Cisco VPN Client Administrator Guide, Release 5.0 - Index [Cisco VPN Client]

Table Of Contents

A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Z

Index

A

activating an IKE proposal 4-5

adding an SA 4-5

AES 11-13

aggressive mode connections, disabling inbound 1-15

alerting peers before disconnecting 1-15

API 11-16

AppendOriginalSuffix Option parameter 5-21

ApplicationLauncher parameters 5-11

Application Program Interface 11-16

attribute-value pairs (AVP) 3-11

authenticaation

mutual 1-13

authenticating, smart card 1-12

authentication

mutual group

authentication types 4-26

types 5-25

authentication parameters (.pcf file) 5-27

AuthType parameter (.pcf file) 5-25

auto initiation 7-5

AutoInitiationEnable (vpnclient.ini) 5-6, 7-3

AutoInitiationList (vpnclient.ini) 5-7, 7-3

AutoInitiationRetryInterval (vpnclient.ini) 7-3

AutoInitiationRetry IntervalType (vpnclient.ini) 5-7

AutoInitiationRetryIntervalType (vpnclient.ini) 7-3

AutoInitiationRetry Limit (vpnclient.ini) 5-7

configuring 7-1

connect parameter 7-3

creating in vpnclient.ini file 7-3

examples 7-4

excluding networks from 7-3

parameters 7-1

automatic browser configuration 1-22

configuring on VPN Concentrator 1-22, 4-22

autoupdating VPN Client software

creating configuration file 6-5

creating profile distribution package 6-6

enabling on VPN Concentrator 6-3

how it works 6-7

managing 6-3

Windows 2000 and Windows XP 6-2

AYT firewall policy 1-19, 4-11

B

backup server attributes, group policy 3-23

BackupServer parameter (.pcf file) 5-28

backup servers

configured on VPN Concentrator for VPN Client 4-21

Baltimore Technologies 4-9, 5-14

banner message, group policy 3-19

BlackIce Defender

firewall on remote PC 1-19, 4-11

Black Ice firewall 3-26

bluetooth, unsupported 1-3

browser, automatic configuration 1-22

browser proxy configuration 1-22, 4-22

bypassing DHCP server 5-8

bypassing installation of firewall files 1-5

C

Centralized Protection Policy (CPP) 1-18, 4-11

certificate

connecting 4-9, 5-14

contents 9-2

enrolling a CA 9-6

enrollment 9-2

PKI 4-9, 5-15

example 9-3

management 9-1

management operations 9-4

passwords 9-3

root 9-2

store 9-1

tags 9-4

user 9-1

certificate, Entrust 1-10

Certificate Authorities (CA)

supported 4-9, 5-14

certificates

enrollment

IP address 5-10

parameters (vpnclient.ini) 5-9

Entrust 1-10, 4-23

group name requirement 4-5

organization unit field 4-5

parameters (.pcf files) 5-29

VPN Client connections

configuring VPN concentrator 4-4

change password operation 9-6

changing method of initializing VA 5-8

changing the MTU size 11-5

Cisco Integrated Client

scenario 4-13

VPN Client software 1-18, 4-10

Cisco Integrated Firewall 3-25

Cisco Security Agent 3-26

firewall on the remote PC 1-19, 4-11

client/server firewall 1-19, 4-11

client access rules, group policy 3-27

client firewall 1-17

client firewall, group policy 3-25

Client Update 6-3

client update on VPN Concentrator 6-3

client upgrade, rebootless 1-4

command-line interface

error messages 8-11

minimum argument 9-1

command-line switches

vpngui 11-10

commands

msiexec 10-7, 12-2

logging options 12-3

vpnclient

connect 8-2

disconnect 8-6

displaying a list 8-1

notify 8-5

stat 8-7

verify autoinitconfig 8-5

vpngui

command-line switches 11-10

company logo

logo.png 10-1

compression, IP 11-13

configuration parameters

global profile 5-3

individual profiles 5-25

configurations

client/server 4-16

configuring

auto initiation 7-1

backup servers for VPN Client 4-21

browser proxy 1-22, 4-22

Entrust certificate 1-10, 4-23

local LAN access for VPN Client 1-20, 4-20

NAT-T 4-22

personal firewalls 1-17, 4-9

RADIUS SDI authentication 5-21

connected.png

lock image on active connection entry 10-1

connecting from command line

vpngui command 11-10

connection

ending 8-6

getting status 8-7

profiles 5-22

starting with vpnclient command 8-2

testing 11-9

connection entry

default 5-18

features controlled 5-23

file 5-24

preconfigured

distributing 5-33

sample .pcf file 5-23

connection-specific DNS suffix 5-20

connect on open

activating 5-18

ConnectOnOpen (vpnclient.ini) 5-8

continuous display (stat command) 8-7

CPP

defining filters and rules 4-15

creating 10-3

connection profiles 5-22

Entrust profile 1-10, 4-23

global profile 5-2

IPSec group in VPN Concentrator 4-3

MSI transform 10-3

user profiles in VPN Concentrator 4-4

custom firewall 3-26

customizing the VPN Client GUI for Mac OS X 10-8

customizing VPN Client software 10-1

for MSI 10-3

D

data formats 1-xvii

default

domain name, group policy 3-21

group policy 3-11

remote access tunnel group, configuring 3-4

default connection entry

connect on open 5-8

default user profile 5-18

defining rules for firewalls 4-15

delete operation 9-5

DES 11-13

Description parameter (.pfc file) 5-25

DfltGrpPolicy 3-12

DH1 11-13

DH5 11-13

DHCP inbound traffic

stateful firewall 1-18, 4-10

DHCP Intercept, configuring 3-22

DHCP server

bypassing 5-8

DHGroup parameter (.pcf files) 5-30

DialerDisconnect parameter (vpnclient.ini) 5-6

directory

profiles 5-2, 5-22

Disable Fast Shutdown option 11-5

disconnecting, alerting peers 1-15

displaying

information continuously 8-7

notifications 8-5

route information 8-7

distributing new profiles 6-6

distributing preconfigured software 5-33

DNS parameters 5-11

DNS suffix

connection-specific 5-20

primary 5-19

Windows platforms 5-19

documentation

additional 1-xii

cautions 1-xvii

notes 1-xvii

domain attributes, group policy 3-21

E

elevated privileges (installing MSI) 12-1

EnableBackup parameter (.pcf file) 5-28

EnableISPConnect parameter (.pcf file) 5-26

EnableLocalLAN parameter (.pcf file) 5-29

EnableLog parameter (vpnclient.ini) 5-6

EnableNat parameter (.pcf file) 5-28

EnableSplitDNS parameter (.pfc file) 5-31

encGroupPwd parameter (.pcf file) 5-26

ending a connection 8-6

enroll file operation 9-6

enrolling

in a PKI 4-9, 5-15

enrolling a CA for certificates 9-2, 9-6

enrollment keywords 9-7

enroll operation 9-5

enroll resume operation 9-6

Entrust

Technologies 4-9, 5-15

Entrust certificates

enabling VPN Client 1-10, 4-23

Entrust Entelligence certificate 1-10

EntrustIni parameter (vpnclient.ini) 5-5

error messages 8-11

errors

reporting

faultlog.txt file 11-2

ESP inbound traffic

stateful firewall 1-18, 4-10

events

severity 1

faultlog.txt file 11-2

excluding networks from auto initiation 7-3

export operation 9-5

F

fallback mode 11-9

faultlog.txt file 11-2

files

.pcf 5-22

.png 10-1

vpnclient.ini 5-2

sample 5-3

filters

defining for CPP 4-15

firewall

Black Ice 3-26

Cisco Integrated 3-25

Cisco Security Agent 3-26

CPP 1-18

custom 3-26

Network Ice 3-26

none 3-26

Sygate personal 3-26

Zone Labs 1-18, 3-26

firewall, personal 1-17

firewall files, bypassing installation 1-5

firewall information 8-7

firewall policy, group policy 3-25

firewalls

AYT 1-19, 4-11

BlackIce Defender 1-19, 4-11

Cisco Integrated Client 1-18, 4-10

Cisco Security Agent 1-19, 4-11

client/server

configuring 4-16

configurations

group 4-16

matching 1-18, 4-10

scenarios 4-13

CPP 4-11

custom 4-17

defining filters and rules 4-15

Integrity Server 1-19, 4-11

notifications during negotiations 4-18

personal firewall

enforcement on remote PC 1-19, 4-11

requiring 1-17, 4-10

stateful on VPN Client 1-18, 4-10

Sygate Personal Firewall 1-19, 4-11

Sygate Personal Firewall Pro 1-19, 4-11

Sygate Security Agent 1-19, 4-11

Zone Alarm Firewall 1-19, 4-11

Zone Alarm Pro Firewall 1-19, 4-11

ForceNetlogin parameter (.pfc file) 5-31

formats

data 1-xvii

FQDN (fully qualified domain name) 9-2

fragmentation

preventing 11-5

G

general attributes, tunnel group 3-2

general parameters, tunnel group 3-2

general tunnel-group connection parameters 3-2

global profile

creating 5-2

graphics, rebranding 10-1

GroupName parameter (.pcf file) 5-26

group policy

address pools 3-24

attributes 3-14

backup server attributes 3-23

client access rules 3-27

configuring 3-14

default domain name for tunneled packets 3-21

definition 3-11

domain attributes 3-21

firewall policy 3-25

internal, configuring 3-14

IPSec over UDP attributes 3-19

security attributes 3-17

split tunneling attributes 3-20

split-tunneling domains 3-22

VPN attributes 3-15

group policy, default 3-11

GroupPwd parameter (.pcf file) 5-26

GUI parameters 5-13

H

hash 9-2

help files, Japanese 1-5

HKEY_LOCAL_MACHINE 11-9

Host parameter (.pcf file) 5-25

I

icons

connected.ico 10-3

disconnecting.ico 10-3

unconnected.ico 10-3

ID method, determining 1-15

IKE

identification methods 1-15

keepalives 1-16

keepalive setting, tunnel group 3-3

IKE, configuring 1-13

IKE proposals

activating 4-5

list 11-13

phase 2 11-16

import operation 9-5

incompatible ginas

adding 11-9

fallback mode 11-9

start before logon feature 11-8

IncompatibleGinas parameter (vpnclient.ini file) 5-5

initializing VA

changing method 5-8

Installation

MSI requirements 12-1

installation

automatic 10-1

installer

package 10-8

installing

MSI transform 10-7

Integrity Server firewall

configuring 4-16

feature description 1-19, 4-11

intercept DHCP, configuring 3-22

internal group policy, configuring 3-14

IP addresses

certificate enrollment 5-10

IP compression 11-13

IPSec

over UDP, group policy, configuring attributes 3-19

remote-access tunnel group 3-5

IPsec concepts 1-1

IPSec group

creating on VPN Concentrator 4-3

IPSec log file

troubleshooting firewall configurations 4-17

IPSec parameters, tunnel group 3-3

ipsec-ra, creating an IPSec remote-access tunnel 3-5

ISAKMP

keepalive setting, tunnel group 3-3

ISAKMP, configuring 1-13

ISPCommand parameter (.pcf file) 5-27

ISPConnect parameter (.pcf file) 5-26

ISPConnectType parameter (.pcf file) 5-26

J

Japanese help files 1-5

K

key size 9-2

keywords for enrollment operations 9-7

L

Legacy IKE Port

changing 5-31

Linux Client firewall, configuring 1-20

list operation 9-4

LMHOSTS file 1-21, 4-21

local LAN access

configuring 1-20, 4-20

local LAN access, configuring 1-20

lock image

next to active connection entry 10-1

logging during MSI installation 12-3

LogLevel parameter 5-9

logo, rebranding 10-1

logo.png 10-1

log parameters (vpnclient.ini) 5-9

M

Mac OS X

customizing the Client GUI 10-8

making a parameter read only 5-2

managing

autoupdates 6-3

matching firewall configurations 1-18, 4-10

maximum transmission unit

see MTU setting

MD5 11-13

Microsoft

Certificate Services 4-9, 5-15

Windows 2000 4-9, 5-15

Microsoft Windows Installer (MSI) 12-1

MissingGroupDialog parameter (vpnclient.ini) 5-5

MSI 12-1

launching 12-2

logging during installation 12-3

silent install 10-7

msiexec command 10-7

MSI transform

customizing VPN Client 10-3

installing 10-7

MSLogonType parameter (.pcf file) 5-28

MTU setting

affects of 11-5

changing 11-5

mutual authentication 5-25

mutual group authentication 1-13, 4-26

N

NAT-T, enabling IPsec 1-14

NAT Transparency (NAT-T)

configuring on VPN Concentrator 4-22

Net login

forcing 5-31

Netlogin parameters 5-12

Network Ice firewall 3-26

new/modify profile dialog

profile_logo.png 10-2

new_update_config.ini file

parameters (table) 6-5

new connection entries

distributing 6-6

notifications

displaying 8-5

firewalls 4-18

upgrade 4-19, 6-1

notify command 8-5

NTDomain parameter (.pfc file) 5-27

O

operations for certificate management 9-4

Organization 10-1

organizational unit field in certificate 4-5

organization logo

logo.png file 10-1

P

parameters

global

table 5-5

peer timeout (.pcf file) 5-29

profile (.pcf)

authentication 5-27

AuthType 5-25

BackupServer 5-28

certificate parameters 5-29

Description 5-25

DHGroup 5-30

EnableISPConnect 5-26

EnableLocalLAN 5-29

EnableMSLogon 5-28

EnableNat 5-28

EnableSplitDNS 5-31

encGroupPwd 5-26

ForceNetlogin 5-31

GroupName 5-26

GroupPwd 5-26

Host 5-25

ISPCommand 5-27

ISPConnect 5-26

ISPConnectType 5-26

MSLogonType 5-28

NTDomain 5-27

PeerTimeout 5-29

RadiusSDI 5-30

SaveUserPassword 5-27

SDIUseHardwareToken 5-30

SendCertChain 5-30

TCPTunnelingPort 5-28

TunnelingMode 5-28

UseLegacyIKEPort 5-31

VerifyCertDN 5-30

read only 5-2

vpnclient.ini

AppendOriginalSuffixOption 5-21

ApplicationLauncher 5-11

AutoInitiationEnable 5-6

AutoInitiationList 5-7

AutoInitiationRetrylLimit 5-7

AutoInitiationRetryType 5-7

certificate enrollment 5-9

ConnectOnOpen

configuring 1

DialerDisconnect 5-6

DNS 5-11

EnableLog 5-6

EntrustIni 5-5

GUI 5-13

IncompatibleGinas 5-5

log class 5-9

LogLevel 5-9

MissingGroupDialog 5-5

Netlogin 5-12

RADIUS SDI 5-11

RunAtLogon 5-5

StatefulFirewall 5-6

StatefulFirewallAllowICMP 5-6

table 5-5

vpnclient command 8-7

vpnclient stat command

firewall 8-7

repeat 8-7

reset 8-7

route 8-7

traffic 8-7

tunneling 8-7

password_logo.png

Xauth dialog 10-2

pcf files

creating 5-22

distributing with VPN Client software 5-33

parameters 5-25

sample 5-24

PeerTimeout parameter (.pcf file) 5-29

personal firewall 1-17

personal firewalls

configuring for VPN Client

VPN Concentrator 1-17, 4-9

phase 2 IKE proposals 11-16

PKIs

supported 4-9, 5-14

Portable Network Graphic (PNG) files

list 10-1

preconfigured connection entry

distributing 5-33

preconfigured files 10-8

preconfiguring VPN Clients for remote users 5-1

pre-shared key authentication

certificate authentication 5-25

primary DNS suffix 5-19

printing by name on local LAN 1-21, 4-21

profile

connection entry 5-22

creating user 4-4

directory 5-2

Entrust 1-10, 4-23

file format 5-2

global 5-2

features controlled 5-2

parameters 5-4

sample 5-3

profile_logo.png

new/modify profile dialog 10-2

profiles

distributing 6-6

programmer notes

testing a connection 11-9

proposals

IKE 4-5, 11-13

phase 2 IKE 11-16

Public Key Infrastructure

see PKIs

Q

quick configuration 1-7

R

RADIUS SDI authentication

configuring 5-21

RadiusSDI parameter (.pfc file) 5-30

RADIUS SDI parameters 5-11

read-only parameters 5-2

rebootless client upgrade 1-4

rebranding the Client 10-1

registry

testing a connection 11-9

related documentation 1-xiv

remote access

IPSec tunnel group, configuring 3-5

tunnel group, configuring default 3-4

Remote Firewall

scenario 4-13

requirements, system 1-3

resetting counts 8-7

root certificates 9-2

routing information 8-7

RSA 11-13

rules

defining for CPP 4-15

RunAtLogon parameter (vpnclient.ini) 5-5

S

SA

adding 4-5

sample files

.pcf file 5-24

vpnclient.ini 5-3

SaveUserPassword parameter (.pfc file) 5-27

SDIUseHardwareToken parameter (.pfc file) 5-30

Security Agent, Cisco 3-26

security attributes, group policy 3-17

SendCertChain parameter 5-30

SetMTU utility 11-5

launching silently 10-7

SHA 11-13

silent install 10-1

MSI 10-7

silent installation 10-7

smart card authentication 1-12

software updates, getting 6-4

splash screen

splash_screen.png

splash_screen.png 10-1

splash screen, changing 10-1

Split DNS

enabling 5-31

split tunneling

group policy 3-20

group policy, domains 3-22

Start Before Logon

support 1-3

start before logon

gina files 11-8

starting a connection 8-2

stateful firewall (always on) 1-18, 4-10

StatefulFirewallAllowICMP parameter (vpnclient.ini) 5-6

StatefulFirewall parameter (vpnclient.ini) 5-6

status information

generating 8-7

Sygate Personal Firewall 3-26

firewall on remote PC 1-19, 4-11

Sygate Personal Firewall Pro

firewall on remote PC 1-19, 4-11

Sygate Security Agent

firewall on remote PC 1-19, 4-11

system information

Windows 98 11-1

Windows NT 11-3

system requirements 1-3

system security

protecting 5-24

T

TCP, enabling IPsec 1-14

TCPTunnelingPort parameter (.pcf file) 5-28

testing a connection 11-9

traffic information 8-7

transform 10-3

installing 10-7

troubleshooting

connectivity application 11-5

generating information 11-1

TunnelEstablished parameter in registry 11-9

tunnel group

configuring 3-4

creating 3-5

default, remote access, configuring 3-4

general parameters 3-2

IPSec parameters 3-3

name and type 3-5

remote-access, configuring 3-5

tunnel-group

general attributes 3-2

tunnel-group ISAKMP/IKE keepalive settings 3-3

tunneling information 8-7

TunnelingMode parameter (.pcf file) 5-28

U

UniCERT 4-9, 5-14

updated VPN Client software, getting 6-4

updating VPN Client software

all client types 6-1

automatically (Windows 2000 and Windows XP) 6-2

Linux 6-2

MAC OS X 6-2

Solaris 6-2

upgrade, rebootless client 1-4

upgrade notifications

configured on VPN Concentrator 4-19, 6-1

UseLegacyIKEPort parameter (.pfc file) 5-31

user certificates 9-1

user profiles

certificate

keywords 9-1

creating for distribution 5-22

creating in VPN Concentrator 4-4

location 5-2, 5-22

V

VAenableAlt 5-8

VerifyCertDN parameter (.pfc file) 5-30

verifying an auto initiation configuration 7-5, 8-5

verify operation 9-5

view operation 9-4

virtual adapter

method of initializing 5-8

VPN

address pool, configuring (group-policy) 3-24

VPN attributes, group policy 3-15

VPN Client

applications 1-xi

configuring 5-1

configuring, general 1-7

using 1-6

vpnclient.ini file

file format 5-2

sample 5-3

vpnclient_en.msi command 12-2

vpnclient commands

disconnect 8-6

displaying a list 8-1

notify 8-5

stat 8-7

firewall 8-7

repeat 8-7

reset 8-7

route 8-7

traffic 8-7

tunnel 8-7

verify autoinitconfig 8-5

VPN Client for Linux firewall, configuring 1-20

VPN Client GUI, customizing for Mac OS X 10-8

VPN Concentrator

configuring personal firewalls for VPN Client 1-17, 4-9

creating user profiles 4-4

W

welcome message, group policy 3-19

Windows 98

generating system information 11-3

shut down problem 11-5

Windows installer (MSI) 12-1

Windows NT or Windows 2000

generating system information 11-3

WINMSD utility

Windows NT or Windows 2000 11-3

X

Xauth dialog

password_logo.png 10-2

Z

Zone Alarm Firewall

firewall on remote PC 1-19, 4-11

Zone Alarm Pro Firewall

firewall on remote PC 1-19, 4-11

Zone Labs firewall 1-18

Zone Labs firewalls 3-26

	Cisco VPN Client Administrator Guide, Release 5.0
	Index
Cisco VPN Client Administrator Guide, Release 5.0 About This Guide Configuration Information for an Administrator Configuring the VPN Client Using ASDM Configuring VPN Client Parameters on the ASA Using CLI Configuring the VPN Client on a VPN 3000 Series Concentrator Preconfiguring the VPN Client for Remote Users Updating VPN Client Software on a VPN 3000 Concentrator Configuring Automatic VPN Initiation--Windows Only Using the VPN Client Command-Line Interface Managing Digital Certificates from the Command-Line Customizing the VPN Client Software Troubleshooting and Programmer Notes Windows Installer (MSI) Information Index	Download this chapter Index Download the complete book Whole book pdf file (PDF - 4 MB) Table Of Contents A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Z Index A activating an IKE proposal 4-5 adding an SA 4-5 AES 11-13 aggressive mode connections, disabling inbound 1-15 alerting peers before disconnecting 1-15 API 11-16 AppendOriginalSuffix Option parameter 5-21 ApplicationLauncher parameters 5-11 Application Program Interface 11-16 attribute-value pairs (AVP) 3-11 authenticaation mutual 1-13 authenticating, smart card 1-12 authentication mutual group authentication types 4-26 types 5-25 authentication parameters (.pcf file) 5-27 AuthType parameter (.pcf file) 5-25 auto initiation 7-5 AutoInitiationEnable (vpnclient.ini) 5-6, 7-3 AutoInitiationList (vpnclient.ini) 5-7, 7-3 AutoInitiationRetryInterval (vpnclient.ini) 7-3 AutoInitiationRetry IntervalType (vpnclient.ini) 5-7 AutoInitiationRetryIntervalType (vpnclient.ini) 7-3 AutoInitiationRetry Limit (vpnclient.ini) 5-7 configuring 7-1 connect parameter 7-3 creating in vpnclient.ini file 7-3 examples 7-4 excluding networks from 7-3 parameters 7-1 automatic browser configuration 1-22 configuring on VPN Concentrator 1-22, 4-22 autoupdating VPN Client software creating configuration file 6-5 creating profile distribution package 6-6 enabling on VPN Concentrator 6-3 how it works 6-7 managing 6-3 Windows 2000 and Windows XP 6-2 AYT firewall policy 1-19, 4-11 B backup server attributes, group policy 3-23 BackupServer parameter (.pcf file) 5-28 backup servers configured on VPN Concentrator for VPN Client 4-21 Baltimore Technologies 4-9, 5-14 banner message, group policy 3-19 BlackIce Defender firewall on remote PC 1-19, 4-11 Black Ice firewall 3-26 bluetooth, unsupported 1-3 browser, automatic configuration 1-22 browser proxy configuration 1-22, 4-22 bypassing DHCP server 5-8 bypassing installation of firewall files 1-5 C Centralized Protection Policy (CPP) 1-18, 4-11 certificate connecting 4-9, 5-14 contents 9-2 enrolling a CA 9-6 enrollment 9-2 PKI 4-9, 5-15 example 9-3 management 9-1 management operations 9-4 passwords 9-3 root 9-2 store 9-1 tags 9-4 user 9-1 certificate, Entrust 1-10 Certificate Authorities (CA) supported 4-9, 5-14 certificates enrollment IP address 5-10 parameters (vpnclient.ini) 5-9 Entrust 1-10, 4-23 group name requirement 4-5 organization unit field 4-5 parameters (.pcf files) 5-29 VPN Client connections configuring VPN concentrator 4-4 change password operation 9-6 changing method of initializing VA 5-8 changing the MTU size 11-5 Cisco Integrated Client scenario 4-13 VPN Client software 1-18, 4-10 Cisco Integrated Firewall 3-25 Cisco Security Agent 3-26 firewall on the remote PC 1-19, 4-11 client/server firewall 1-19, 4-11 client access rules, group policy 3-27 client firewall 1-17 client firewall, group policy 3-25 Client Update 6-3 client update on VPN Concentrator 6-3 client upgrade, rebootless 1-4 command-line interface error messages 8-11 minimum argument 9-1 command-line switches vpngui 11-10 commands msiexec 10-7, 12-2 logging options 12-3 vpnclient connect 8-2 disconnect 8-6 displaying a list 8-1 notify 8-5 stat 8-7 verify autoinitconfig 8-5 vpngui command-line switches 11-10 company logo logo.png 10-1 compression, IP 11-13 configuration parameters global profile 5-3 individual profiles 5-25 configurations client/server 4-16 configuring auto initiation 7-1 backup servers for VPN Client 4-21 browser proxy 1-22, 4-22 Entrust certificate 1-10, 4-23 local LAN access for VPN Client 1-20, 4-20 NAT-T 4-22 personal firewalls 1-17, 4-9 RADIUS SDI authentication 5-21 connected.png lock image on active connection entry 10-1 connecting from command line vpngui command 11-10 connection ending 8-6 getting status 8-7 profiles 5-22 starting with vpnclient command 8-2 testing 11-9 connection entry default 5-18 features controlled 5-23 file 5-24 preconfigured distributing 5-33 sample .pcf file 5-23 connection-specific DNS suffix 5-20 connect on open activating 5-18 ConnectOnOpen (vpnclient.ini) 5-8 continuous display (stat command) 8-7 CPP defining filters and rules 4-15 creating 10-3 connection profiles 5-22 Entrust profile 1-10, 4-23 global profile 5-2 IPSec group in VPN Concentrator 4-3 MSI transform 10-3 user profiles in VPN Concentrator 4-4 custom firewall 3-26 customizing the VPN Client GUI for Mac OS X 10-8 customizing VPN Client software 10-1 for MSI 10-3 D data formats 1-xvii default domain name, group policy 3-21 group policy 3-11 remote access tunnel group, configuring 3-4 default connection entry connect on open 5-8 default user profile 5-18 defining rules for firewalls 4-15 delete operation 9-5 DES 11-13 Description parameter (.pfc file) 5-25 DfltGrpPolicy 3-12 DH1 11-13 DH5 11-13 DHCP inbound traffic stateful firewall 1-18, 4-10 DHCP Intercept, configuring 3-22 DHCP server bypassing 5-8 DHGroup parameter (.pcf files) 5-30 DialerDisconnect parameter (vpnclient.ini) 5-6 directory profiles 5-2, 5-22 Disable Fast Shutdown option 11-5 disconnecting, alerting peers 1-15 displaying information continuously 8-7 notifications 8-5 route information 8-7 distributing new profiles 6-6 distributing preconfigured software 5-33 DNS parameters 5-11 DNS suffix connection-specific 5-20 primary 5-19 Windows platforms 5-19 documentation additional 1-xii cautions 1-xvii notes 1-xvii domain attributes, group policy 3-21 E elevated privileges (installing MSI) 12-1 EnableBackup parameter (.pcf file) 5-28 EnableISPConnect parameter (.pcf file) 5-26 EnableLocalLAN parameter (.pcf file) 5-29 EnableLog parameter (vpnclient.ini) 5-6 EnableNat parameter (.pcf file) 5-28 EnableSplitDNS parameter (.pfc file) 5-31 encGroupPwd parameter (.pcf file) 5-26 ending a connection 8-6 enroll file operation 9-6 enrolling in a PKI 4-9, 5-15 enrolling a CA for certificates 9-2, 9-6 enrollment keywords 9-7 enroll operation 9-5 enroll resume operation 9-6 Entrust Technologies 4-9, 5-15 Entrust certificates enabling VPN Client 1-10, 4-23 Entrust Entelligence certificate 1-10 EntrustIni parameter (vpnclient.ini) 5-5 error messages 8-11 errors reporting faultlog.txt file 11-2 ESP inbound traffic stateful firewall 1-18, 4-10 events severity 1 faultlog.txt file 11-2 excluding networks from auto initiation 7-3 export operation 9-5 F fallback mode 11-9 faultlog.txt file 11-2 files .pcf 5-22 .png 10-1 vpnclient.ini 5-2 sample 5-3 filters defining for CPP 4-15 firewall Black Ice 3-26 Cisco Integrated 3-25 Cisco Security Agent 3-26 CPP 1-18 custom 3-26 Network Ice 3-26 none 3-26 Sygate personal 3-26 Zone Labs 1-18, 3-26 firewall, personal 1-17 firewall files, bypassing installation 1-5 firewall information 8-7 firewall policy, group policy 3-25 firewalls AYT 1-19, 4-11 BlackIce Defender 1-19, 4-11 Cisco Integrated Client 1-18, 4-10 Cisco Security Agent 1-19, 4-11 client/server configuring 4-16 configurations group 4-16 matching 1-18, 4-10 scenarios 4-13 CPP 4-11 custom 4-17 defining filters and rules 4-15 Integrity Server 1-19, 4-11 notifications during negotiations 4-18 personal firewall enforcement on remote PC 1-19, 4-11 requiring 1-17, 4-10 stateful on VPN Client 1-18, 4-10 Sygate Personal Firewall 1-19, 4-11 Sygate Personal Firewall Pro 1-19, 4-11 Sygate Security Agent 1-19, 4-11 Zone Alarm Firewall 1-19, 4-11 Zone Alarm Pro Firewall 1-19, 4-11 ForceNetlogin parameter (.pfc file) 5-31 formats data 1-xvii FQDN (fully qualified domain name) 9-2 fragmentation preventing 11-5 G general attributes, tunnel group 3-2 general parameters, tunnel group 3-2 general tunnel-group connection parameters 3-2 global profile creating 5-2 graphics, rebranding 10-1 GroupName parameter (.pcf file) 5-26 group policy address pools 3-24 attributes 3-14 backup server attributes 3-23 client access rules 3-27 configuring 3-14 default domain name for tunneled packets 3-21 definition 3-11 domain attributes 3-21 firewall policy 3-25 internal, configuring 3-14 IPSec over UDP attributes 3-19 security attributes 3-17 split tunneling attributes 3-20 split-tunneling domains 3-22 VPN attributes 3-15 group policy, default 3-11 GroupPwd parameter (.pcf file) 5-26 GUI parameters 5-13 H hash 9-2 help files, Japanese 1-5 HKEY_LOCAL_MACHINE 11-9 Host parameter (.pcf file) 5-25 I icons connected.ico 10-3 disconnecting.ico 10-3 unconnected.ico 10-3 ID method, determining 1-15 IKE identification methods 1-15 keepalives 1-16 keepalive setting, tunnel group 3-3 IKE, configuring 1-13 IKE proposals activating 4-5 list 11-13 phase 2 11-16 import operation 9-5 incompatible ginas adding 11-9 fallback mode 11-9 start before logon feature 11-8 IncompatibleGinas parameter (vpnclient.ini file) 5-5 initializing VA changing method 5-8 Installation MSI requirements 12-1 installation automatic 10-1 installer package 10-8 installing MSI transform 10-7 Integrity Server firewall configuring 4-16 feature description 1-19, 4-11 intercept DHCP, configuring 3-22 internal group policy, configuring 3-14 IP addresses certificate enrollment 5-10 IP compression 11-13 IPSec over UDP, group policy, configuring attributes 3-19 remote-access tunnel group 3-5 IPsec concepts 1-1 IPSec group creating on VPN Concentrator 4-3 IPSec log file troubleshooting firewall configurations 4-17 IPSec parameters, tunnel group 3-3 ipsec-ra, creating an IPSec remote-access tunnel 3-5 ISAKMP keepalive setting, tunnel group 3-3 ISAKMP, configuring 1-13 ISPCommand parameter (.pcf file) 5-27 ISPConnect parameter (.pcf file) 5-26 ISPConnectType parameter (.pcf file) 5-26 J Japanese help files 1-5 K key size 9-2 keywords for enrollment operations 9-7 L Legacy IKE Port changing 5-31 Linux Client firewall, configuring 1-20 list operation 9-4 LMHOSTS file 1-21, 4-21 local LAN access configuring 1-20, 4-20 local LAN access, configuring 1-20 lock image next to active connection entry 10-1 logging during MSI installation 12-3 LogLevel parameter 5-9 logo, rebranding 10-1 logo.png 10-1 log parameters (vpnclient.ini) 5-9 M Mac OS X customizing the Client GUI 10-8 making a parameter read only 5-2 managing autoupdates 6-3 matching firewall configurations 1-18, 4-10 maximum transmission unit see MTU setting MD5 11-13 Microsoft Certificate Services 4-9, 5-15 Windows 2000 4-9, 5-15 Microsoft Windows Installer (MSI) 12-1 MissingGroupDialog parameter (vpnclient.ini) 5-5 MSI 12-1 launching 12-2 logging during installation 12-3 silent install 10-7 msiexec command 10-7 MSI transform customizing VPN Client 10-3 installing 10-7 MSLogonType parameter (.pcf file) 5-28 MTU setting affects of 11-5 changing 11-5 mutual authentication 5-25 mutual group authentication 1-13, 4-26 N NAT-T, enabling IPsec 1-14 NAT Transparency (NAT-T) configuring on VPN Concentrator 4-22 Net login forcing 5-31 Netlogin parameters 5-12 Network Ice firewall 3-26 new/modify profile dialog profile_logo.png 10-2 new_update_config.ini file parameters (table) 6-5 new connection entries distributing 6-6 notifications displaying 8-5 firewalls 4-18 upgrade 4-19, 6-1 notify command 8-5 NTDomain parameter (.pfc file) 5-27 O operations for certificate management 9-4 Organization 10-1 organizational unit field in certificate 4-5 organization logo logo.png file 10-1 P parameters global table 5-5 peer timeout (.pcf file) 5-29 profile (.pcf) authentication 5-27 AuthType 5-25 BackupServer 5-28 certificate parameters 5-29 Description 5-25 DHGroup 5-30 EnableISPConnect 5-26 EnableLocalLAN 5-29 EnableMSLogon 5-28 EnableNat 5-28 EnableSplitDNS 5-31 encGroupPwd 5-26 ForceNetlogin 5-31 GroupName 5-26 GroupPwd 5-26 Host 5-25 ISPCommand 5-27 ISPConnect 5-26 ISPConnectType 5-26 MSLogonType 5-28 NTDomain 5-27 PeerTimeout 5-29 RadiusSDI 5-30 SaveUserPassword 5-27 SDIUseHardwareToken 5-30 SendCertChain 5-30 TCPTunnelingPort 5-28 TunnelingMode 5-28 UseLegacyIKEPort 5-31 VerifyCertDN 5-30 read only 5-2 vpnclient.ini AppendOriginalSuffixOption 5-21 ApplicationLauncher 5-11 AutoInitiationEnable 5-6 AutoInitiationList 5-7 AutoInitiationRetrylLimit 5-7 AutoInitiationRetryType 5-7 certificate enrollment 5-9 ConnectOnOpen configuring 1 DialerDisconnect 5-6 DNS 5-11 EnableLog 5-6 EntrustIni 5-5 GUI 5-13 IncompatibleGinas 5-5 log class 5-9 LogLevel 5-9 MissingGroupDialog 5-5 Netlogin 5-12 RADIUS SDI 5-11 RunAtLogon 5-5 StatefulFirewall 5-6 StatefulFirewallAllowICMP 5-6 table 5-5 vpnclient command 8-7 vpnclient stat command firewall 8-7 repeat 8-7 reset 8-7 route 8-7 traffic 8-7 tunneling 8-7 password_logo.png Xauth dialog 10-2 pcf files creating 5-22 distributing with VPN Client software 5-33 parameters 5-25 sample 5-24 PeerTimeout parameter (.pcf file) 5-29 personal firewall 1-17 personal firewalls configuring for VPN Client VPN Concentrator 1-17, 4-9 phase 2 IKE proposals 11-16 PKIs supported 4-9, 5-14 Portable Network Graphic (PNG) files list 10-1 preconfigured connection entry distributing 5-33 preconfigured files 10-8 preconfiguring VPN Clients for remote users 5-1 pre-shared key authentication certificate authentication 5-25 primary DNS suffix 5-19 printing by name on local LAN 1-21, 4-21 profile connection entry 5-22 creating user 4-4 directory 5-2 Entrust 1-10, 4-23 file format 5-2 global 5-2 features controlled 5-2 parameters 5-4 sample 5-3 profile_logo.png new/modify profile dialog 10-2 profiles distributing 6-6 programmer notes testing a connection 11-9 proposals IKE 4-5, 11-13 phase 2 IKE 11-16 Public Key Infrastructure see PKIs Q quick configuration 1-7 R RADIUS SDI authentication configuring 5-21 RadiusSDI parameter (.pfc file) 5-30 RADIUS SDI parameters 5-11 read-only parameters 5-2 rebootless client upgrade 1-4 rebranding the Client 10-1 registry testing a connection 11-9 related documentation 1-xiv remote access IPSec tunnel group, configuring 3-5 tunnel group, configuring default 3-4 Remote Firewall scenario 4-13 requirements, system 1-3 resetting counts 8-7 root certificates 9-2 routing information 8-7 RSA 11-13 rules defining for CPP 4-15 RunAtLogon parameter (vpnclient.ini) 5-5 S SA adding 4-5 sample files .pcf file 5-24 vpnclient.ini 5-3 SaveUserPassword parameter (.pfc file) 5-27 SDIUseHardwareToken parameter (.pfc file) 5-30 Security Agent, Cisco 3-26 security attributes, group policy 3-17 SendCertChain parameter 5-30 SetMTU utility 11-5 launching silently 10-7 SHA 11-13 silent install 10-1 MSI 10-7 silent installation 10-7 smart card authentication 1-12 software updates, getting 6-4 splash screen splash_screen.png splash_screen.png 10-1 splash screen, changing 10-1 Split DNS enabling 5-31 split tunneling group policy 3-20 group policy, domains 3-22 Start Before Logon support 1-3 start before logon gina files 11-8 starting a connection 8-2 stateful firewall (always on) 1-18, 4-10 StatefulFirewallAllowICMP parameter (vpnclient.ini) 5-6 StatefulFirewall parameter (vpnclient.ini) 5-6 status information generating 8-7 Sygate Personal Firewall 3-26 firewall on remote PC 1-19, 4-11 Sygate Personal Firewall Pro firewall on remote PC 1-19, 4-11 Sygate Security Agent firewall on remote PC 1-19, 4-11 system information Windows 98 11-1 Windows NT 11-3 system requirements 1-3 system security protecting 5-24 T TCP, enabling IPsec 1-14 TCPTunnelingPort parameter (.pcf file) 5-28 testing a connection 11-9 traffic information 8-7 transform 10-3 installing 10-7 troubleshooting connectivity application 11-5 generating information 11-1 TunnelEstablished parameter in registry 11-9 tunnel group configuring 3-4 creating 3-5 default, remote access, configuring 3-4 general parameters 3-2 IPSec parameters 3-3 name and type 3-5 remote-access, configuring 3-5 tunnel-group general attributes 3-2 tunnel-group ISAKMP/IKE keepalive settings 3-3 tunneling information 8-7 TunnelingMode parameter (.pcf file) 5-28 U UniCERT 4-9, 5-14 updated VPN Client software, getting 6-4 updating VPN Client software all client types 6-1 automatically (Windows 2000 and Windows XP) 6-2 Linux 6-2 MAC OS X 6-2 Solaris 6-2 upgrade, rebootless client 1-4 upgrade notifications configured on VPN Concentrator 4-19, 6-1 UseLegacyIKEPort parameter (.pfc file) 5-31 user certificates 9-1 user profiles certificate keywords 9-1 creating for distribution 5-22 creating in VPN Concentrator 4-4 location 5-2, 5-22 V VAenableAlt 5-8 VerifyCertDN parameter (.pfc file) 5-30 verifying an auto initiation configuration 7-5, 8-5 verify operation 9-5 view operation 9-4 virtual adapter method of initializing 5-8 VPN address pool, configuring (group-policy) 3-24 VPN attributes, group policy 3-15 VPN Client applications 1-xi configuring 5-1 configuring, general 1-7 using 1-6 vpnclient.ini file file format 5-2 sample 5-3 vpnclient_en.msi command 12-2 vpnclient commands disconnect 8-6 displaying a list 8-1 notify 8-5 stat 8-7 firewall 8-7 repeat 8-7 reset 8-7 route 8-7 traffic 8-7 tunnel 8-7 verify autoinitconfig 8-5 VPN Client for Linux firewall, configuring 1-20 VPN Client GUI, customizing for Mac OS X 10-8 VPN Concentrator configuring personal firewalls for VPN Client 1-17, 4-9 creating user profiles 4-4 W welcome message, group policy 3-19 Windows 98 generating system information 11-3 shut down problem 11-5 Windows installer (MSI) 12-1 Windows NT or Windows 2000 generating system information 11-3 WINMSD utility Windows NT or Windows 2000 11-3 X Xauth dialog password_logo.png 10-2 Z Zone Alarm Firewall firewall on remote PC 1-19, 4-11 Zone Alarm Pro Firewall firewall on remote PC 1-19, 4-11 Zone Labs firewall 1-18 Zone Labs firewalls 3-26
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.