1-5
VPN Client User Guide for Mac OS X
OL-5490-01
Chapter 1 Understanding the VPN Client
VPN Client Features
Authentication Features
The VPN Client supports the authentication features listed in
Table 1-3
.
IPSec Features
The VPN Client supports the IPSec features listed in
Table 1-4
Connect on open
This feature lets a user connect to the default user profile when starting
the VPN Client. You can enable this feature on the Preferences menu
under the VPN Client tab.
VPN Client API
VPN Client provides an application programming interface for
performing VPN Client tasks without using the command-line or
graphical interfaces that Cisco provides. This API comes with a user
guide for programmers, which is in a format that can be edited.
Table 1-2
Program Features (continued)
Program Feature
Description
Table 1-3
Authentication Features
Authentication Feature
Description
User authentication through
VPN central-site device
•
Internal through the VPN device’s database
•
RADIUS (Remote Authentication Dial-In User Service)
•
NT Domain (Windows NT)
•
RSA (formerly SDI) SecurID or SoftID
Certificate Management
Allows you to manage the certificates in the certificate stores.
Certificate Authorities (CAs)
CAs that support PKI SCEP enrollment.
Peer Certificate Distinguished
Name Verification
Prevents a VPN Client from connecting to an invalid gateway by
using a stolen but valid certificate and a hijacked IP address. If the
attempt to verify the domain name of the peer certificate fails, the
VPN Client connection also fails.
Table 1-4
IPSec Features
IPSec Feature
Description
Tunnel Protocol
IPSec
Transparent tunneling
•
IPSec over UDP for NAT and PAT
•
IPSec over TCP for NAT and PAT
Key Management protocol
Internet Key Exchange (IKE)
IKE Keepalives
A tool for monitoring the continued presence of a peer and report
the VPN Client’s continued presence to the peer. This lets the VPN
Client notify you when the peer is no longer present. Another type
of keepalives keeps NAT ports alive.