VPN Client IPSec Attributes

The VPN Client supports the IPSec attributes listed in Table 1-5.

Table 1-5 IPSec Attributes 

IPSec Attribute

Description

Main Mode and Aggressive Mode

Ways to negotiate phase one of establishing ISAKMP Security Associations (SAs)

Authentication algorithms

  • HMAC (Hashed Message Authentication Coding) with MD5 (Message Digest 5) hash function

  • HMAC with SHA-1 (Secure Hash Algorithm) hash function

Authentication Modes

  • Preshared Keys

  • X.509 Digital Certificates

Diffie-Hellman Groups

  • 1 (DES)

  • 2 (DES and 3DES)

  • 5

    Note: See the Cisco VPN Client Administrator Guide for more information about DH Group 5.

Encryption algorithms

  • 56-bit DES (Data Encryption Standard)

  • 168-bit Triple-DES

  • AES 128-bit and 256-bit

Extended Authentication (XAUTH)

The capability of authenticating a user within IKE. This authentication is in addition to the normal IKE phase 1 authentication, where the IPSec devices authenticate each other. The extended authentication exchange within IKE does not replace the existing IKE authentication.

Mode Configuration

Also known as ISAKMP Configuration Method

Tunnel Encapsulation Modes

  • IPSec over UDP (NAT/PAT)

  • IPSec over TCP (NAT/PAT)

IP compression (IPCOMP) using LZS

Data compression algorithm



Copyright © 2003, Cisco Systems, Inc. All rights reserved.