Cisco Systems OL-5490-01

1-4

VPN Client User Guide for Mac OS X

OL-5490-01

Chapter1 Understanding the VPN Client

VPN Client Features

Automatic VPN Client

configuration option

The ability to import a configuration file.

Event logging The VPN Client log collects events for viewing and analysis.

NAT Transparency (NAT-T) Enables the VPN Client and the VPN device to automatically detect

when to use IPSec over UDP to work properly in Port Address

Translation (PAT) environments.

Update of a centrally controlled

backup server list

The VPN Client learns the backup VPN server list when the

connection is established. This feature is configured on the VPN

device and pushed to the VPN Client. The backup servers for each

connection entry are listed on the Backup Servers tab.

Set MTU size The VPN Client automatically sets a size that is optimal for your

environment. However, you can also set the MTU size manually. For

information on adjusting the MTU size, see the VPN Client

Administrator Guide.

Support for Dynamic DNS

(DDNS hostname population)

The VPN Client sends its hostname to the VPN device when the

connection is established. If this occurs, the VPN device can send

the hostname in a DHCP request. This causes the DNS server to

update its database to include the new hostname and VPN Client

address.

Notifications Software update notifications from the VPN server upon

connection.

Launching from notification Ability to launch a location site containing upgrade software from a

VPN server notification.

Alerts (Delete with reason) The VPN Client provides you with a reason code or reason text

when a disconnect occurs. The VPN Client supports the delete with

reason function for client-initiated disconnects,

concentrator-initiated disconnects, and IPSec deletes.

•If you are using a GUI VPN Client, a pop-up message appears

stating the reason for the disconnect, the message is appended

to the Notifications log, and is logged in the IPSec log (Log

Viewer window ).

•If you are using a command-line client, the message appears on

your terminal and is logged in the IPSec log.

•For IPSec deletes, which do not tear down the connection, an

event message appears in the IPSec log file, but no message

pops up or appears on the terminal.

Note The VPN Concentrator you are connected to must be

running software version 4.0 or later.

Single-SA The ability to support a single security association (SA) per VPN

connection. Rather than creating a host-to-network SA pair for each

split-tunneling network, this feature provides a host-to-ALL approach,

creating one tunnel for all appropriate network traffic apart from

whether split-tunneling is in use.

Table1-2 Program Features (continued)

Program Feature Description