Security |
| |||
Mode | Associations (SAs) |
| |||
|
|
| |||
Authentication algorithms | • HMAC (Hashed Message Authentication Coding) with MD5 |
| |||
|
| (Message Digest 5) hash function |
| ||
| • HMAC with |
| |||
|
|
|
| ||
Authentication Modes | • | Preshared Keys |
| ||
| • | Mutual Group Authentication |
| ||
| • | X.509 Digital Certificates |
| ||
|
|
| |||
• Group 1 = |
| ||||
| • Group 2 = |
| |||
| • Group 5 = 1536 prime modulus |
| |||
|
|
|
|
|
|
|
| Note See the Cisco VPN Client Administrator Guide for more |
| ||
|
|
|
| information about DH Group 5. |
|
|
|
|
| ||
|
|
| |||
Encryption algorithms | • |
| |||
| • |
| |||
| • AES |
| |||
|
|
|
|
|
|
VPN Client User Guide for Mac OS X
| ||
|