Table Of Contents
Managing the VPN Client
Managing Connection Entries
Importing a Connection Entry
Modifying a Connection Entry
Deleting a Connection Entry
Event Logging
Enable Logging
Clear Logging
Set Logging Options
Opening the Log Window
Viewing Statistics
Tunnel Details
Route Details
Notifications
Managing the VPN Client
This chapter describes how to manage connection entries, and view and manage the event logging.
Managing Connection Entries
The following sections describe the operations used to manage connection entries. This includes how to import, modify, and delete a connection entry.
Importing a Connection Entry
You can automatically configure your VPN Client with new settings by importing a new configuration file (a file with a.pcf extension, called a profile) supplied by your network administrator.
To import a stored profile:
Step 1 
Click the Connection Entries tab.
Step 2 Click Import at the top of the VPN Client window. The Import VPN Connection dialog box appears (Figure 7-1).
Figure 7-1 Import VPN Connection
Step 3 Locate the connection entry to import. A valid connection entry configuration file must have a .pcf extension.
Step 4 Click Open. The connection entry is added to the list of available profiles and you return to the Connection Entries tab.
Alternately, you can copy the .pcf file into the profiles directory and restart the VPN Client application.
Modifying a Connection Entry
You can make changes to a connection entry at any time. The new configuration is stored in the profiles directory and is applied during the next connection attempt.
To modify a connection entry:
Step 1 Click the Connection Entries tab.
Step 2 Select the connection entry to modify.
Step 3 Click Modify at the top of the VPN Client window. The VPN Client Properties dialog box appears (Figure 7-2).
Figure 7-2 Connection Entry Settings
The existing configuration for this connection entry is displayed.
Step 4 Make adjustments to this connection entry configuration.
Step 5 Click Save. The VPN Client Properties dialog box closes and you return to the Connection Entries tab.
Deleting a Connection Entry
You can delete any connection entry that does not have an active VPN connection.
To delete a connection entry:
Step 1 The Connection Entries tab must be forward.
Step 2 Select the connection entry to delete.
Step 3 Click Delete at the top of the VPN Client window. You are prompted to confirm the connection entry to delete (Figure 7-3).
Figure 7-3 Confirm Delete
Caution You cannot retrieve a connection entry that has been deleted.
Step 4 Click Delete to delete this connection entry. The connection entry is removed from the profiles directory and you are returned to the Connection Entries tab.
Click Do not Delete to return to the VPN Client window without deleting the selected connection entry.
Event Logging
The following sections describe how to view and manage the VPN Client event log.
The event log can help diagnose problems with an IPSec connection between the VPN Client and a peer VPN device. The log collects event messages from all processes that contribute to the client-peer connection.
From the Log tab on the VPN Client window you can:
•Enable logging
•Clear the logging display
•View the event log in an external window
•Set or change the logging levels
Note To search the log, choose Search Log from the Log menu. Matched instances are highlighted on the Log tab.
Enable Logging
Note If you enable logging during normal use of the VPN Client, it might affect the performance of the application. We recommend that you only enable logging when troubleshooting.
To enable logging, click Enable at the top of the VPN Client window. Alternately, you can choose Enable from the Log menu. The event logging window displays (Figure 7-4).
Figure 7-4 Event Log
Every VPN session contains at least one log entry, the connection history.
To disable logging, click the Disable button at the top of the VPN Client window.
Clear Logging
To clear the event messages from the logging window, click Clear at the top of the VPN Client window. Clearing the display does not reset event numbering or clear the log file itself.
Note To store the event messages before you clear the log, choose Save from the Log menu.
Set Logging Options
Logging options apply to the active VPN session. Changing the logging settings clears the event log and the new logging settings take effect immediately.
To set logging options for the VPN Client:
Step 1 Click the Log tab.
Step 2 Click Options at the top of the VPN Client window. The Log Settings dialog box appears (Figure 7-5).
Figure 7-5 Log Settings
Table 7-1 describes the log classes that generate events in the VPN Client log viewer.
Table 7-1 VPN Client Logging Classes
Log Class
|
Description
|
Module
|
[LOG.IKE]
|
Internet Key Exchange module, which manages secure associations.
|
IKE
|
[LOG.CM]
|
Connection Manager (CM), which drives VPN connections. (CM dials a PPP device, configures IKE for establishing secure connections, and manages connection states.)
|
Connection Manager
|
[LOG.CVPND]
|
Cisco VPN Daemon, which initializes client service and controls the messaging process and flow.
|
Daemon (cvpnd)
|
[LOG.XAUTH]
|
Extended authorization application, which validates a remote user's credentials.
|
eXtended AUTHentication
|
[LOG.CERT]
|
Certificate management process, which handles obtaining, validating, and renewing certificates from certificate authorities. CERT also displays errors that occur as you use the application.
|
Certificates
|
[LOG.IPSEC]
|
IPSec module, which obtains network traffic and applies IPSec rules to it.
|
IPSec
|
[LOG.CLI]
|
Command-Line Interface, which allows you to perform certain operations from the command line rather than using the VPN Client graphical user interface.
|
Command Line
|
[LOG.GUI]
|
The VPN Client for Mac OS X user interface.
|
Graphical User Interface
|
Step 3 Select the logging level for each module that uses logging services. The logging levels allow you to choose the amount of information you want to capture. Figure 7-6 shows the logging levels.
Figure 7-6 Logging Levels
There are four logging levels:
•0—Disables logging services for the specified [LOG] class.
•1—Low, displays only critical and warning events. This is the default.
•2—Medium, displays critical, warning, and informational events.
•3—High, displays all events.
Step 4 Click Apply. This clears the event log and immediately applies the new logging levels.
Opening the Log Window
To display the events log in a separate window, click Log Window at the top of the VPN Client window. The VPN Client Log Window appears (Figure 7-7).
Figure 7-7 Log Window
The following buttons allow you to manage the information in the Log Window:
•Save the data in the event log to a file.
Note The VPN Client saves the information to the Client install directory. The default file name is based on the date and time (in 24-hour format) that the log file was created; for example, LOG-2003-03-13-52-56.text. You can save what is in the present log to a different directory and filename, but you cannot change the default log directory and filename.
•Open the Log Settings window.
•Clear the information listed in the log window.
•Close the Log Window.
Viewing Statistics
View VPN session information on the Statistics window. The Statistics window lists tunnel details, route details, and other information related to the active VPN session, including:
•IP addresses assigned for this session
•Byte and packet transfer statistics
•Encryption and authentication algorithms
•Split tunneling
•NAT transparency
To view VPN session statistics, choose Statistics from the Status menu.
The Statistics window has two tabs, Tunnel Details and Route Details. The Tunnel Details tab lists information about the VPN tunnel. The Route Details tab lists information about excluded and secured routes.
Tunnel Details
The Tunnel Details tab (Figure 7-8) displays the IP addresses assigned for this session and byte and packet statistics.
Figure 7-8 Statistics Window—Tunnel Details
Use the Reset button to clear the fields in the tunnel details display. Alternately, you can reset the statistics by choosing Reset Stats from the Status menu.
Table 7-2 describes the statistics fields on the Tunnel Details tab.
Table 7-2 Tunnel Details
Field
|
Description
|
Client Address Information
|
IP address assigned to the client for this VPN session
|
Server Address Information
|
IP address of the VPN device you are connected to.
|
Bytes Received
|
Number of bytes received by the client during the active session.
|
Bytes Sent
|
Number of bytes sent by the client during the active session.
|
Packets Encrypted
|
Number of packets encrypted during this VPN session.
|
Packets Decrypted
|
Number of packets decrypted during this VPN session.
|
Packets Discarded
|
Number of packets discarded during this VPN session.
|
Packets Bypassed
|
Number of packets bypassed during this VPN session.
|
Connection Entry Name
|
The name of the connection entry for this VPN session.
|
Connection Time
|
The connection time for this VPN session.
|
Encryption
|
Encryption algorithm used for this VPN session. The VPN Client supports:
•56-bit DES (Data Encryption Standard)
•168-bit Triple-DES
•AES 128-bit and 256-bit
Note The VPN Client continues to support DES/MD5. However, support for DES/SHA is no longer available, and Release 3.7 and later VPN Clients cannot connect to any central-site device group that is configured for (or proposing) DES/SHA. The VPN Client must either connect to a different group or the system administrator for the central-site device must change the configuration from DES/SHA to DES/MD5 or another supported configuration. The Cisco VPN Client Administrator Guide lists all supported encryption configurations.
|
Authentication
|
Authentication algorithm used for this VPN session. The VPN Client supports:
•HMAC-MD 5 (Hashed Message Authentication Coding with Message Digest 5 hash function)
•HMAC-SHA-1 (Secure Hash Algorithm hash function)
|
Transparent tunneling
|
Displays whether transparent tunneling is enabled; if enabled, lists the protocol and port number.
|
Local LAN
|
Displays whether Local LAN access (split tunneling) is enabled.
|
Compression
|
Displays what type of data compression is used, if any.
|
Route Details
The Route Details tab displays the routes that VPN traffic takes into the network, which can be either Local LAN routes or secured routes.
•Local LAN routes are excluded from the secure VPN tunnel.
•Secured routes are routes that go through the secured VPN tunnel.
To display route data during an active VPN session, open the Statistics window and click the Route Details tab (Figure 7-9).
Figure 7-9 Statistics Window—Route Details
For each local LAN or secured route, the following information is listed:
•Network—The IP address of the VPN device providing the route to the network.
•Subnet Mask—The subnet mask applied to the route.
Notifications
The VPN device that provides your connection to the private network might send notifications to the VPN Client. These notifications appear on the Notifications window. To display the notifications window (Figure 7-10), choose Notifications from the Status menu.
When you first establish a VPN connection, you receive a notification regarding your connection. This is typically the login banner or connection history.
Other notifications might include messages from your network administrator about upgrades to the VPN Client software or information regarding the specific VPN device you are connected to.
Figure 7-10 Notifications Window
The top pane of the Notifications window lists the title of each stored notification. The bottom pane displays the notification message associated with the selected title.
All notifications from the VPN device are stored in this display during the VPN session. Every VPN session contains at least one notification, the connection history.
Some notifications contain a URL which directs you to the location of more current versions of the VPN Client. If the URL exists, the Launch button becomes active. If you click the Launch button, a browser open on your workstation.
