cc/td/doc/product/aggr/vpn5000/client
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

VPN 5000 Client User Interface

VPN 5000 Client User Interface

This chapter documents all of the windows and features of the Windows and Mac OS VPN 5000 Clients. This guide shows the Windows version, but these two platforms are virtually identical in content. Figures and text in this section are applicable to both environments, except where indicated.

VPN Client Window

To access the VPN Client window while you are connected, click on the spinning globe in the Windows Tool Tray for Windows clients. For Macintosh clients, select the VPN 5000 Client from the application menu. This window automatically appears as part of the normal login procedure.

The following tabbed sections allow you to set up logins, view statistics, and set other client parameters.

The Hide and Exit buttons appear on each tab of the window.

Hide removes the window from your screen. Exit exits the client program. For Mac OS clients, Command-Q is used to quit the client application.

Configuration Tab

The Configuration Tab contains a list of your available login configurations. The following tables describe the buttons and checkboxes on the window.



Table 4-1: Configuration Tab Buttons
Button Action

Add

Creates a new login

Remove

Deletes a login

Edit

Edits the selected login

Set as Default

Sets a pre-selected login when the client loads

Connect

Establishes a tunnel connection

Disconnect

Disconnects the active tunnel session.

Advanced

Opens the Advanced Configuration Properties Window


Table 4-2: Configuration Tab Checkboxes
Checkbox Action

Auto-Connect to Default when Opened

Sets whether the default login automatically connects to the server when you open the client.

Auto-Connect to Default before Logon (Windows only)

Sets whether the default login automatically connects to the server before logging into your computer and domain. This feature enables you to log into the corporate network domain at startup.

Advanced Configuration Properties

To access this window, click the Advanced button on the Configuration tab of the VPN Client window.

If the VPN 5000 Concentrator is configured to save secrets, all static passwords entered in the client are saved in the configuration file so you do not need to enter them again. To prevent your passwords from being read in the configuration file, enable password encryption in the file by checking the Encrypt Passwords box.


Login Properties Window

To access this window, click the Add or Edit button on the Configuration Tab.

This window allows you to enter and change parameters for the selected login. Many parameters require that the client be configured to match the configuration of the server.

For more information on configuring your server, see the appropriate configuration or reference guide for the Cisco VPN 5000 series products.



Table 4-3: Login Properties Window

Parameter

Description

Shared Key

This login method uses only the shared key password for authentication.

Certificate

This method requires you to manually import a root certificate to establish a tunnel with the server.

Login Name

Name of the tunnel user. This name must also be configured on the server and, if present, the authentication service. The name can be between 1 and 60 alphanumeric characters, no spaces allowed.

Primary VPN Server

IP address or fully qualified domain name of the server that the client software connects to.

Secondary VPN Server

Alternate server address.

Use NAT Transparency Mode

Enables Network Address Translation (NAT) transparency for client sessions. The server must be configured to have an ESP transform set. Check the NAT Transparency Mode if you are having problems connecting through a NAT device or through an ISP.

Advanced button

Opens the Advanced Login Properties window

Advanced Login Properties

To access this window, click the Advanced button on the Login Properties window. This window sets the local tunneling control.



Table 4-4: Advanced Login Properties Window
Checkbox Action

Tunnel IP

Enables IP-in-IP tunneling to the IP networks configured in the server.

Tunnel MS Networking (NetBT)

(Windows Only) Enables Microsoft networking functionality over IP transport if it is enabled on the server.

Tunnel IPX

(Windows Only) Enables connections to IPX servers.

Exclude Local LAN from Tunnel

Local LAN traffic is not tunneled, if enabled on the server.

Exclude DHCP (bootp) from Tunnel

DHCP traffic is not tunneled.

Configuration Tab Right-Click Menus

When the Configuration tab is forward, you can right-click on any login name to view the current tunneling control options, clear the saved secrets, or clear the byte count.

The Tunneling Control Options are set in the Advanced Login Properties Window. Clearing Saved Secrets allows you to establish new passwords for this user. Clear Byte Count resets the bytes transmitted and bytes received values to zero for this user.


Logging Tab

The Logging tab displays messages related to tunnel connections for troubleshooting purposes.


The Log Message Level drop-down list determines the detail of messages logged. The log information displays in the window.


Table 4-5: Log Message Level Options
Log Message Level Description

Error

Reports errors.

Warning

Reports warnings and errors.

Status

Reports connection status, warnings, and errors.

Debug

Reports every action and provides detailed information about the connection conversation between the client and the server.


Caution Cisco recommends that you do not use Debug on a daily basis. It generates a large number of log messages.

General Tab

The General tab displays information about the VPN 5000 Client and packet statistics for each session.


The Version Information section displays the current version of the VPN 5000 Client software and the information listed in the following table.


Table 4-6: General Version Information

Version Information Field

Description

Static VxD

Version of the static driver.

Client VxD

Version of the Windows 95/98 driver.

VPN 5000 Concentrator

Version number of the code for the last VPN 5000 Concentrator the client was connected to.

IP Address

IP address the VPN 5000 Concentrator gives you for this session.

The Statistics section displays information related to the tunnel traffic. This information is used for troubleshooting purposes.


Table 4-7: General Statistics

Statistics Field

Description

Packets Received and Packets Transmitted

The number of IP and IPX packets received and transmitted by the client during the active session.

Bad authentication

The number of packets with bad authentication.

Bad encapsulation

The number of packets with bad encapsulation.

Bad input

Number of packets that could not wrap properly.

Bytes Received and Bytes Transmitted

Can be used for billing purposes, these list the number of bytes transmitted and received by the client during the active session.

To reset the byte count in this field, you must right-click on the login name. See "Configuration Tab Right-Click Menus" section.

Reset

Clears all displayed statistics except bytes received and transmitted.

Certificates Tab

The Certificates tab allows you to manage your root certificates. During the login, each root certificate file is checked against the received server certificate for validity until the server's certificate is validated, or until there are no more root certificates. Root certificates are not bound to any user.

Each root certificate is saved in the root certificate section of the configuration file as in the following example.

[VPN Root Cert]
rootcert1
 



Table 4-8: Certificates Tab buttons

Button

Action

Import

Import root certificates

Remove

Removes unused or unneeded root certificates

View

Opens the Digital Certificate Information window

Digital Certificate Information Window

To access this window, click the View button on the Certificates Tab of the VPN Client window. This window displays details about the selected root certificate.



Table 4-9: Digital Certificate Information Fields
Field Description

Certificate Format Version

Indicates the X.509 version of the certificate format.

Certificate Serial Number

Specifies the unique numerical identifier of the certificate in the domain of all public key certificates issued by the CA.

Signature Algorithm ID for CA

Identifies the algorithm used by the CA to sign the certificate.

Issuer Name

Specifies the X.500 distinguished name (DN) of the CA that issued the certificate.

Validity Period

Specifies the dates and times for the start date and the expiration date of the certificate.

Subject Name

Specifies the X.500 DN of the entity holding the private key corresponding to the public key identified in the certificate.

Subject Public Key Information

The first part of this field identifies the value of the public key owned by the subject. The second part is the algorithm identifier specifying the algorithm with which the public key is to be used.

Certificate Fingerprint

Identifies the fingerprint of the certificate so that it can be verified against the certificate on the server.

About Tab

The About tab displays product licensing and copyright information.


Help Tab

The Mac OS Client includes a help file with a Help tab.

The Windows Client includes the Help tab only if the administrator created a customized help file for your installer. See the "Customized Help Files" section.


Password Windows

This section describes the security windows that can appear during the login.

VPN Encryption Password


This window appears if you enabled password encryption (see "Advanced Configuration Properties" section) to decrypt the passwords in your configuration file for tunnel session.

Prompt for Secret

If you are not using certificates, you are prompted for a shared secret to establish a tunnel between the client and the server. Additional passwords are sent over the tunnel.


RADIUS


If the VPN server uses a RADIUS server to authenticate users, the RADIUS password and authentication secret verifies the client to connect to the RADIUS VPN server.

The Password is the RADIUS password configured on the RADIUS server. If the VPN 5000 Concentrator specifies PAP authentication, enter the Authentication Secret.

This secret must match the PAPAuthSecret configured in the RADIUS section of the concentrator.

SecurID

Client configurations that use SecurID have several special user prompts. In some cases you will see all of these prompts, in others you will only see some of the prompts.


Step 1 If the concentrator configuration specifies that the SecurID user name is different from the concentrator login name, you see the following prompt:


Step 2 The first time you log in, the following prompt appears:


Step 3 Enter a PIN and click OK, or leave the edit box blank and click Cancel to have the system generate a PIN.

If the system generates the PIN, a dialog box with a new PIN appears:


Step 4 Memorize or note the PIN before clicking OK.

If you have logged in before, the following prompt appears:


Step 5 Enter the PASSCODE, which consists of your PIN plus the current code from your SecurID token.

If the passcode is accepted, a client tunnel is created and the globe icon starts spinning.

For a Windows client, the globe is located in the Windows Tool Tray.

For a Mac OS client, the globe is in the upper right-hand corner of the VPN Client window.

If the passcode is not accepted, the following prompt appears:


Step 6 Wait until the token code changes from the one you just entered and try again.

If the passcode is still unacceptable, you will receive an access denied message.


Changing the SecurID Passcode

The administrator can set the SecurID server to require users to change their PINs. In this case, the following prompt appears:



Step 1 Enter a PIN and click OK, or leave the edit box blank and click Cancel to have the system generate a PIN.

Step 2 After memorizing or noting your new PIN, click OK.

You are prompted for your new passcode with the following dialog box.


When your passcode is accepted, the globe icon spins to indicate that you have established a connection.


Axent Defender Prompt

If the vpn server uses an Axent Defender system to authenticate users, you see the following prompt.


Enter the 8-digit challenge that appears on the VPN Client - RADIUS passcode window into your keypad or on your screen.

Windows Tool Tray Icon

The VPN Client icon appears in the Windows Tool Tray on the task bar. When you are connected to the server, the icon turns into a globe and spins.

Right-click the icon to activate the following drop-down menu:


Mac OS VPN Client File Menu

In the Mac OS Client, the File menu includes the following commands:



hometocprevnextglossaryfeedbacksearchhelp
Posted: Mon Jun 26 12:47:54 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.