Cisco Systems OL-5490-01 manual Authentication Features, IPSec Features

Program Feature

Description

Connect on open

This feature lets a user connect to the default user profile when starting

the VPN Client. You can enable this feature on the Preferences menu

under the VPN Client tab.

VPN Client API

VPN Client provides an application programming interface for

performing VPN Client tasks without using the command-line or

graphical interfaces that Cisco provides. This API comes with a user

guide for programmers, which is in a format that can be edited.

Authentication Feature

Description

User authentication through

• Internal through the VPN device’s database

VPN central-site device

• RADIUS (Remote Authentication Dial-In User Service)

• NT Domain (Windows NT)

• RSA (formerly SDI) SecurID or SoftID

Certificate Management

Allows you to manage the certificates in the certificate stores.

Certificate Authorities (CAs)

CAs that support PKI SCEP enrollment.

Peer Certificate Distinguished

Prevents a VPN Client from connecting to an invalid gateway by

Name Verification

using a stolen but valid certificate and a hijacked IP address. If the

attempt to verify the domain name of the peer certificate fails, the

VPN Client connection also fails.

IPSec Feature

Description

Tunnel Protocol

IPSec

Transparent tunneling

• IPSec over UDP for NAT and PAT

• IPSec over TCP for NAT and PAT

Key Management protocol

Internet Key Exchange (IKE)

IKE Keepalives

A tool for monitoring the continued presence of a peer and report

the VPN Client’s continued presence to the peer. This lets the VPN

Client notify you when the peer is no longer present. Another type

of keepalives keeps NAT ports alive.

VPN Client User Guide for Mac OS X

OL-5490-01

1-5