IPSec Features

The VPN Client supports the IPSec features listed in Table 1-4

Table 1-4 IPSec Features 

IPSec Feature

Description

Tunnel Protocol

IPSec

Transparent tunneling

  • IPSec over UDP for NAT and PAT

  • IPSec over TCP for NAT and PAT

Key Management protocol

Internet Key Exchange (IKE)

IKE Keepalives

A tool for monitoring the continued presence of a peer and report the VPN Client's continued presence to the peer. This lets the VPN Client notify you when the peer is no longer present. Another type of keepalives keeps NAT ports alive.

Split tunneling

The ability to simultaneously direct packets over the Internet in clear text and encrypted through an IPSec tunnel. The VPN device supplies a list of networks to the VPN Client for tunneled traffic. You enable split tunneling on the VPN Client and configure the network list on the VPN device.

Support for Split DNS

The ability to direct DNS packets in clear text over the Internet to domains served through an external DNS (serving your ISP) or through an IPSec tunnel to domains served by the corporate DNS. The VPN server supplies a list of domains to the VPN Client for tunneling packets to destinations in the private network. For example, a query for a packet destined for corporate.com would go through the tunnel to the DNS that serves the private network, while a query for a packet destined for myfavoritesearch.com would be handled by the ISP's DNS. This feature is configured on the VPN server (VPN concentrator) and enabled on the VPN Client by default. To use Split DNS, you must also have split tunneling configured.



Copyright © 2003, Cisco Systems, Inc. All rights reserved.