Cisco Systems OL-5490-01 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Cisco Systems OL-5490-01, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Cisco Systems OL-5490-01 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Cisco Systems OL-5490-01. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Cisco Systems OL-5490-01 should contain:
- informations concerning technical data of Cisco Systems OL-5490-01
- name of the manufacturer and a year of construction of the Cisco Systems OL-5490-01 item
- rules of operation, control and maintenance of the Cisco Systems OL-5490-01 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Cisco Systems OL-5490-01 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Cisco Systems OL-5490-01, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Cisco Systems service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Cisco Systems OL-5490-01.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Cisco Systems OL-5490-01 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Corporate Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 526-4100 VPN Client User Guide f or Mac OS X Re lease 4.6 August 2004 Customer Order Number: Text Part Number: OL -5490-01[...]

  • Page 2

    THE SPECIFICATION S AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITH OUT NOTICE. ALL STATEMENTS , INFORMATION, AND RECOMMENDATI ONS IN THI S MANUAL ARE BE LIEVED TO BE A CCURATE BUT ARE PRESENTED WI THOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED. USERS MUST TAKE FULL RESPO NSIBILITY FOR THEIR APPLICATION OF ANY PRO[...]

  • Page 3

    iii VPN Client User Guide for Mac OS X OL-5490-01 CONTENTS About This Guide vii Audience vii Contents vii Related Documentation viii Terminology viii Document Conventions viii Data Formats ix Obtaining Documentation ix Cisco.com ix Documentation CD-ROM ix Ordering Documentation x Documentation Feedback x Obtaining Technical Assistance x Cisco.com x[...]

  • Page 4

    Contents iv VPN Client User Guide for M ac OS X OL-5490-01 Preconfiguring the User P rofile 2-3 Preconfiguring the Global Profile 2-3 Bundling a Root Certificate with the Installa tion Package for Darwin 2-4 Installing the VPN Client 2-4 Authentication 2-4 VPN Client Installation Process 2-6 Introduction 2-6 Accepting the Licens e Agreement 2-7 Sel[...]

  • Page 5

    Contents v VPN Client User Guide for Mac OS X OL-5490-01 Mutual Group Authentica tion 4-4 Certificate Authentication 4-4 Transport Parameters 4-6 Enable Transport Tunneling 4-7 Transparent Tunneling Mod e 4-7 Allow Local LAN Access 4-7 Peer Response Tim eout 4-8 Backup Servers 4-8 CHAPTER 5 Establishing a VPN C onnection 5-1 Checking Prerequ isites[...]

  • Page 6

    Contents vi VPN Client User Guide for M ac OS X OL-5490-01 CHAPTER 7 Managing the VPN Client 7-1 Managing Connection Entries 7-1 Importing a Connection Entry 7-1 Modifying a Con nection Entry 7-2 Deleting a Connection Entry 7-3 Event Logging 7-4 Enable Logging 7-4 Clear Logging 7-5 Set Logging Options 7-5 Opening the Log Window 7-7 Viewing Statisti[...]

  • Page 7

    vii VPN Client User Guide for Mac OS X OL-5490-01 About This Guide This VPN Client User G uide describes ho w to insta ll, use, and manage the Cisco VPN Client for the Macintosh op erating system, V ersion 10.2 or later . Y ou can manage the VPN Client for Mac OS X from the graphical user interface or from the command-line interface. The VPN Client[...]

  • Page 8

    viii VPN Client User Guide for M ac OS X OL-5490-01 About This Guide Related Documentation • Chapter 7, “Managing the VPN Client.” Thi s chapter descri bes how to manage VPN Clie nt connections, use the ev ent log, and vie w tunnel details, including packet and routing data. Related Documentation The follo wing is a list of user gui des and o[...]

  • Page 9

    ix VPN Client User Guide for Mac OS X OL-5490-01 About This Guide Obtaining Documentation Caution Means reader be careful. Caution s alert you to act ions or conditions that co uld result in equipment damage or loss of data. Data Formats When you conf igure the VPN Client, ent er data in these formats unl ess the instructions indicate otherwise. ?[...]

  • Page 10

    x VPN Client User Guide for M ac OS X OL-5490-01 About This Guide Obtaining Technica l Assistance Ordering Documentation Y ou can find instru ctions for ordering documen tation at this URL: http://www .cisco.com/u ni vercd/cc/td/ doc/es_inpck/pdi.htm Y ou can order Cisco documen tation in these ways: • Registered Cisco.com users (Cisco direct cus[...]

  • Page 11

    xi VPN Client User Guide for Mac OS X OL-5490-01 About This Guide Obtaining Technical Assistance • Download and test software packages • Order Cisco learning materials and merchandise • Register for online skill assessment, trai ning, and certif ication programs T o obtain customized informatio n and service, you can self-register on Cisco.co[...]

  • Page 12

    xii VPN Client User Guide for M ac OS X OL-5490-01 About This Guide Obtaining Additional Publ ications and Information Cisco TAC Escalation Center The Cisco T A C Escalation Center addresses priority le v el 1 or priority le v el 2 issues. These classifications are assigned when se vere network de gradation signif icantly i mpacts bu siness operati[...]

  • Page 13

    CH A P T E R 1-1 VPN Client User Guide for Mac OS X OL-5490-01 1 Understanding the VPN Client The Cisco VPN Client for Mac OS X is a softw are application that runs on any Maci ntosh computer using operating system V ersion 10.2 or later . The VPN Client on a remote PC, communicating w ith a Cisco VPN de vice on an enterprise network or with a serv[...]

  • Page 14

    1-2 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 1 Understan ding the VPN Client VPN Client Overview VPN Client Overview The VPN Client works with a Cisco V PN de vice to cr eate a secure connection, called a tunnel, between your computer and a p riv ate networ k. It uses Internet K ey Exchange (IKE) and In ternet Protocol Security (IPSec[...]

  • Page 15

    1-3 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 1 Unde rstanding the VPN Client VPN Client Features VPN Client Features The tables in the following sections describe the VPN Client features. Ta b l e 1 - 1 lists the VPN Client mai n features. Program Features The VPN Client supports the Program featur es listed in Ta b l e 1 - 2 . T able [...]

  • Page 16

    1-4 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 1 Understan ding the VPN Client VPN Client Features Automatic VPN Client config uration option The ability to import a conf igurati on fil e. Event lo gging The VPN Client log collects e v ents for vie wing and anal ysis. N A T T ransparency (NA T -T) Enables the VPN Client and the VPN devi[...]

  • Page 17

    1-5 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 1 Unde rstanding the VPN Client VPN Client Features Authentication Features The VPN Client supports the authenti cation features listed in Ta b l e 1 - 3 . IPSec Features The VPN Client supports the IPSec features listed in Ta b l e 1 - 4 Co n ne c t on op en This feature lets a user conn ec[...]

  • Page 18

    1-6 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 1 Understan ding the VPN Client VPN Client Features VPN Client IPSec Attributes The VPN Client supports the IPSec attri butes list ed in Ta b l e 1 - 5 . Split tunneling The ability to simult aneously direct pack ets o ver the Int ernet in clear text and enc rypted thro ugh an IPSec tu nnel[...]

  • Page 19

    1-7 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 1 Unde rstanding the VPN Client VPN Client Features Extended Authentication (XA UTH) The capability of authenti cating a user within IKE. Thi s authentication is i n addition to the normal IKE phase 1 authentication, where the IPSec de vices authenticate each other . The extended authen tica[...]

  • Page 20

    1-8 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 1 Understan ding the VPN Client VPN Client Features[...]

  • Page 21

    CH A P T E R 2-1 VPN Client User Guide for Mac OS X OL-5490-01 2 Installing the VPN Client This chapter describes ho w to install the VPN Client for Mac OS X. Verifying System Requirements The VPN Client for Mac OS X runs on any Po wer Macintosh or compati ble computer with the Macintosh operating system V ersions 10.2 or later and 30 MB of hard di[...]

  • Page 22

    2-2 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 2 Insta lling the VPN Client Obtaining the VPN Client Software Obtaining the VPN Client Software The VPN Client software is a v ailable from the Cisco website an d comes as a disk image f il e (vpnclient-<v ersion>-GUI.k9.dmg). Only system admini strators ca n obtain and distrib ute t[...]

  • Page 23

    2-3 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 2 Installing the VPN Client Preconfiguring the VPN Client Figur e 2-2 VPN Client Installer Dir ect ory Preconfiguring the User Profile The VPN Client uses parameters that must be unique ly configured for each re mote user of the priv ate network. T ogether these parameters make up a user pr [...]

  • Page 24

    2-4 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 2 Insta lling the VPN Client Bundling a Root Certificate with th e Installation Pa ckage for Darwin Bundling a Root Certificate with the Installation Package for Darwin T o use mutual authenticati on, the VPN Client computer must hav e a root certif icate install ed. Y ou can bundle a roo t[...]

  • Page 25

    2-5 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 2 Installing the VPN Client Installing the VPN Client Figure 2-3 A uthorization Window Step 2 Click the lock to authen ticate your passwor d. The Authenticate dialog box appears ( Figure 2-4 ). Figur e 2-4 A uthenticat e Dialog Bo x Step 3 Enter your administ rator username an d a password o[...]

  • Page 26

    2-6 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 2 Insta lling the VPN Client Installing the VPN Client VPN Client Installation Process Y ou must complete all steps in the VPN Client inst allation pr ocess before you can use the VPN Client software. At any time durin g the installation process, you can go back to a pre vious step and adju[...]

  • Page 27

    2-7 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 2 Installing the VPN Client Installing the VPN Client Accepting the License Agreement Y ou are re quired to read and acce pt the Cisco softwa re license agreement before you can continue with the installation process ( See Figure 2-6 ). Figure 2-6 Cisco Licence Agr eement Before you accept t[...]

  • Page 28

    2-8 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 2 Insta lling the VPN Client Installing the VPN Client Figur e 2-7 Select Destination Window Click Continue . The VPN Client is installed in the Applications di rectory . Choosing the Installation Type The default in stallation process installs the f ollowing packages with the VPN Client ap[...]

  • Page 29

    2-9 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 2 Installing the VPN Client Installing the VPN Client Figure 2-8 Easy Install Window T o choose which pack ages to install, click Customize to o pen the Custom Install windo w ( Figure 2-9 ). Figur e 2-9 C ustom Install Windo w The packages with the blue check box are optional. T o ma ke a p[...]

  • Page 30

    2-10 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 2 Insta lling the VPN Client Installing the VPN Client Click Easy Install to return to the def ault installation p ackages, or Install to cont inue with a custom installati on. A progress bar lists the installa tion steps as they occur ( Figure 2-10 ). Figur e 2-1 0 Install Sof twar e Pr o[...]

  • Page 31

    2-11 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 2 Installing the VPN Client Installing the VPN Client Figur e 2-1 1 Successful Installa tion Confir mation Window Click Close . If you do not receiv e this conf irmation, the installation was not successful . Y ou must start the installation process again from the beginning or contact your [...]

  • Page 32

    2-12 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 2 Insta lling the VPN Client Uninstalling the VPN Client Figur e 2-12 Location of VPN Client Application CLI Version Install Script Notes The VPN Client in staller includes both t he graphica l user interf ace and the command-line v ersion of the VPN Client for Mac OS X. Y ou can choo se t[...]

  • Page 33

    2-13 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 2 Installing the VPN Client Uninstalling the VPN Client Note W e recommend that you uninstall an y pre vious v ers ion of the VPN Client for Mac OS X before you install a new version. The VPN Client uninstall scr ipt uninstalls an y pre vious command-line o r GUI version o f the VPN Client [...]

  • Page 34

    2-14 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 2 Insta lling the VPN Client Uninstalling the VPN Client[...]

  • Page 35

    CH A P T E R 3-1 VPN Client User Guide for Mac OS X OL-5490-01 3 Navigating the User Interface This chapter describes the main VPN Client windo w and the t ools, tabs, menus and icons for na vigating the user interface. VPN Client Menu Use the VPN Client menu ( Figure 3-1 ) to manage the VPN Client appl ication and main win dow setti ngs. Figur e 3[...]

  • Page 36

    3-2 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 3 N avigating the User Interface Choosing a Run Mo de – Sav e windo w settings—Sa v es changes to the VPN Client windo w . For e xample, you can sa ve the windo w size; the windo w position; the sel ected tab; and the vie w (simple or adv anced mode). – Minimize upon connect—Places [...]

  • Page 37

    3-3 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 3 Naviga ting the User Interface Operating in Simple Mode Figur e 3-3 VPN Client Window—Simp le Mode The main VPN Client windo w sho ws only the v ersion information, t he default connection ent ry , the connect b utton, and the stat us bar . Main Menus—Simple Mode This section descr ibe[...]

  • Page 38

    3-4 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 3 N avigating the User Interface Operating in Advanc ed Mode Operating in Advanced Mode Use Adv anced mode to manage the VPN Client; conf ig ure connection ent ries; manage certificates; vie w and manage e vent lo gging; and vie w tunnel statistics an d routing data. VPN Client Window—Adv[...]

  • Page 39

    3-5 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 3 Naviga ting the User Interface Operating in Advanced Mode Toolbar Action Buttons—Advanced Mode The action b uttons at the top o f the VPN Client windo w v ary dependin g on which tab is forw ard. For e xample, if the Connections tab is forw ard, the Connect, Ne w , Import, Modify , and D[...]

  • Page 40

    3-6 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 3 N avigating the User Interface Operating in Advanc ed Mode Main Menus—Advanced Mode The follo wing sections describe t he main VPN Client menus, located at the top of your screen, when the VPN Client applicat ion is running in adv anced mod e and acti ve on you r desktop. Connection Ent[...]

  • Page 41

    3-7 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 3 Naviga ting the User Interface Operating in Advanced Mode Status Menu Use the Status menu ( Figu re 3-10 ) to display the tunnel and route statistics or to vie w notif ications from the VPN device. Figur e 3-1 0 Status Menu • Statistics—Open the Statist ics window to view tunnel detail[...]

  • Page 42

    3-8 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 3 N avigating the User Interface Operating in Advanc ed Mode • Retry Certif icate Enrollment—Retry a pre viously st arted certificate enro llment. • Sho w or Hide CA/RA Certificates—This menu option toggles to Sho w or Hide root certif icates issued b y either a Certifi cate Authori[...]

  • Page 43

    3-9 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 3 Naviga ting the User Interface Operating in Advanced Mode Connection Entries Tab Right-Click Menu Figure 3-14 sh ows the ri ght-click menu options a v ailable when the Connecti on Entries tab is selected. Figur e 3-14 Connection En tr ies Right-Clic k Menu • Connect—Establish a VPN co [...]

  • Page 44

    3-10 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 3 N avigating the User Interface Operating in Advanc ed Mode Certificates Tab Right-Click Menu Figure 3-15 sh ows the ri ght-click menu options a v ailable when the Cert ificates t ab is forward. Figur e 3-15 Cer tificates T ab Right-Clic k Menu • V iew—V iew the properties of the sele[...]

  • Page 45

    CH A P T E R 4-1 VPN Client User Guide for Mac OS X OL-5490-01 4 Configuring Connection Entries A connection entry is a set of parame ters that th e VPN Clien t uses to identify and connect to a specific pri v ate network. Connection entry parameters incl ude a name and description for the connection, the na me or address of the VPN de vice (the re[...]

  • Page 46

    4-2 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 4 Con figuring Connection Entries Creating a Connection Entry T o create a connection entry: Step 1 Open the VPN Client applicatio n. The VPN Client wi ndo w appears ( Figure 4-1 ). Figur e 4-1 VPN Client Window . Step 2 Click the Connection Entri es tab . Step 3 Click New at the top of the[...]

  • Page 47

    4-3 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 4 Configuring Connection Entries Authentication Method s Step 4 Enter a unique connecti on entry name. Y ou can use any name to identify this connection. This name can contain spaces, and it is not case-sensitiv e. Step 5 Enter a descripti on of this connection. This f ield is optional, b ut[...]

  • Page 48

    4-4 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 4 Con figuring Connection Entries Authentication Method s Figur e 4-3 Gr oup A uthentication Step 2 Enter the name of the IPSec group you belo ng to. Step 3 Enter the password fo r your IPSec group. The f ield displays only aster isks. Step 4 Confir m the password b y entering it again. Ste[...]

  • Page 49

    4-5 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 4 Configuring Connection Entries Authentication Method s Figur e 4-4 Certificat e A uthentication Step 2 Select a certif icate from the Name drop -do wn menu. If the Name f ield displays N o Certificat es Installed, you must f irst enroll or imp ort a certifi cate before you can use this fea[...]

  • Page 50

    4-6 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 4 Con figuring Connection Entries Transport Parameters Transport Parameters This section descri bes transport parameters you can conf igure f or a connection entry . The transport parameters incl ude: • Enable T ransport T unneling, page 4-7 • T ransparent T unneling Mode, page 4-7 • [...]

  • Page 51

    4-7 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 4 Configuring Connection Entries Transport Parameters Enable Transport Tunneling T ransparent tunneling allows secure tr ansmission be tween the VPN Client an d a secure gateway through a router serving as a fire wall. The router might al so be conf igured for Netw ork Address T ranslation ([...]

  • Page 52

    4-8 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 4 Con figuring Connection Entries Backup Servers • When this parameter is disabled, all traf fic from your client system goes through the IPSec connection to the secure gatew ay . If the local LAN you are using is not secure, you should no t enable local LAN access. For e xample, do not e[...]

  • Page 53

    4-9 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 4 Configuring Connection Entries Backup Servers Figure 4-6 Backup Servers T ab Step 5 Check the Enable Backup Servers check box . This parameter is not enabled b y default. The l ist of av ailabl e backup servers is displayed. Backup serv ers are used in the order presented in the list. Step[...]

  • Page 54

    4-10 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 4 Con figuring Connection Entries Backup Servers Step 3 Click OK . The backup server is added to th e list of a vailable backup serv ers. T o remov e a backup se rver , return to the Backup Server tab, select a serv er from the list, and click Rem ove .[...]

  • Page 55

    CH A P T E R 5-1 VPN Client User Guide for Mac OS X OL-5490-01 5 Establishing a VPN Connection This chapter descr ibes how to esta blish a VPN con nection with a pri v ate netw ork using the VPN Cl ient and the user authentication metho ds supported by t he VPN devi ce that is pro viding your connection. Checking Prerequisites Before you can establ[...]

  • Page 56

    5-2 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 5 E stablishing a VPN Connectio n Establishing a Connection Figur e 5-1 VPN Client Icon The main VPN Client windo w appears. Figure 5-2 sho ws the VPN Client windo w in simpl e mode. Figur e 5-2 VPN Client Window—Simp le Mode Figure 5-3 sho ws the VPN Client windo w in adv anced mode. Fig[...]

  • Page 57

    5-3 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 5 Estab lishing a VPN Connection Choosing Authenti ca tion Methods The status bar at the bottom of th e main VPN Client window displays your conne ction status. When connected, t he left side of the status b ar indicates the connection entry name and the r ight side displays the amount of ti[...]

  • Page 58

    5-4 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 5 E stablishing a VPN Connectio n Choosing Authentication Methods Figure 5-4 Shared Ke y A uthentication Enter your U sername and Password and clic k OK . VPN Group Name and Password Authentication The VPN group login method uses your VPN gro up name and password for authentication ( Figure[...]

  • Page 59

    5-5 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 5 Estab lishing a VPN Connection Choosing Authenti ca tion Methods Figur e 5-6 User Authentication f or RADIUS Enter your username and passw ord and click OK . Check the Sa ve Password check box if you do not want to be prompted for your RADIUS passw ord each time you start a VPN session u s[...]

  • Page 60

    5-6 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 5 E stablishing a VPN Connectio n Using Digital Certificates Figur e 5-7 Use r A uthentica ti on for R SA SecurID Enter your username and RSA SecurID passcode and click OK . Using Digital Certificates The VPN Client works with Cer tificate Autho rities (CAs) that support SCEP , manual enrol[...]

  • Page 61

    CH A P T E R 6-1 VPN Client User Guide for Mac OS X OL-5490-01 6 Enrolling and Managing Certificates This chapter describes h ow t o enroll and manage d igi tal certif icates for the VPN Client for Mac OS X, specifical ly ho w to perform the follo wing tasks: • Obtain personal certif icates th rough enrollment with a cer tificate au thority (CA),[...]

  • Page 62

    6-2 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 6 Enrolling and Mana ging Certificates Enrolling Certificates Figur e 6-1 Certificat e Stor e For each cert ificat e, the follo wing information is listed: • Certif icate—The name of the certif icate. • Store—The certificate store wher e this certif icate resides. If you enroll a ce[...]

  • Page 63

    6-3 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 6 Enrolling and Managing Certific ates Enrolling Certificates Figur e 6-2 Online Certificate Enr ollment Step 4 Enter the enrollment parameters. • For onli ne enrollment enter: – Certif icate Authority—The Common name or the Subject name of the CA Certificate. Th is drop-do wn list con[...]

  • Page 64

    6-4 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 6 Enrolling and Mana ging Certificates Enrolling Certificates Step 5 Click Next to continue wit h certificate enrollment . The Certificat e Enrollment dialog box appears ( Figure 6-3 ). Figur e 6-3 Certificat e Enrollment Step 6 Enter the remaining certif icate enrollment parameters. Al l f[...]

  • Page 65

    6-5 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 6 Enrolling and Managing Certific ates Enrolling Certificates The certif icate enrollment is listed in the certif icate store as a re q u e s t . T o resume a certificate enrollment request, right- click and choose Resume Certif icate Enrollment . Altern ately , you can resume an enrollment [...]

  • Page 66

    6-6 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 6 Enrolling and Mana ging Certificates Enrolling Certificates Step 3 Enter the passwor d in the Pa ssword f ield (if there is one) and click OK . The VPN Client ver ifies the passw ord. If the password is correct, the VPN Client deletes the request. Changing the Password on an Enrollment Re[...]

  • Page 67

    6-7 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 6 Enrolling and Managing Certific ates Importing a Certificate Importing a Certificate A network administrat or might place a certif icate in a f ile. This certificate must be imported in to the certificate store before you can use it for au thenticating the VPN Cl ient to a VPN device. T o [...]

  • Page 68

    6-8 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 6 Enrolling and Mana ging Certificates Viewing a Certificate Figur e 6-7 Certificat e Proper ties A typical d igital cer tificate cont ains the follo wing informat ion: • Common name—The name of the o wner , usually both the f irst and l ast names. Th is field identifies the o wner with[...]

  • Page 69

    6-9 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 6 Enrolling and Managing Certific ates Exporting a Certificate – state or province ( st) – country ( c) – e-mail address ( e) Other items might be included in the Subject, dep ending on the certif icate. • Issuer—The fully qualif ied distinguished na me (FQDN) of the source that pr[...]

  • Page 70

    6-10 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 6 Enrolling and Mana ging Certificates Deleting a Certificate Figure 6-9 Successful Export Prompt Step 9 Click OK to return to the VPN Client windo w . Deleting a Certificate Y ou can delete an y certif icat e from your cert ifi cat e store. Y ou must provid e a password to delete an enrol[...]

  • Page 71

    6-11 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 6 Enrolling and Managing Certific ates Verifying a Certificate Step 3 Click Delete at the t op of the VPN Client wi ndow . The Certif icate Pa ssword dialog b ox appears ( Figure 6-11 ). Figure 6-1 1 P asswor d Prompt f or Deleting Enrollment Cer tificates. Step 4 Enter the Certif icate Pas[...]

  • Page 72

    6-12 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 6 Enrolling and Mana ging Certificates Changing the Password on a Personal Certificate Changing the Password on a Personal Certificate T o vie w personal (root) certif icates issued by either a Certi ficate Authorit y (CA) or a Regist ration Authority (RA), use the Show/Hi de CA/RA Certif [...]

  • Page 73

    CH A P T E R 7-1 VPN Client User Guide for Mac OS X OL-5490-01 7 Managing the VPN Client This chapter describes ho w to manage connection ent ries, and vie w and manage the e vent logg ing. Managing Connection Entries The follo wing sections descr ibe the operations used t o manage connection entries. This in cludes ho w to import, modify , and del[...]

  • Page 74

    7-2 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 7 Mana ging the VPN Client Managing Connection En tries Figur e 7 -1 Import VPN Connection Step 3 Locate the connection entry to impor t. A v alid connectio n entry conf iguration f ile must ha ve a .pcf extension. Step 4 Click Open . The connection ent ry is added to the list of a v ailabl[...]

  • Page 75

    7-3 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 7 Managing the VPN Client Managing Connectio n Entries Figure 7 -2 Connectio n Entry Settings The existi ng configu ration for this conn ection entry is displayed. Step 4 Make adjustments to th is co nnection entry configuration. Step 5 Click Sav e . The VPN Client Prop erties dialog box clo[...]

  • Page 76

    7-4 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 7 Mana ging the VPN Client Event Logging Figure 7 -3 Confirm Delet e Caution Y ou cannot retrie ve a co nnection entry that has been deleted. Step 4 Click Delete to delete this connect ion entry . The connection entry is removed from the prof iles directory and you are returned to the Conne[...]

  • Page 77

    7-5 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 7 Managing the VPN Client Event Logging Figur e 7 -4 Event Log Every VPN sessi on contains at least one log entry , the connection history . T o disable logging, cli ck the Disable button at the to p of the VP N Client win dow . Clear Logging T o clear the ev ent messages from the logging wi[...]

  • Page 78

    7-6 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 7 Mana ging the VPN Client Event Logging Figur e 7 -5 Log Set tings Ta b l e 7 - 1 describes the log classes that ge nerate events in the VPN Cl ient log viewer . T able 7 -1 VPN Client Logging Cl asses Log Class Description Module [LOG.IKE] Internet K ey Excha nge module, which manages sec[...]

  • Page 79

    7-7 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 7 Managing the VPN Client Event Logging Step 3 Select the logging le v el for each module that uses log ging services. The logging le v els allo w you to choose the amount of informat ion you want to capture. Figu re 7-6 show s the logging le vels. Figur e 7 -6 Logging Lev els There are four[...]

  • Page 80

    7-8 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 7 Mana ging the VPN Client Viewing Statistics Figur e 7 -7 Log Windo w The follo wing b uttons allo w you to manage the inf ormation in the Log W ind ow: • Sa ve the data in the e v ent log to a f ile. Note The VPN Client sav es the information to the Cli ent install directory . The defau[...]

  • Page 81

    7-9 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 7 Managing the VPN Client Viewing Statistics • Split tunneling • N A T transparency T o view VPN session statistics, choose Statistics from the Status menu. The Statistics windo w has two t abs, T unnel Deta ils and Route Details. The T unnel Details t ab lists information abo ut the VPN[...]

  • Page 82

    7-10 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 7 Mana ging the VPN Client Viewing Statistics Route Details The Route Details tab displays the routes that VPN tr aff ic tak es into the netw ork, which can be eith er Local LAN routes or secured routes. • Local LAN routes are excluded from the secure VPN tunnel. • Secured routes are r[...]

  • Page 83

    7-11 VPN Client User Guide for Mac OS X OL-5490-01 Chapter 7 Managing the VPN Client Viewing Statistics Figur e 7 -9 Statistics Window—R oute Details For each lo cal LAN or secured route, the follo wing informatio n is listed: • Network—The IP address of the VPN de vice providin g the route to the network. • Subnet Mask—The subnet mask ap[...]

  • Page 84

    7-12 VPN Client User Guide for M ac OS X OL-5490-01 Chapter 7 Mana ging the VPN Client Viewing Statistics F i g u r e 7- 10 N o t i f i c a t i o n s W i n d o w The top pane of the Notif ications win dow l ists the title of each stored notificat ion. The bottom pane displays the notif ication message a ssociated with the selected title. All notif [...]

  • Page 85

    IN-1 VPN Client User Guide for Mac OS X OL-5490-01 INDEX A administrator password 2-4 advanced mo de buttons 3-5 menus 3-6 tabs 3-5 window 3-4 AES (Advanced Encryption Standard) 1-6 aggressive mode 1-6 algorithms data compr ession 1-7 encryption 1-6 in VPN client 1-2 application binaries 2-8 applications directory 2-8 authentication algorithms 1-6 [...]

  • Page 86

    Index IN-2 VPN Client User Guide for Ma c OS X OL-5490-01 management 6-1 new password 6-3 online enrollment 6-2 password 5-6, 6-7 peer 1-5 properties 6-8 resume enrollment 3-8 store 6-1 validity 3-7 verifying 6-11 viewing 6-7 view properties 3-7 X.509 1-6 certificate chain 6-9 certificates menu 3-7 certificates tab 3-5 challenge password, certifica[...]

  • Page 87

    Index IN-3 VPN Client User Guide for Mac OS X OL-5490-01 directory, applications 2-8 disable logging 3-8 disconnect client 3-3, 3-9 disk drive 2-7 disk space 2-1 DNS, split 1-6 documentation conventions viii obtaining ix related viii domains 1-6 DPD adjusting peer time out 4-8 keep alive mechanism DSL 1-1 duplicate funct ion 3-9 E easy install 2-9 [...]

  • Page 88

    Index IN-4 VPN Client User Guide for Ma c OS X OL-5490-01 I icon for installer 2-2 identity certificate 4-3 IKE (Internet Key Exchange) 1-2, 7-6 IKE keepalives 1-5 image file 2-2 import certificate 6-7 connection entry 7-1 password 6-7 installati on authentication 2-4 customize 2-9 default 2-9 process 2-6 requirements 2-1 successful 2-11 installati[...]

  • Page 89

    Index IN-5 VPN Client User Guide for Mac OS X OL-5490-01 main tabs certificates 3-5 connection entries 3-5 log 3-5 main VPN Client window 3-4, 5-2 managing certificates 6-1 connection entries 7-1 MD5 (Message Digest 5) 1-6 menus certificates 3-7 connection entries 3-6 log 3-8 main 3-6 right-click 3-8 status 3-7 minimize client window 3-2 mode advan[...]

  • Page 90

    Index IN-6 VPN Client User Guide for Ma c OS X OL-5490-01 PKI (Public Key Infrastructure) 1-3, 4-4 platform 3-1 POTS 1-1 preconfigurati on tasks 2-2 preconfigured fil es 2-2 preconfigured keys 2-1 preferen ces, client wi ndow 3-1 prerequisites installati on 2-1, 2-6 passwords 2-1 RSA PIN 5-1 VPN connection 5-1 preshared k eys 4-1 private netw ork 2[...]

  • Page 91

    Index IN-7 VPN Client User Guide for Mac OS X OL-5490-01 terms, license agreement 2-7 toggle command 3-2 tooltips, enab ling 3-2 transparent tunneling 1-5, 4-7 transport parameters 4-6 tunnelin g 4-7 Triple-DES (Data Encryption Standard) 1-6 tunnelin g encapsulation mode 1-7 protocol 1-3 split 1-6 transparent 4-7 tunnel routin g data 3-2 tunnel sta[...]

  • Page 92

    Index IN-8 VPN Client User Guide for Ma c OS X OL-5490-01[...]