Cisco Systems OL-5490-01 Choosing Authentication Methods

5-3

VPN Client User Guide for Mac OS X

OL-5490-01

Chapter5 Establishing a VPN Connection

Choosing Authentication Methods

The status bar at the bottom of the main VPN Client window displays your connection status. When

connected, the left side of the status bar indicates the connection entry name and the right side displays

the amount of time that the VPN tunnel has been established.

Connecting to a Default Connection Entry

If you have configured a default connection entry (sometimes called default user or default profile), the

VPN Client uses this connection entry when it starts. The name of this feature is Connect on Open. You

can enable it on the Preferences menu, see “VPN Client Menu”. An administrator configures this feature

for you. For information, see the VPN Client Administrator Guide. For information on setting a

connection entry to be the default, see “Creating a Connection Entry”.

Choosing Authentication Methods

User authentication means proving that you are a valid user of this private network. User authentication

is optional. Your network administrator determines whether user authentication is required.

The VPN Client supports:

•Shared key or VPN group name and group password for authenticating the VPN device

•Mutual group authentication, using a root certificate generally installed by your network

administrator

•RADIUS server, RSA Security (SecurID), Digital Certificates for authenticating the user.

The authentication prompts displayed during the connection process depend on the configuration of your

IPSec group. Refer to appropriate section in this chapter for more information on the user authentication

method configured for each connection entry.

Note User names and passwords are case-sensitive. You have three opportunities to enter the correct

information before an error message indicates that authentication failed. Contact your network

administrator if you cannot pass user authentication.

The following sections describe each user authentication method that the VPN Client supports.

Shared Key Authentication

The shared key authentication method uses the username and shared key password for authentication

(Figure 5-4). The shared key password must be the same as the shared key password configured on the

VPN device that is providing the connection to the private network.

Contents

Main VPN Client User Guide for Mac OS X Page CONTENTS Page Page Page About This Guide Audience Contents Related Documentation Terminology Document Conventions Data Formats Obtaining Documentation Cisco.com Documentation CD-ROM Ordering Documentation Documentation Feedback Obtaining Technical Assistance Cisco.com Technical Assistance Center Cisco TAC Website Cisco TAC Escalation Center Obtaining Additional Publications and Information Understanding the VPN Client Connection Technologies VPN Client Overview VPN Client Features Program Features Page Authentication Features IPSec Features VPN Client IPSec Attributes Page Page Installing the VPN Client Verifying System Requirements Gathering Information You Need Obtaining the VPN Client Software Preconfiguring the VPN Client Preconfiguring the User Profile Preconfiguring the Global Profile Bundling a Root Certificate with the Installation Package for Darwin Installing the VPN Client Authentication Page VPN Client Installation Process Introduction Accepting the License Agreement Selecting the Application Destination Choosing the Installation Type Page Page Page CLI Version Install Script Notes Uninstalling the VPN Client Page Page Navigating the User Interface VPN Client Menu Choosing a Run Mode Operating in Simple Mode VPN Client WindowSimple Mode Main MenusSimple Mode Connection Entries Menu Status Menu Operating in Advanced Mode VPN Client WindowAdvanced Mode Toolbar Action ButtonsAdvanced Mode Main TabsAdvanced Mode Main MenusAdvanced Mode Connection Entries Menu Status Menu Certificates Menu Log Menu Right-Click Menus Connection Entries Tab Right-Click Menu Certificates Tab Right-Click Menu Configuring Connection Entries Creating a Connection Entry Page Authentication Methods Group Authentication Mutual Group Authentication Certificate Authentication Page Transport Parameters Enable Transport Tunneling Transparent Tunneling Mode Allow Local LAN Access Peer Response Timeout Backup Servers Page Page Establishing a VPN Connection Checking Prerequisites Establishing a Connection Page Connecting to a Default Connection Entry Choosing Authentication Methods Shared Key Authentication VPN Group Name and Password Authentication RADIUS Server Authentication SecurID Authentication Using Digital Certificates Enrolling and Managing Certificates Using the Certificate Store Enrolling Certificates Page Page Managing Enrollment Requests Viewing the Enrollment Request Deleting an Enrollment Request Changing the Password on an Enrollment Request Retrying an Enrollment Request Importing a Certificate Viewing a Certificate Page Exporting a Certificate Deleting a Certificate Verifying a Certificate Changing the Password on a Personal Certificate Managing the VPN Client Managing Connection Entries Importing a Connection Entry Modifying a Connection Entry Deleting a Connection Entry Event Logging Enable Logging Clear Logging Set Logging Options Page Opening the Log Window Viewing Statistics Tunnel Details Route Details Notifications Page INDEX A B C D E F G H I K L M N O P Q R S T U V W X