Program Features

The VPN Client supports the Program features listed in Table 1-2.

Table 1-2 Program Features 

Program Feature

Description

Servers Supported

  • Cisco IOS devices that support Easy VPN server functionality

  • VPN 3000 Series Concentrators

  • Cisco PIX Firewall Series, Version 6.2 or later

Interfaces supported

  • Graphical user interface

  • Command line interface

Online Help

Complete browser-based context-sensitive Help

Note: The online help requires MS Internet Explorer.

Local LAN access

The ability to access resources on a local LAN while connected through a secure gateway to a central-site VPN server (if the central site grants permission).

Automatic VPN Client configuration option

The ability to import a configuration file.

Event logging

The VPN Client log collects events for viewing and analysis.

NAT Transparency (NAT-T)

Enables the VPN Client and the VPN device to automatically detect when to use IPSec over UDP to work properly in Port Address Translation (PAT) environments.

Update of centrally controlled backup server list

The VPN Client learns the backup VPN server list when the connection is established. This feature is configured on the VPN device and pushed to the VPN Client. The backup servers for each connection entry are listed on the Backup Servers tab.

Set MTU size

The VPN Client automatically sets a size that is optimal for your environment. However, you can also set the MTU size manually. For information on adjusting the MTU size, see the VPN Client Administrator Guide.

Support for Dynamic DNS (DDNS hostname population)

The VPN Client sends its hostname to the VPN device when the connection is established. If this occurs, the VPN device can send the hostname in a DHCP request. This causes the DNS server to update its database to include the new hostname and VPN Client address.

Notifications

Software update notifications from the VPN server upon connection.

Launching from notification

Ability to launch a location site containing upgrade software from a VPN server notification.

Alerts (Delete with reason)

The VPN Client provides you with a reason code or reason text when a disconnect occurs. The VPN Client supports the delete with reason function for client-initiated disconnects, concentrator-initiated disconnects, and IPSec deletes.

  • If you are using a GUI VPN Client, a pop-up message appears stating the reason for the disconnect, the message is appended to the Notifications log, and is logged in the IPSec log (Log Viewer window).

  • If you are using a command-line client, the message appears on your terminal and is logged in the IPSec log.

  • For IPSec deletes, which do not tear down the connection, an event message appears in the IPSec log file, but no message pops up or appears on the terminal.

    Note: The VPN concentrator you are connected to must be running software version 4.0 or later.

Single-SA

The ability to support a single security association (SA) per VPN connection. Rather than creating a host-to-network SA pair for each split-tunneling network, this feature provides a host-to-ALL approach, creating one tunnel for all appropriate network traffic apart from whether split-tunneling is in use.



Copyright © 2003, Cisco Systems, Inc. All rights reserved.