Cisco VPN Client User Guide For Mac OS X - Carleton University
Cisco VPN Client User Guide for Mac OS XRelease 4.0April 2003Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax: 408 526-4100Customer Order Number:Text Part Number: OL-3138-02
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALLSTATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUTWARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THATSHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSEOR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s publicdomain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITHALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUTLIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OFDEALING, USAGE, OR TRADE PRACTICE.IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCOOR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, iQ Net ReadinessScorecard, Networking Academy, and ScriptShare are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, The Fastest Way to Increase YourInternet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco CertifiedInternetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation,Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, LightStream, MGX, MICA, the Networkers logo,Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, TransPath, and VCOare registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationshipbetween Cisco and any other company. (0303R)Cisco VPN Client User Guide for Mac OS XCopyright 2003, Cisco Systems, Inc.All rights reserved.
C O N T E N T SAbout This GuideAudienceviiContentsviiviiRelated DocumentationTerminologyviiiviiiDocument ConventionsData Formats ixviiiObtaining Documentation ixCisco.com ixDocumentation CD-ROM ixOrdering Documentation xDocumentation Feedback xObtaining Technical Assistance xCisco.com xTechnical Assistance Center xiCisco TAC Website xiCisco TAC Escalation CenterxiiObtaining Additional Publications and InformationCHAPTER1Understanding the VPN Client 1-1Connection Technologies 1-1VPN Client Overview1-1VPN Client Features 1-2Program Features 1-3Authentication Features 1-4IPSec Features 1-5VPN Client IPSec AttributesCHAPTER2xiiInstalling the VPN Client1-62-1Verifying System Requirements2-1Gathering Information You Need2-1Obtaining the VPN Client SoftwarePreconfiguring the VPN Client2-12-2Cisco VPN Client User Guide for Mac OS XOL-3138-02iii
ContentsPreconfiguring the User Profile 2-3Preconfiguring the Global Profile 2-3Installing the VPN Client 2-4Authentication 2-4VPN Client Installation Process 2-5Introduction 2-6Accepting the License Agreement 2-6Selecting the Application Destination 2-7Choosing the Installation Type 2-8CLI Version Install Script Notes 2-12Uninstalling the VPN ClientCHAPTER32-12Navigating the User InterfaceVPN Client Menu3-13-1Choosing a Run Mode3-2Operating in Simple Mode 3-2VPN Client Window—Simple ModeMain Menus—Simple Mode 3-3Connection Entries Menu 3-3Status Menu 3-33-2Operating in Advanced Mode 3-4VPN Client Window—Advanced Mode 3-4Toolbar Action Buttons—Advanced Mode 3-5Main Tabs—Advanced Mode 3-5Main Menus—Advanced Mode 3-6Connection Entries Menu 3-6Status Menu 3-7Certificates Menu 3-7Log Menu 3-8Right-Click Menus 3-8Connection Entries Tab Right-Click Menu 3-9Certificates Tab Right-Click Menu 3-10CHAPTER4Configuring Connection EntriesCreating a Connection Entry4-14-1Authentication Methods 4-4Group Authentication 4-4Certificate Authentication 4-4Cisco VPN Client User Guide for Mac OS XivOL-3138-02
ContentsTransport Parameters 4-6Enable Transport Tunneling 4-7Transparent Tunneling Mode 4-7Allow Local LAN Access 4-7Peer Response Timeout 4-8Backup ServersCHAPTER54-8Establishing a VPN ConnectionChecking Prerequisites5-15-1Establishing a Connection5-1Choosing Authentication Methods 5-3Shared Key Authentication 5-3VPN Group Name and Password AuthenticationRADIUS Server Authentication 5-4SecurID Authentication 5-5Using Digital CertificatesCHAPTER65-45-5Enrolling and Managing CertificatesUsing the Certificate Store6-16-1Enrolling Certificates 6-2Managing Enrollment Requests 6-5Viewing the Enrollment Request 6-5Deleting an Enrollment Request 6-5Changing the Password on an Enrollment RequestRetrying an Enrollment Request 6-6Importing a CertificateViewing a Certificate6-76-7Exporting a Certificate6-9Deleting a Certificate6-10Verifying a Certificate6-11Changing the Password on a Personal CertificateCHAPTER7Managing the VPN Client6-66-117-1Managing Connection Entries 7-1Importing a Connection Entry 7-1Modifying a Connection Entry 7-2Deleting a Connection Entry 7-3Event Logging7-4Cisco VPN Client User Guide for Mac OS XOL-3138-02v
ContentsEnable Logging 7-4Clear Logging 7-5Set Logging Options 7-5Opening the Log Window 7-7Viewing Statistics 7-8Tunnel Details 7-9Route Details 7-10Notifications 7-11INDEXCisco VPN Client User Guide for Mac OS XviOL-3138-02
About This GuideThis VPN Client User Guide describes how to install, use, and manage the Cisco VPN Client for theMacintosh operating system, Version 10.1.5 or later. You can manage the VPN Client for Mac OS X fromthe graphical user interface or from the command-line interface.The VPN Client for Mac OS X installer program installs both the graphical user interface and thecommand-line version of the VPN Client.AudienceThis guide is for remote Clients who want to set up virtual private network (VPN) connections to acentral site. Network administrators can also use this guide for information about configuring andmanaging VPN connections for remote Clients. You should be familiar with the Macintosh platform andknow how to use Macintosh applications. Network administrators should be familiar with Macintoshsystem configuration and management and know how to install, configure, and manage internetworkingsystems.ContentsThis guide contains the following chapters: Chapter 1, “Understanding the VPN Client.” This chapter describes how the VPN Client softwareworks and lists the main features. Chapter 2, “Installing the VPN Client.” This chapter describes how to install the VPN Clientsoftware application. Chapter 3, “Navigating the User Interface.” This chapter describes the main VPN Client windowand the tools, tabs, menus and icons for navigating the user interface. Chapter 4, “Configuring Connection Entries.” This chapter describes how to configure VPN Clientconnection entries, including optional parameters. Chapter 5, “Establishing a VPN Connection.” This chapter describes how to connect to a privatenetwork using the VPN Client, an Internet connection, and the user authentication methodssupported by the VPN Client. Chapter 6, “Enrolling and Managing Certificates.” This chapter describes how to obtain digitalcertificates to use for authentication and how to manage these certificates in the VPN Clientcertificate store.Cisco VPN Client User Guide for Mac OS XOL-3138-02vii
About This GuideRelated Documentation Chapter 7, “Managing the VPN Client.” This chapter describes how to manage VPN Clientconnections, use the event log, and view tunnel details, including packet and routing data.Related DocumentationThe following is a list of user guides and other documentation related to the VPN Client for Mac OS Xand the VPN devices that provide the connection to the private network. Release Notes for the Cisco VPN Client, Release 4.0 Cisco VPN Client Administrator Guide, Release 4.0 Cisco VPN 3000 Series Concentrator Getting Started Guide, Release 4.0 Cisco VPN 3000 Series Concentrator Reference Volume I: Configuration, Release 4.0 Cisco VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release4.0TerminologyIn this user guide: The term Cisco VPN device refers to the following Cisco products:– Cisco IOS devices that support Easy VPN server functionality– VPN 3000 Series Concentrators– Cisco PIX Firewall Series The term “PC” refers generically to any personal computer. The term click means click the left button on a normally-configured multi-button mouse. The termright-click means click the right button on a normally-configured multi-button mouse. If your mousehas only one button, use Ctrl-Click to access the right-click menus.Document ConventionsThis guide uses the following typographic conventions: Boldface font—Describes user actions and commands. Italic font—Describes arguments that you supply the values for. Screen font—Describes terminal sessions and information displayed by the system. Boldface screen font—Describes information that you must enter.Notes use the following conventions:NoteMeans reader take note. Notes contain helpful suggestions or references to material not covered in thepublication.Cautions use the following conventions:Cisco VPN Client User Guide for Mac OS XviiiOL-3138-02
About This GuideObtaining DocumentationCautionMeans reader be careful. Cautions alert you to actions or conditions that could result in equipmentdamage or loss of data.Data FormatsWhen you configure the VPN Client, enter data in these formats unless the instructions indicateotherwise. IP Address—Use standard 4-byte dotted decimal notation (for example, 192.168.12.34). You canomit leading zeros in a byte position. Hostnames—Use legitimate network host or end-system name notation (for example, VPN01).Spaces are not allowed. A hostname must uniquely identify a specific system on a network. Ahostname can be up to 255 characters in length. User names and Passwords—Text strings for user names and passwords use alphanumeric charactersin both upper- and lower-case. Most text strings are case sensitive. For example, simon and Simonwould represent two different user names. The maximum length of user names and passwords isgenerally 32 characters, unless specified otherwise.Obtaining DocumentationCisco provides several ways to obtain documentation, technical assistance, and other technicalresources. These sections explain how to obtain technical information from Cisco Systems.Cisco.comYou can access the most current Cisco documentation on the World Wide Web at this URL:http://www.cisco.com/univercd/home/home.htmYou can access the Cisco website at this URL:http://www.cisco.comInternational Cisco web sites can be accessed from this URL:http://www.cisco.com/public/countries languages.shtmlDocumentation CD-ROMCisco documentation and additional literature are available in a Cisco Documentation CD-ROMpackage, which may have shipped with your product. The Documentation CD-ROM is updated monthlyand may be more current than printed documentation. The CD-ROM package is available as a single unitor through an annual subscription.Registered Cisco.com users can order the Documentation CD-ROM (product numberDOC-CONDOCCD ) through the online Subscription Store:http://www.cisco.com/go/subscriptionCisco VPN Client User Guide for Mac OS XOL-3138-02ix
About This GuideObtaining Technical AssistanceOrdering DocumentationYou can find instructions for ordering documentation at this URL:http://www.cisco.com/univercd/cc/td/doc/es inpck/pdi.htmYou can order Cisco documentation in these ways: Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation fromthe Networking Products ering/index.shtml Registered Cisco.com users can order the Documentation CD-ROM (Customer Order NumberDOC-CONDOCCD ) through the online Subscription Store:http://www.cisco.com/go/subscription Nonregistered Cisco.com users can order documentation through a local account representative bycalling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewherein North America, by calling 800 553-NETS (6387).Documentation FeedbackYou can submit comments electronically on Cisco.com. On the Cisco Documentation home page, clickFeedback at the top of the page.You can e-mail your comments to bug-doc@cisco.com.You can submit your comments by mail by using the response card behind the front cover of yourdocument or by writing to the following address:Cisco SystemsAttn: Customer Document Ordering170 West Tasman DriveSan Jose, CA 95134-9883We appreciate your comments.Obtaining Technical AssistanceCisco provides Cisco.com, which includes the Cisco Technical Assistance Center (TAC) Website, as astarting point for all technical assistance. Customers and partners can obtain online documentation,troubleshooting tips, and sample configurations from the Cisco TAC website. Cisco.com registered usershave complete access to the technical support resources on the Cisco TAC website, including TAC toolsand utilities.Cisco.comCisco.com offers a suite of interactive, networked services that let you access Cisco information,networking solutions, services, programs, and resources at any time, from anywhere in the world.Cisco.com provides a broad range of features and services to help you with these tasks: Streamline business processes and improve productivity Resolve technical issues with online supportCisco VPN Client User Guide for Mac OS XxOL-3138-02
About This GuideObtaining Technical Assistance Download and test software packages Order Cisco learning materials and merchandise Register for online skill assessment, training, and certification programsTo obtain customized information and service, you can self-register on Cisco.com at this URL:http://www.cisco.comTechnical Assistance CenterThe Cisco TAC is available to all customers who need technical assistance with a Cisco product,technology, or solution. Two levels of support are available: the Cisco TAC website and the Cisco TACEscalation Center. The avenue of support that you choose depends on the priority of the problem and theconditions stated in service contracts, when applicable.We categorize Cisco TAC inquiries according to urgency: Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities,product installation, or basic product configuration. Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeablyimpaired, but most business operations continue. Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspectsof business operations. No workaround is available. Priority level 1 (P1)—Your production network is down, and a critical impact to business operationswill occur if service is not restored quickly. No workaround is available.Cisco TAC WebsiteYou can use the Cisco TAC website to resolve P3 and P4 issues yourself, saving both cost and time. Thesite provides around-the-clock access to online tools, knowledge bases, and software. To access theCisco TAC website, go to this URL:http://www.cisco.com/tacAll customers, partners, and resellers who have a valid Cisco service contract have complete access tothe technical support resources on the Cisco TAC website. Some services on the Cisco TAC websiterequire a Cisco.com login ID and password. If you have a valid service contract but do not have a loginID or password, go to this URL to ter.doIf you are a Cisco.com registered user, and you cannot resolve your technical issues by using the CiscoTAC website, you can open a case online at this f you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TACwebsite so that you can describe the situation in your own words and attach any necessary files.Cisco VPN Client User Guide for Mac OS XOL-3138-02xi
About This GuideObtaining Additional Publications and InformationCisco TAC Escalation CenterThe Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. Theseclassifications are assigned when severe network degradation significantly impacts business operations.When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineerautomatically opens a case.To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this /DirTAC.shtmlBefore calling, please check with your network operations center to determine the level of Cisco supportservices to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or NetworkSupported Accounts (NSA). When you call the center, please have available your service agreementnumber and your product serial number.Obtaining Additional Publications and InformationInformation about Cisco products, technologies, and network solutions is available from various onlineand printed sources. The Cisco Product Catalog describes the networking products offered by Cisco Systems as well asordering and customer support services. Access the Cisco Product Catalog at this URL:http://www.cisco.com/en/US/products/products catalog links launch.html Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for newand experienced users: Internetworking Terms and Acronyms Dictionary, InternetworkingTechnology Handbook, Internetworking Troubleshooting Guide, and the Internetworking DesignGuide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:http://www.ciscopress.com Packet magazine is the Cisco monthly periodical that provides industry professionals with the latestinformation about the field of networking. You can access Packet magazine at this bout cisco packet magazine.html iQ Magazine is the Cisco monthly periodical that provides business leaders and decision makerswith the latest information about the networking industry. You can access iQ Magazine at this t id 44699&public view true&kbns 1.html Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineeringprofessionals involved in the design, development, and operation of public and private internets andintranets. You can access the Internet Protocol Journal at this bout cisco the internet protocol journal.html Training—Cisco offers world-class networking training, with current offerings in network traininglisted at this ing recommended training list.htmlCisco VPN Client User Guide for Mac OS XxiiOL-3138-02
C H A P T E R1Understanding the VPN ClientThe Cisco VPN Client for Mac OS X is a software application that runs on any Macintosh computerusing operating system Version 10.1.5 or later. The VPN Client on a remote PC, communicating with aCisco VPN device on an enterprise network or with a service provider, creates a secure connection overthe Internet. This connection allows you to access a private network as if you were an on-site user,creating a Virtual Private Network (VPN).The following VPN devices can terminate VPN connections from VPN Clients: Cisco IOS devices that support Easy VPN server functionality VPN 3000 Series Concentrators Cisco PIX Firewall Series, Version 6.2 or laterWith the graphical user interface for the VPN Client for Mac OS X, you can establish a VPN connectionto a private network; manage connection entries; certificates; events logging; and view tunnel routingdata.You can also manage the VPN Client for Mac OS X using the command-line interface (CLI). If you arerunning Darwin, or if you prefer to manage the VPN Client from the CLI, refer to the Cisco VPN ClientAdministration Guide.Connection TechnologiesThe VPN Client lets you use any of the following technologies to connect to the Internet: POTS (Plain Old Telephone Service)—Uses a dial-up modem to connect. ISDN (Integrated Services Digital Network)—May use a dial-up modem to connect. Cable—Uses a cable modem; always connected. DSL (Digital Subscriber Line)—Uses a DSL modem; always connected.You can also use the VPN Client on a PC with a direct LAN connection.VPN Client OverviewThe VPN Client works with a Cisco VPN device to create a secure connection, called a tunnel, betweenyour computer and a private network. It uses Internet Key Exchange (IKE) and Internet Protocol Security(IPSec) tunneling protocols to establish and manage the secure connection.Cisco VPN Client User Guide for Mac OS XOL-3138-021-1
Chapter 1Understanding the VPN ClientVPN Client FeaturesThe steps used to establish a VPN connection can include: Negotiating tunnel parameters (addresses, algorithms, lifetime) Establishing VPN tunnels according to the parameters. Authenticating users (from usernames, group names and passwords, and X.509 digital certificates.) Establishing user access rights (hours of access, connection time, allowed destinations, allowedprotocols) Managing security keys for encryption and decryption Authenticating, encrypting, and decrypting data through the tunnel.For example, to use a remote PC to read e-mail at your organization, the connection process might besimilar to the following:Step 1Connect to the Internet.Step 2Start the VPN Client.Step 3Establish a secure connection through the Internet to your organization’s private network.Step 4When you open your e-mail The Cisco VPN device– Uses IPSec to encrypt the e-mail message– Transmits the message through the tunnel to your VPN Client The VPN Client– Decrypts the message so you can read it on your remote PC– Uses IPSec to process and return the message to the private network through the Cisco VPNdevice.VPN Client FeaturesThe tables in the following sections describe the VPN Client features.Table 1-1 lists the VPN Client main features.Table 1-1VPN Client Main FeaturesFeaturesDescriptionOperating SystemMac OS Version 10.1.5 or laterConnection types async serial PPP Internet-attached Ethernet DSLNoteProtocolThe VPN Client for Mac OS X does not support Bluetoothwireless technology.IPCisco VPN Client User Guide for Mac OS X1-2OL-3138-02
Chapter 1Understanding the VPN ClientVPN Client FeaturesTable 1-1VPN Client Main Features (continued)FeaturesDescriptionTunnel protocolIPSecUser Authentication RADIUS RSA SecurID VPN server internal user list PKI digital certificates NT Domain (Windows NT)Program FeaturesThe VPN Client supports the Program features listed in Table 1-2.Table 1-2Program FeaturesProgram FeatureServers SupportedInterfaces supportedOnline HelpDescription Cisco IOS devices that support Easy VPN server functionality VPN 3000 Series Concentrators Cisco PIX Firewall Series, Version 6.2 or later Graphical user interface Command line interfaceComplete browser-based context-sensitive HelpNoteThe online help requires MS Internet Explorer.Local LAN accessThe ability to access resources on a local LAN while connectedthrough a secure gateway to a central-site VPN server (if the centralsite grants permission).Automatic VPN Clientconfiguration optionThe ability to import a configuration file.Event loggingThe VPN Client log collects events for viewing and analysis.NAT Transparency (NAT-T)Enables the VPN Client and the VPN device to automatically detectwhen to use IPSec over UDP to work properly in Port AddressTranslation (PAT) environments.Update of centrally controlledbackup server listThe VPN Client learns the backup VPN server list when theconnection is established. This feature is configured on the VPNdevice and pushed to the VPN Client. The backup servers for eachconnection entry are listed on the Backup Servers tab.Set MTU sizeThe VPN Client automatically sets a size that is optimal for yourenvironment. However, you can also set the MTU size manually. Forinformation on adjusting the MTU size, see the VPN ClientAdministrator Guide.Cisco VPN Client User Guide for Mac OS XOL-3138-021-3
Chapter 1Understanding the VPN ClientVPN Client FeaturesTable 1-2Program Features (continued)Program FeatureDescriptionSupport for Dynamic DNS(DDNS hostname population)The VPN Client sends its hostname to the VPN device when theconnection is established. If this occurs, the VPN device can sendthe hostname in a DHCP request. This causes the DNS server toupdate its database to include the new hostname and VPN Clientaddress.NotificationsSoftware update notifications from the VPN server uponconnection.Launching from notificationAbility to launch a location site containing upgrade software from aVPN server notification.Alerts (Delete with reason)The VPN Client provides you with a reason code or reason textwhen a disconnect occurs. The VPN Client supports the delete withreason function for client-initiated disconnects,concentrator-initiated disconnects, and IPSec deletes. If you are using a GUI VPN Client, a pop-up message appearsstating the reason for the disconnect, the message is appendedto the Notifications log, and is logged in the IPSec log (LogViewer window). If you are using a command-line client, the message appears onyour terminal and is logged in the IPSec log. For IPSec deletes, which do not tear down the connection, anevent message appears in the IPSec log file, but no messagepops up or appears on the terminal.NoteSingle-SAThe VPN concentrator you are connected to must berunning software version 4.0 or later.The ability to support a single security association (SA) per VPNconnection. Rather than creating a host-to-network SA pair for eachsplit-tunneling network, this feature provides a host-to-ALL approach,creating one tunnel for all appropriate network traffic apart fromwhether split-tunneling is in use.Authentication FeaturesThe VPN Client supports the authentication features listed in Table 1-3.Cisco VPN Client User Guide for Mac OS X1-4OL-3138-02
Chapter 1Understanding the VPN ClientVPN Client FeaturesTable 1-3Authentication FeaturesAuthentication FeatureUser authentication throughVPN central-site deviceDescription Internal through the VPN device’s database RADIUS (Remote Authentication Dial-In User Service) NT Domain (Windows NT) RSA (formerly SDI) SecurID or SoftIDCertificate ManagementAllows you to manage the certificates in the certificate stores.Certificate Authorities (CAs)CAs that support PKI SCEP enrollment.Peer Certificate DistinguishedName VerificationPrevents a VPN Client from connecting to an invalid gateway byusing a stolen but valid certificate and a hijacked IP address. If theattempt to verify the domain name of the peer certificate fails, theVPN Client connection also fails.IPSec FeaturesThe VPN Client supports the IPSec features listed in Table 1-4Table 1-4IPSec FeaturesIPSec FeatureDescriptionTunnel ProtocolIPSecTransparent tunneling IPSec over UDP for NAT and PAT IPSec over TCP for NAT and PATKey Management protocolInternet Key Exchange (IKE)IKE KeepalivesA tool for monitoring the continued presence of a peer and reportthe VPN Client’s continued presence to the peer. This lets the VPNClient notify you when the peer is no longer present. Another typeof keepalives keeps NAT ports alive.Split tunnelingThe ability to simultaneously direct packets over the Internet inclear text and encrypted through an IPSec tunnel. The VPN devicesupplies a list of networks to the VPN Client for tunneled traffic.You enable split tunneling on the VPN Client and configure thenetwork list on the VPN device.Support for Split DNSThe ability to direct DNS packets in clear text over the Internet todomains served through an external DNS (serving your ISP) orthrough an IPSec tunnel to domains served by the corporate DNS.The VPN server supplies a list of domains to the VPN Client fortunneling packets to destinations in the private network. Forexample, a query for a packet destined for corporate.com would gothrough the tunnel to the DNS that serves the private network, whilea query for a packet destined for myfavoritesearch.com would behandled by the ISP's DNS. This feature is configured on the VPNserver (VPN concentrator) and enabled on the VPN Client bydefault. To use Split DNS, you must also have split tunnelingconfigured.Cisco VPN Client User Guide for Mac OS XOL-3138-021-5
Chapter 1Understanding the VPN ClientVPN Client FeaturesVPN Client IPSec AttributesThe VPN Client supports the IPSec attributes listed in Table 1-5.Table 1-5IPSec AttributesIPSec AttributeDescriptionMain Mode and AggressiveModeWays to negotiate phase one of establis
The following is a list of user guides and other documentation related to the VPN Client for Mac OSX and the VPN devices that provide the connection to the private network. Release Notes for the Cisco VPN Client, Release 4.0 Cisco VPN Client Administrator Guide, Release 4.0 Cisco VPN 3000 Series Concentrator Getting Started Guide .
Cisco ASA 5505 Cisco ASA 5505SP Cisco ASA 5510 Cisco ASA 5510SP Cisco ASA 5520 Cisco ASA 5520 VPN Cisco ASA 5540 Cisco ASA 5540 VPN Premium Cisco ASA 5540 VPN Cisco ASA 5550 Cisco ASA 5580-20 Cisco ASA 5580-40 Cisco ASA 5585-X Cisco ASA w/ AIP-SSM Cisco ASA w/ CSC-SSM Cisco C7600 Ser
SSL VPN Client for Windows/Mac OS ZyWALL 110 VPN Firewall ZyWALL 1100 VPN Firewall USG20W-VPN VPN Firewall ZyWALL 310 VPN Firewall. Datasheet ZyWALL 110/310/1100 and USG20(W)-VPN 5 Model ZyWALL 110 ZyWALL 310 ZyWALL 1100 USG20-VPN USG20W-VPN Prod
The Cisco VPN Client supports Windows 98, ME, NT 4.0, 2000, and XP; Linux (Intel); Solaris (UltraSparc 32- and 64-bit); and Mac OS X, 10.2, 10.3, and 10.4. The Cisco VPN Client is compatible . imported profile in the Cisco Systems\VPN Client\Profiles directory. You are now ready to use the Cisco VPN Client.
Contents vi VPN Client Administrator Guide OL-5492-01 CHAPTER 7 Customizing the VPN Client Software 7-1 Customizing the VPN Client GUI for Windows 7-2 Areas Affected by Customizing the VPN Client 7-2 Installation Bitmap 7-2 Program Menu Titles and Text 7-3 VPN Client 7-4 Setup Bitmap—setup.bmp 7-5 Creating the oem.ini File 7-5 Sample oem.ini File 7
VPN Passthrough: having the device installed as an intermediate part of a secure VPN, requires additional VPN gateway. Remote User VPN Site-to-Site VPN Termination PPTP Termination ( refer to page 15) Peplink Site-to-Site VPN ( refer to page 10) . t Requirement System Requirement for Site-to-Site VPN Configuration When configuring a VPN .
The VPN Client for Mac OS X now supports the Intel processor for Mac OS X. This VPN Client release for Mac OS X supports only OS X 10.4 and 10.5 on both PPC and Intel processors. It does not support earlier and later releases. API for Cisco VPN Client The Cisco VPN Client offers an application programming interface (API). The software, sample
Dec 22, 2015 · Cisco ISR G2, ISR-800 and CGR 2010 Security Target 8 TOE Hardware Models ISR G2 (ISM-VPN-19, ISM-VPN-29, ISM-VPN-39) - Cisco 1905 ISR Cisco 1921 ISR Cisco 1941 ISR Cisco 1941W ISR Cisco 2901 ISR Cisco 2911 ISR Cisco 2921 ISR Cisco 2951 ISR Cisco 3925 ISR
Jazz Piano, ABRSM Publishing: Level 1, Level 2, Level 3, Level 4, Level 5 Jazz Piano from Scratch, Dr. Charles Beale Shelton Berg: Jazz Improv: Goal-Note (Book/Cd), Shelton Berg Bill Boyd: Jazz Keyboard Basics, Bill Boyd An Introduction To Jazz Chord Voicing For Keyboard, Bill Boyd Intermediate Jazz Chord Voicing For Keyboard, Bill Boyd Exploring Traditional Scales And Chords For Jazz Keyboard .
