C onfiguration File Keywords

The configuration file has four valid section names, [VPN Partner Alias], [VPN User], [VPN General], and [VPN Root Cert]. The section names are not case sensitive.

[V P N Partner Alias]

Use this section for aliasing VPN 5000 Client IP addresses to a text string. Alias_Name is case sensitive.

Table B-1: VPN Partner Alias Keywords

Keyword Description

Alias_Name = IP_Address

Alias_Name is any text string, with spaces, less than 80 characters. The IP_Address is a valid IP address of a VPN 5000 concentrator to which the client can connect. The IP address must be in standard dotted decimal format and not a domain name.

Keyword	Description
Alias_Name = IP_Address	Alias_Name is any text string, with spaces, less than 80 characters. The IP_Address is a valid IP address of a VPN 5000 concentrator to which the client can connect. The IP address must be in standard dotted decimal format and not a domain name.

[V PN U sers]

This section defines the login information for each user of the VPN 5000 Client. There may be multiple users for each configuration file.

The following keywords are recognized in this section:

Table B-2: VPN Users Section Keywords

Keyword Description

UserName = string

Identifies a unique user. This name must also be configured in the authentication service it is using, for example, RADIUS or SecurID. The string can be between one and 60 alphanumeric characters, with no spaces allowed. This entry must always be the first on the line.

IPPrimary = {Alias_Name | IP_address | Domain_Name}

Sets the alias name, IP address or fully qualified domain name of the VPN 5000 concentrator to which the client connects.

IPSecondary = {Alias_Name | IP_address | Domain_Name}

Sets the alias name, IP address or fully qualified domain name of the VPN 5000 concentrator to which the client connects, if the primary concentrator is unreachable.

SharedKey = pass_phrase

Sets the shared secret for this user. The pass phrase generates session keys used to authenticate and encrypt each packet received from or sent to the client. This keyword must match the Shared Key configured for this user in the VPN authentication system.

RADIUSPassword = string

Set the RADIUSPassword keyword to match the user's password configured in the RADIUS server.

PAPAuthSecret = pass_phrase

Sets the secret used between the VPN 5000 concentrator and the client. This secret authenticates and encrypts packets exchanged before passing them on to the RADIUS server. Use this keyword if the RADIUS server is set to use PAP for authentication instead of CHAP. The PAPAuthSecret must match the secret configured in the RADIUS section of the VPN 5000 concentrator.

IPEnabled = {True | False}

When the IPEnabled keyword is true, it enables IP-in-IP tunneling to the corporate network.

IPXEnabled = {True | False}

When the IPXEnabled keyword is true, it enables IPX-in-IPX connections to the corporate network.

NetBTEnabled = {True | False}

When the NetBTEnabled keyword is true, it enables Microsoft networking functionality over IP transport during client sessions.

ExcludeLocalLAN = {True | False}

When the ExcludeLocalLAN keyword is true, local LAN traffic is not tunneled. Because this method is less secure, you must also enable the ExcludeLocalLAN keyword in the VPN Group configuration of the VPN 5000 concentrator.

UsefTCP = {True | False}

When the UsefTCP keyword is true, you enable Network Address Translation (NAT) transparency for client sessions. Set this keyword if you are having problems connecting through a NAT device or through an ISP.

Keyword	Description
UserName = string	Identifies a unique user. This name must also be configured in the authentication service it is using, for example, RADIUS or SecurID. The string can be between one and 60 alphanumeric characters, with no spaces allowed. This entry must always be the first on the line.
IPPrimary = {Alias_Name \| IP_address \| Domain_Name}	Sets the alias name, IP address or fully qualified domain name of the VPN 5000 concentrator to which the client connects.
IPSecondary = {Alias_Name \| IP_address \| Domain_Name}	Sets the alias name, IP address or fully qualified domain name of the VPN 5000 concentrator to which the client connects, if the primary concentrator is unreachable.
SharedKey = pass_phrase	Sets the shared secret for this user. The pass phrase generates session keys used to authenticate and encrypt each packet received from or sent to the client. This keyword must match the Shared Key configured for this user in the VPN authentication system.
RADIUSPassword = string	Set the RADIUSPassword keyword to match the user's password configured in the RADIUS server.
PAPAuthSecret = pass_phrase	Sets the secret used between the VPN 5000 concentrator and the client. This secret authenticates and encrypts packets exchanged before passing them on to the RADIUS server. Use this keyword if the RADIUS server is set to use PAP for authentication instead of CHAP. The PAPAuthSecret must match the secret configured in the RADIUS section of the VPN 5000 concentrator.
IPEnabled = {True \| False}	When the IPEnabled keyword is true, it enables IP-in-IP tunneling to the corporate network.
IPXEnabled = {True \| False}	When the IPXEnabled keyword is true, it enables IPX-in-IPX connections to the corporate network.
NetBTEnabled = {True \| False}	When the NetBTEnabled keyword is true, it enables Microsoft networking functionality over IP transport during client sessions.
ExcludeLocalLAN = {True \| False}	When the ExcludeLocalLAN keyword is true, local LAN traffic is not tunneled. Because this method is less secure, you must also enable the ExcludeLocalLAN keyword in the VPN Group configuration of the VPN 5000 concentrator.
UsefTCP = {True \| False}	When the UsefTCP keyword is true, you enable Network Address Translation (NAT) transparency for client sessions. Set this keyword if you are having problems connecting through a NAT device or through an ISP.

[V PN General]

Use this section for setting general operations of the VPN 5000 Client. These settings affect every user in the configuration file. Currently, the password encryption operation is on a per user basis.

Table B-3: VPN General Section Keyword

Keyword Description

EncryptPasswords = {True | False}

When the EncryptPasswords keyword is true, all pass phrases (Shared Key, RADIUSPassword, and PAPAuthSecret) are encrypted for every user in the configuration file. The user is prompted for the encryption password during the login.

Keyword	Description
EncryptPasswords = {True \| False}	When the EncryptPasswords keyword is true, all pass phrases (Shared Key, RADIUSPassword, and PAPAuthSecret) are encrypted for every user in the configuration file. The user is prompted for the encryption password during the login.

[V PN R oot Cert]

This section is for root certificates that have been imported into the client. Only one root certificate is allowed per section but there may be as many as 30 VPN Root Cert sections.

Table B-4: VPN Root Cert Section Keyword

Keyword Description

CertName = root_certificate_file_name

This specifies the file name for each root certificate that has been imported.

Keyword	Description
CertName = root_certificate_file_name	This specifies the file name for each root certificate that has been imported.

Each root certificate must have it's own section header as in the following examples:

[VPN Root Cert]
CertName = rootcert_1
 
[VPN Root Cert]
CertName = rootcert_2

Table of Contents