VPN Client IPSec Attributes | Cisco Systems OL-5490-01 specs

Chapter 1 Understanding the VPN Client

VPN Client Features

Table 1-4 IPSec Features (continued)

IPSec Feature	Description

Split tunneling	The ability to simultaneously direct packets over the Internet in
	clear text and encrypted through an IPSec tunnel. The VPN device
	supplies a list of networks to the VPN Client for tunneled traffic.
	You enable split tunneling on the VPN Client and configure the
	network list on the VPN device.

Support for Split DNS	The ability to direct DNS packets in clear text over the Internet to
	domains served through an external DNS (serving your ISP) or
	through an IPSec tunnel to domains served by the corporate DNS.
	The VPN server supplies a list of domains to the VPN Client for
	tunneling packets to destinations in the private network. For
	example, a query for a packet destined for corporate.com would go
	through the tunnel to the DNS that serves the private network, while
	a query for a packet destined for myfavoritesearch.com would be
	handled by the ISP's DNS. This feature is configured on the VPN
	server (VPN Concentrator) and enabled on the VPN Client by
	default. To use Split DNS, you must also have split tunneling
	configured.

VPN Client IPSec Attributes

The VPN Client supports the IPSec attributes listed in Table 1-5.

Table 1-5 IPSec Attributes

IPSec Attribute	Description

Main Mode and Aggressive	Ways to negotiate phase one of establishing ISAKMP Security
Mode	Associations (SAs)

Authentication algorithms	• HMAC (Hashed Message Authentication Coding) with MD5
		(Message Digest 5) hash function
	• HMAC with SHA-1 (Secure Hash Algorithm) hash function

Authentication Modes	•	Preshared Keys
	•	Mutual Group Authentication
	•	X.509 Digital Certificates

Diffie-Hellman Groups	• Group 1 = 768-bit prime modulus
	• Group 2 = 1024-bit prime modulus
	• Group 5 = 1536 prime modulus

		Note See the Cisco VPN Client Administrator Guide for more
				information about DH Group 5.


Encryption algorithms	• 56-bit DES (Data Encryption Standard)
	•	168-bit Triple-DES
	• AES 128-bit and 256-bit

VPN Client User Guide for Mac OS X

1-6	OL-5490-01

Image 18

Cisco Systems OL-5490-01 manual VPN Client IPSec Attributes, IPSec Attribute Description

Contents

VPN Client User Guide for Mac OS VPN Client User Guide for Mac OS N T E N T S Authentication Changing the Password on a Personal Certificate Notifications Contents Audience Related Documentation TerminologyDocument Conventions Cisco.com Obtaining DocumentationData Formats Documentation CD-ROM Obtaining Technical Assistance Ordering DocumentationDocumentation Feedback Technical Assistance Center Cisco TAC Website Obtaining Additional Publications and Information Cisco TAC Escalation Center Understanding the VPN Client Connection Technologies VPN Client Overview VPN Client Features Program Features Administrator Guide Authentication Features IPSec Features VPN Client IPSec Attributes IPSec Attribute Description Xauth OL-5490-01 Verifying System Requirements Gathering Information You Need Preconfiguring the VPN Client Obtaining the VPN Client Software Preconfiguring the User Profile Preconfiguring the Global Profile Installing the VPN Client Authentication Authorization Window VPN Client Installation Process Introduction Accepting the License Agreement Selecting the Application Destination Choosing the Installation Type Select Destination Window Easy Install Window 10 Install Software Progress Window 11 Successful Installation Confirmation Window Uninstalling the VPN Client CLI Version Install Script Notes Sudo /usr/local/bin/vpnuninstall Enter your password OL-5490-01 Navigating the User Interface VPN Client Menu Choosing a Run Mode Operating in Simple ModeVPN Client Window-Simple Mode Main Menus-Simple Mode Connection Entries MenuStatus Menu Operating in Advanced Mode VPN Client Window-Advanced Mode Toolbar Action Buttons-Advanced Mode Main Tabs-Advanced Mode Main Menus-Advanced Mode Connection Entries Menu Certificates Menu 10 Status Menu Right-Click Menus Log Menu Connection Entries Tab Right-Click Menu 14 Connection Entries Right-Click Menu Certificates Tab Right-Click Menu 15 Certificates Tab Right-Click Menu Configuring Connection Entries Creating a Connection Entry VPN Client Window Authentication Methods Group Authentication Mutual Group Authentication Certificate Authentication Certificate Authentication Transport Settings Transport Parameters Enable Transport Tunneling Transparent Tunneling ModeAllow Local LAN Access Backup Servers Peer Response Timeout Enter the hostname or IP address of the backup server to add Configuring Connection Entries Backup Servers Checking Prerequisites Establishing a Connection 2shows the VPN Client window in simple mode Choosing Authentication Methods Connecting to a Default Connection EntryShared Key Authentication VPN Group Name and Password Authentication Radius Server Authentication SecurID Authentication User Authentication for Radius Using Digital Certificates User Authentication for RSA SecurID Using the Certificate Store Enrolling and Managing Certificates Enrolling Certificates Certificate Store Online Certificate Enrollment Entry Field Description Managing Enrollment Requests Viewing the Enrollment RequestDeleting an Enrollment Request Changing the Password on an Enrollment Request Retrying an Enrollment Request Importing a Certificate Viewing a Certificate Certificate Properties Exporting a Certificate Whether the export is successful Deleting a Certificate Successful Export Prompt 11 Password Prompt for Deleting Enrollment Certificates Verifying a Certificate Changing the Password on a Personal Certificate Managing Connection Entries Importing a Connection Entry Modifying a Connection Entry Import VPN Connection Connection Entry Settings Deleting a Connection Entry Enable Logging Event Logging Clear Logging Set Logging Options Log Class Description Module Opening the Log Window Logging Levels Viewing Statistics Log Window Tunnel Details Field Description Cisco VPN Client Administrator Guide lists all Route Details Notifications Statistics Window-Route Details 10 Notifications Window D E IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8