Cisco Systems OL-5490-01 Manuale Utente
1-6
VPN Client User Guide for Mac OS X
OL-5490-01
Chapter 1 Understanding the VPN Client
VPN Client Features
VPN Client IPSec Attributes
The VPN Client supports the IPSec attributes listed in
.
Split tunneling
The ability to simultaneously direct packets over the Internet in
clear text and encrypted through an IPSec tunnel. The VPN device
supplies a list of networks to the VPN Client for tunneled traffic.
You enable split tunneling on the VPN Client and configure the
network list on the VPN device.
clear text and encrypted through an IPSec tunnel. The VPN device
supplies a list of networks to the VPN Client for tunneled traffic.
You enable split tunneling on the VPN Client and configure the
network list on the VPN device.
Support for Split DNS
The ability to direct DNS packets in clear text over the Internet to
domains served through an external DNS (serving your ISP) or
through an IPSec tunnel to domains served by the corporate DNS.
The VPN server supplies a list of domains to the VPN Client for
tunneling packets to destinations in the private network. For
example, a query for a packet destined for corporate.com would go
through the tunnel to the DNS that serves the private network, while
a query for a packet destined for myfavoritesearch.com would be
handled by the ISP's DNS. This feature is configured on the VPN
server (VPN Concentrator) and enabled on the VPN Client by
default. To use Split DNS, you must also have split tunneling
configured.
domains served through an external DNS (serving your ISP) or
through an IPSec tunnel to domains served by the corporate DNS.
The VPN server supplies a list of domains to the VPN Client for
tunneling packets to destinations in the private network. For
example, a query for a packet destined for corporate.com would go
through the tunnel to the DNS that serves the private network, while
a query for a packet destined for myfavoritesearch.com would be
handled by the ISP's DNS. This feature is configured on the VPN
server (VPN Concentrator) and enabled on the VPN Client by
default. To use Split DNS, you must also have split tunneling
configured.
Table 1-4
IPSec Features (continued)
IPSec Feature
Description
Table 1-5
IPSec Attributes
IPSec Attribute
Description
Main Mode and Aggressive
Mode
Mode
Ways to negotiate phase one of establishing ISAKMP Security
Associations (SAs)
Associations (SAs)
Authentication algorithms
•
HMAC (Hashed Message Authentication Coding) with MD5
(Message Digest 5) hash function
(Message Digest 5) hash function
•
HMAC with SHA-1 (Secure Hash Algorithm) hash function
Authentication Modes
•
Preshared Keys
•
Mutual Group Authentication
•
X.509 Digital Certificates
Diffie-Hellman Groups
•
Group 1 = 768-bit prime modulus
•
Group 2 = 1024-bit prime modulus
•
Group 5 = 1536 prime modulus
Note
See the Cisco VPN Client Administrator Guide for more
information about DH Group 5.
information about DH Group 5.
Encryption algorithms
•
56-bit DES (Data Encryption Standard)
•
168-bit Triple-DES
•
AES 128-bit and 256-bit