Certificate Authentication | Cisco Systems OL-5490-01 guide

Chapter 4 Configuring Connection Entries

Authentication Methods

Figure 4-4 Certificate Authentication

Step 2 Select a certificate from the Name drop-down menu.

If the Name field displays No Certificates Installed, you must first enroll or import a certificate before you can use this feature. See the “Enrolling Certificates” section on page 6-2or “Importing a Certificate” section on page 6-7for more information.

Step 3 To send CA certificate chains, check the Send CA Certificate Chain check box. This parameter is disabled by default.

A CA certificate chain includes all CA certificates in the certificate hierarchy from the root certificate. This must be installed on the VPN Client to identify each certificate. This feature enables a peer VPN Concentrator to trust the VPN Client's identity certificate given the same root certificate, without having the same subordinate CA certificates actually installed.

The following is an example of a certificate chain:

•On the VPN Client, you have this chain in the certificate hierarchy:

a.Root Certificate

b.CA Certificate 1

c.CA Certificate 2

d.Identity Certificate

•On the VPN Concentrator, you have this chain in the certificate hierarchy

a.Root Certificate

b.CA Certificate

c.Identity Certificate

Though the identity certificates are issued by different CA certificates, the VPN device can still trust the VPN Client's identity certificate, because it has received the chain of certificates installed on the VPN Client PC.

This feature provides flexibility because the intermediate CA certificates do not need to be installed on the peer.

Step 4 Click Save. The Connection Entry dialog box closes and you return to the Connection Entries tab.

VPN Client User Guide for Mac OS X

	OL-5490-01	4-5

Image 49

Cisco Systems OL-5490-01 manual Certificate Authentication

Contents

VPN Client User Guide for Mac OS VPN Client User Guide for Mac OS N T E N T S Authentication Changing the Password on a Personal Certificate Notifications Audience Contents Terminology Related DocumentationDocument Conventions Data Formats Obtaining DocumentationCisco.com Documentation CD-ROM Ordering Documentation Obtaining Technical AssistanceDocumentation Feedback Cisco TAC Website Technical Assistance Center Cisco TAC Escalation Center Obtaining Additional Publications and Information Connection Technologies Understanding the VPN Client VPN Client Overview Program Features VPN Client Features Administrator Guide IPSec Features Authentication Features IPSec Attribute Description VPN Client IPSec Attributes Xauth OL-5490-01 Gathering Information You Need Verifying System Requirements Obtaining the VPN Client Software Preconfiguring the VPN Client Preconfiguring the Global Profile Preconfiguring the User Profile Authentication Installing the VPN Client Authorization Window Introduction VPN Client Installation Process Selecting the Application Destination Accepting the License Agreement Select Destination Window Choosing the Installation Type Easy Install Window 10 Install Software Progress Window 11 Successful Installation Confirmation Window CLI Version Install Script Notes Uninstalling the VPN Client Sudo /usr/local/bin/vpnuninstall Enter your password OL-5490-01 VPN Client Menu Navigating the User Interface Operating in Simple Mode Choosing a Run ModeVPN Client Window-Simple Mode Connection Entries Menu Main Menus-Simple ModeStatus Menu VPN Client Window-Advanced Mode Operating in Advanced Mode Main Tabs-Advanced Mode Toolbar Action Buttons-Advanced Mode Connection Entries Menu Main Menus-Advanced Mode 10 Status Menu Certificates Menu Log Menu Right-Click Menus 14 Connection Entries Right-Click Menu Connection Entries Tab Right-Click Menu 15 Certificates Tab Right-Click Menu Certificates Tab Right-Click Menu Creating a Connection Entry Configuring Connection Entries VPN Client Window Group Authentication Authentication Methods Certificate Authentication Mutual Group Authentication Certificate Authentication Transport Parameters Transport Settings Transparent Tunneling Mode Enable Transport TunnelingAllow Local LAN Access Peer Response Timeout Backup Servers Enter the hostname or IP address of the backup server to add Configuring Connection Entries Backup Servers Establishing a Connection Checking Prerequisites 2shows the VPN Client window in simple mode Connecting to a Default Connection Entry Choosing Authentication MethodsShared Key Authentication Radius Server Authentication VPN Group Name and Password Authentication User Authentication for Radius SecurID Authentication User Authentication for RSA SecurID Using Digital Certificates Enrolling and Managing Certificates Using the Certificate Store Certificate Store Enrolling Certificates Online Certificate Enrollment Entry Field Description Viewing the Enrollment Request Managing Enrollment RequestsDeleting an Enrollment Request Retrying an Enrollment Request Changing the Password on an Enrollment Request Viewing a Certificate Importing a Certificate Certificate Properties Whether the export is successful Exporting a Certificate Successful Export Prompt Deleting a Certificate Verifying a Certificate 11 Password Prompt for Deleting Enrollment Certificates Changing the Password on a Personal Certificate Importing a Connection Entry Managing Connection Entries Import VPN Connection Modifying a Connection Entry Deleting a Connection Entry Connection Entry Settings Event Logging Enable Logging Set Logging Options Clear Logging Log Class Description Module Logging Levels Opening the Log Window Log Window Viewing Statistics Field Description Tunnel Details Route Details Cisco VPN Client Administrator Guide lists all Statistics Window-Route Details Notifications 10 Notifications Window D E IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8