Cisco Systems OL-5490-01 manual Enable Transport Tunneling, Transparent Tunneling Mode

Page 51

Chapter 4 Configuring Connection Entries

Transport Parameters

Enable Transport Tunneling

Transparent tunneling allows secure transmission between the VPN Client and a secure gateway through a router serving as a firewall. The router might also be configured for Network Address Translation (NAT) or Port Address Translations (PAT).

Transparent tunneling encapsulates Protocol 50 (ESP) traffic within UDP packets. It allows for both IKE (UDP 500) and Protocol 50 to be encapsulated in TCP packets before they are sent through the NAT or PAT devices and/or firewalls. The most common application for transparent tunneling is behind a home router performing PAT.

Not all devices support multiple simultaneous connections behind them. Some cannot map additional sessions to unique source ports. Check with your device's vendor to see if this limitation exists. Some vendors support Protocol 50 (ESP) PAT, which might let you operate without enabling transparent tunneling.

To use transparent tunneling, the IPSec group in the Cisco VPN device must be configured to support it.

Transparent Tunneling is enabled by default. To disable this parameter, clear the check box. We recommend that you keep this parameter enabled.

Transparent Tunneling Mode

The transparent tunneling mode you select must match the mode used by the VPN device providing your connection to the private network.

If you select IPSec over UDP (NAT/PAT), the default mode, the port number is negotiated.

If you select TCP, you must enter the port number for TCP in the TCP port field. This port number must match the port number configured on the VPN device. The default port number is 10000.

Note Either mode operates properly through a PAT device. Multiple simultaneous connections might work better with TCP, and if you are in an extranet environment, TCP mode is preferable. UDP does not operate with stateful firewalls. Use TCP with this configuration.

Allow Local LAN Access

The Allow Local LAN Access parameter gives you access to resources on your local LAN when you are connected through a secure gateway to a central-site VPN device.

When this parameter is enabled:

You can access local resources (printer, fax, shared files, other systems) while connected.

You can access up to 10 networks. A network administrator at the central site configures a list of networks at the VPN Client side that you can access.

If you are connected to a central site, all traffic from your system goes through the IPSec tunnel except traffic to the networks excluded from doing so (in the network list).

If enabled on the VPN Client and permitted on the central-site VPN device, you can see a list of the local LANs that are available by choosing Statistics from the Status menu and clicking the Route Details tab. For more information, see the “Route Details” section on page 7-10.

VPN Client User Guide for Mac OS X

 

OL-5490-01

4-7

 

 

 

Page 50 Page 52
Image 51
Page 50 Page 52
Contents VPN Client User Guide for Mac OS VPN Client User Guide for Mac OS N T E N T S Authentication Changing the Password on a Personal Certificate Notifications Audience ContentsRelated Documentation TerminologyDocument Conventions Documentation CD-ROM Obtaining DocumentationData Formats Cisco.comObtaining Technical Assistance Ordering DocumentationDocumentation Feedback Cisco TAC Website Technical Assistance CenterCisco TAC Escalation Center Obtaining Additional Publications and InformationConnection Technologies Understanding the VPN ClientVPN Client Overview Program Features VPN Client FeaturesAdministrator Guide IPSec Features Authentication FeaturesIPSec Attribute Description VPN Client IPSec AttributesXauth OL-5490-01 Gathering Information You Need Verifying System RequirementsObtaining the VPN Client Software Preconfiguring the VPN ClientPreconfiguring the Global Profile Preconfiguring the User ProfileAuthentication Installing the VPN ClientAuthorization Window Introduction VPN Client Installation ProcessSelecting the Application Destination Accepting the License AgreementSelect Destination Window Choosing the Installation TypeEasy Install Window 10 Install Software Progress Window 11 Successful Installation Confirmation Window CLI Version Install Script Notes Uninstalling the VPN ClientSudo /usr/local/bin/vpnuninstall Enter your password OL-5490-01 VPN Client Menu Navigating the User InterfaceChoosing a Run Mode Operating in Simple ModeVPN Client Window-Simple Mode Main Menus-Simple Mode Connection Entries MenuStatus Menu VPN Client Window-Advanced Mode Operating in Advanced ModeMain Tabs-Advanced Mode Toolbar Action Buttons-Advanced ModeConnection Entries Menu Main Menus-Advanced Mode10 Status Menu Certificates MenuLog Menu Right-Click Menus14 Connection Entries Right-Click Menu Connection Entries Tab Right-Click Menu15 Certificates Tab Right-Click Menu Certificates Tab Right-Click MenuCreating a Connection Entry Configuring Connection EntriesVPN Client Window Group Authentication Authentication MethodsCertificate Authentication Mutual Group AuthenticationCertificate Authentication Transport Parameters Transport SettingsEnable Transport Tunneling Transparent Tunneling ModeAllow Local LAN Access Peer Response Timeout Backup ServersEnter the hostname or IP address of the backup server to add Configuring Connection Entries Backup Servers Establishing a Connection Checking Prerequisites2shows the VPN Client window in simple mode Choosing Authentication Methods Connecting to a Default Connection EntryShared Key Authentication Radius Server Authentication VPN Group Name and Password AuthenticationUser Authentication for Radius SecurID AuthenticationUser Authentication for RSA SecurID Using Digital CertificatesEnrolling and Managing Certificates Using the Certificate StoreCertificate Store Enrolling CertificatesOnline Certificate Enrollment Entry Field Description Managing Enrollment Requests Viewing the Enrollment RequestDeleting an Enrollment Request Retrying an Enrollment Request Changing the Password on an Enrollment RequestViewing a Certificate Importing a CertificateCertificate Properties Whether the export is successful Exporting a CertificateSuccessful Export Prompt Deleting a CertificateVerifying a Certificate 11 Password Prompt for Deleting Enrollment CertificatesChanging the Password on a Personal Certificate Importing a Connection Entry Managing Connection EntriesImport VPN Connection Modifying a Connection EntryDeleting a Connection Entry Connection Entry SettingsEvent Logging Enable LoggingSet Logging Options Clear LoggingLog Class Description Module Logging Levels Opening the Log WindowLog Window Viewing StatisticsField Description Tunnel DetailsRoute Details Cisco VPN Client Administrator Guide lists allStatistics Window-Route Details Notifications10 Notifications Window D E IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8
Top Page Image Contents