Table of Contents

Index

Numerics

802.11x networks

wireless LANs     5-14

A

accessing local LAN     4-8

adapter card for network     2-2

adding

backup servers     4-9

connection entry     4-2

address

VPN device     4-3

Administrator privileges     2-1

AES (Advanced Encryption Standard)     1-7

aggressive mode     1-6

algorithms

data compression     1-7

encryption     1-7

Application Launcher     7-2

Are You There see AYT firewall policy

authentication

algorithms     1-6

certificate     2-2, 4-4

Entrust     4-5

extended     1-7

information

connection status     5-21

internal server     5-5

methods     5-4

mode     1-7

NT Domain

dialog box     5-5

domain name     5-6

password     5-6

username     5-6

RADIUS     5-5

RSA

next cardcode     5-9

passcode     5-7

PIN     5-7

username     5-7

SecurID     5-6

smart card     5-12

SoftID     5-6

auto initiation

authenticating     5-16

changing option values     5-18

connection failures     5-20

connection profile     5-15

disabling     5-18, 7-6

disabling while suspended     5-19

disconnecting     5-18

enabling     5-19, 7-6

managing     7-6

restarting     5-19

resuming     5-17

retry interval     7-6

suspending     5-17

using     5-14

Automatic VPN Initiation option     7-6

AYT (Are You There) firewall policy     5-24

AYT firewall policy     5-24, 5-25

B

backup servers

adding     4-9

disabling     4-11

enabling     4-9

removing     4-10

Baltimore Technologies     5-9

base 64 encoded file type     6-6

binary encoded file type     6-6

C

cable

connection     1-2

modem     1-2, 5-3

CA certificates     6-3

Centralized Protection Policy (CPP) firewall policy     5-24

Centralized Protection Policy see CPP firewall policy

certificate

changing password     6-13

completing enrollment form     6-3

connecting     5-9

deleting     6-13

enrollment

file types     6-6

PKI     5-10

with CA     6-3

Entrust     4-5

expiring     5-10

exporting     6-14

importing     6-10

managing     6-8

name     4-2, 4-4, 5-1

peer     1-5

stores     6-2

verifying     6-12

viewing     6-9

Certificate Authorities (CA)

CA certificates tab     6-3

certificate     2-2

supported     5-9

Certificate Manager

overview     6-1

changing

certificate password     6-13

password on an enrollment request     6-17

Cisco certificate store     6-2

classes that generate events     7-12

clearing events display     7-14

Client/Server policy

firewalls     5-24, 5-28

Client IP address in connection status     5-21

closing the VPN Client     5-29

common name in certificate enrollment     6-4

company in certificate enrollment     6-4

completing an enrollment request     6-18

compression algorithm

LZS compression     5-22

connecting

before logon     7-4

to private network     5-3, 5-4

to the internet

via Dial-Up Networking     4-11

to the internet via Dial-Up Networking     5-3

with certificate     5-1

connection

LAN     1-2

network

direct     2-2

statistics

packets bypassed     5-22

packets decrypted     5-22

packets discarded     5-22

packets encrypted     5-22

resetting     5-29

status

local LAN routes list     5-23

secure associations     5-23

transparent tunneling     5-22

viewing     5-20

technologies     1-2

connection entry

creating     4-2

preconfigured     4-1

profile     4-2

connection types     1-2

copyrights and licenses     1

country code in certificate enrollment     6-4

CPP firewall policy     5-24, 5-26

creating

connection entry     4-2

D

data

formats     xii

data compression     1-7

Dead Peer Detection

see DPD

deleting

certificate     6-13

enrollment request     6-17

department in certificate enrollment     6-4

DHCP request     1-4

DHCP traffic

stateful firewall always on     7-2

Dial-Up Networking

closing before uninstall     7-18

connecting     4-11, 5-3

dial-up modem     1-2

disabling     4-12

enabling     4-12

icon on taskbar     5-4

phonebook entries     4-12

programs

third party     4-12

User Information dialog box     5-3

Diffie-Hellman groups     1-7

Digital Subscriber Line

see DSL

direct network connection     2-2

disabling

application launch before startup     7-5

automatic disconnect when logging off Windows NT     7-5

backup servers     4-11

Dial-Up Networking     4-12

local LAN access     4-8

third party dial-up     4-12

disconnecting

automatic     7-5

private network     5-29

displaying

help     3-12

software version     3-12

DNS server     1-4

documentation

cautions     xii

notes     xii

domain

name

certificate enrollment     6-4

NT Domain authentication     5-6

DPD

adjusting peer time out     4-9

keep alive mechanism

DSL

connection technology     1-2

modem     1-2, 5-3

DUN phonebook entries     4-12

E

e-mail address in certificate enrollment     6-4

enabling

auto initiation     7-6

backup servers     4-9

local LAN access     4-8

logging on to Microsoft Network     4-6

start before logon     7-4

stateful firewall     7-1

transparent tunneling     4-7

encryption

connection status     5-21

encryption algorithm     1-7

enrolling

certificates     6-3

file request     6-6

in a PKI     5-10

enrollment request

changing password     6-17

completing     6-18

deleting     6-17

form     6-3

managing     6-15

pasting     6-6

viewing     6-16

Entrust

certificate

configuring     4-5

connecting with     5-10

SignOn

using with start before logon     5-12

Technologies     5-9

Erase User Password option     5-5

ESP

protocol

transparent tunneling     4-7

traffic

stateful firewall always on     7-2

etoken

connecting with     5-12

events

classes     7-12

setting logging levels     7-11

severity levels     7-12

viewing and managing     7-7

exiting the VPN Client     5-29

exporting a certificate     6-14

extended authentication     1-7

F

F1 key

displaying help     3-12

features

IPSec     1-6

program     1-3

VPN Client     1-2

file types for certificate enrollment     6-6

filtering

events     7-11

firewalls     5-26

firewalls     5-27

AYT policy     5-24

AYT tab     5-25

Client/Server policy     5-24, 5-28

configured on concentrator     5-24

CPP     5-24

CPP firewall policy     5-26

filtering     5-26

ICMP protocol     5-27

listed on Firewall tab     5-24

matching     7-15

notifications     7-15

policies     5-24

policy listed     5-24

rules     5-26

stateful     7-1

status     5-25

status screen     5-24

tab on status screen     5-24

TCP protocol     5-27

UDP protocol     5-27

formats

data     xii

G

generating events

classes     7-12

H

hard disk space requirement     2-2

help

displaying     3-12

F1 key     3-12

from program menu     3-12

hostname

VPN device     4-3

I

IANA protocol numbers     5-27

ICMP protocol

firewalls     5-27

icons

Dial-Up Networking     5-4

VPN Client

viewing when connected     5-14

IKE keepalives     1-6

IKE protocol     1-2

importing

certificate file     6-10

inactivity timeout (Entrust)     5-10

installing

media requirements     2-2

installing VPN Client

InstallShield     2-3

MSI     2-4

process     2-1

interface card for network     2-2

internal server

authentication     5-5

internet

connecting via Dial-Up Networking     4-11, 5-3

Internet Key Management protocol

see IKE

Internet Protocol Security

see IPSec

IOS

platform devices supported     x

IP address

certificate enrollment     6-4

server     5-21

VPN device     4-3

IPSec

attributes     1-6

features     1-6

over TCP     4-8

over UDP     4-8

protocol     1-2

transparent tunneling

connection status     5-22

ISDN

connection technology     1-2

modem     5-3

ISP

password     5-4

username     5-4

K

keepalives     1-6

L

LAN connection     1-2

launching an application     7-2, 7-5

licenses and copyrights     1

local LAN access     1-3, 4-8

connection status     5-23

log display

clearing     7-14

log file

saving     7-13

searching     7-13

log settings

filtering events     7-11

logging levels     7-11

LZS compression     5-22

M

main mode     1-6

maintenance dialog

MSI     2-7

main VPN Client window     3-3

managing

auto initiation     7-6

certificates     6-1, 6-8

enrollment request     6-15

event log     7-7

matching firewall configurations     7-15

menu

connection entries     3-5

main     3-4

Microsoft

Certificate Services     5-10

certificate store     6-2

Windows 2000     5-10

Windows Installer (MSI)

installing VPN Client     2-4

mode

aggressive     1-6

authentication     1-7

configuration     1-7

tunnel encapsulation     1-7

modems

cable     1-2, 5-3

dial-up     1-2

DSL     1-2, 5-3

ISDN     5-3

requirement     2-2

MSI     2-4

installation     2-4

maintenance dialog     2-7

repair dialog     2-7

MTU size     1-3

N

NAT     4-7

NAT Transparency     1-3

network

adapter or interface card     2-2

connection

direct     2-2

Network Address Translation     4-7

notifications

firewall     7-15

upgrade     7-15

VPN device     7-14

NT Domain authentication     5-5

domain name     5-6

password     5-6

username     5-6

NT features

logon     7-4

O

options

Application Launcher     7-2

auto disconnect     7-5

Automatic VPN Initiation     7-6

start before logon     7-4

Stateful Firewall (Always on)     7-1

Windows

Logon Properties     7-3

Options menu     4-7

organizational unit in certificate enrollment     6-4

organization of this manual     ix

P

packets

bypassed     5-22

decrypted     5-22

discarded     5-22

encrypted     5-22

passcode

RSA authentication     5-7

passwords

enrollment request

changing     6-17

erasing     5-5

expiration     5-6

internal server authentication     5-5

invalid     5-5

ISP logon     5-4

NT Domain authentication     5-6

personal certificate     6-13

private key     5-1

RADIUS authentication     5-5

saving     5-5

PAT     4-7

peer certificate     1-5

peer response timeout

adjusting     4-9

personal firewall see firewalls

phonebook entries

DUN     4-12

PIN

RSA authentication     5-7

PKCS10 format     6-6

PKIs

supported     2-2, 5-9

Plain Old Telephone Service

see POTS

Port Address Translation     4-7

POTS

connection technology     1-2

preconfigured connection entry     4-1

private key password     5-1

private network

connecting     5-3, 5-4

disconnecting     5-29

privileges required for

installing VPN Client     2-1

profile

connection entry     4-2

Entrust     4-5

roaming     7-6

program features     1-3

protocol     1-2

Protocol 50 (ESP) traffic     4-7

protocol numbers     5-27

protocols

DPD

ESP     4-7

ICMP     5-27

IKE     1-2

IPSec     1-2, 4-8

TCP     4-7, 5-27

UDP     4-7, 5-27

Public Key Infrastructure

see PKIs

Q

quitting the VPN Client     5-29

R

RADIUS authentication

password     5-5

procedure     5-5

username     5-5

RAM requirements     2-2

remote access connection

closing before uninstall     7-18

removing

backup servers     4-10

the VPN Client

InstallShield     7-18

repair dialog

MSI     2-7

requirements

system     2-1

resetting connection statistics     5-29

restarting your computer after installation     2-4

retry interval

auto initiation     7-6

roaming profiles     7-6

RSA (formerly SDI)

authentication     5-6

Next Cardcode     5-9

passcode     5-6

PIN     5-7

rules

firewalls     5-26

S

Save Password option     5-5

saving a log file     7-13

SCEP (Cisco store)     6-2

searching log file     7-13

secure associations     5-23

secure gateway

address     4-3

notifications to client     7-14

SecurID authentication     5-6

Server IP address

connection status     5-21

setting logging levels     7-11

Severity levels in events     7-12

Simple Certificate Enrollment Protocol

see SCEP

smart card

connecting with     5-12

connection entry

configuring     4-5

products supported     4-5

SoftID authentication     5-6

software license agreement     1

software token applications

launching from VPN Dialer     7-2

split tunneling     1-6

start before logon

configuring     7-4

using with Entrust SignOn     5-12

starting the VPN Dialer

connecting to private network     4-2, 5-2

stateful firewall

always on     7-1

DHCP traffic     7-2

transparent tunneling     4-7

state in certificate enrollment     6-4

statistics

local LAN routes     5-23

status

firewall     5-25

stopping the VPN Dialer     5-29

stores

certificate     6-2

system requirements     2-1

T

TCP/IP requirement     2-2

TCP protocol

firewalls     5-27

transparent tunneling     4-7

third party dial-up program     4-12

transparent tunneling     1-6

enabling     4-7

stateful firewall     4-7

tunnel

definition     1-2

negotiation     5-4

transparent     4-7

tunneling

encapsulation mode     1-7

protocol     1-3

split     1-6

U

UDP protocol

firewalls     5-27

transparent tunneling     4-7

UniCERT     5-9

uninstalling the VPN Client

InstallShield     7-18

upgrade notification     7-15

upgrading VPN Client software

using InstallShield     7-16

using MSI     7-17

user authentication     1-3, 1-5, 5-4

username

internal server authentication     5-5

ISP logon     5-4

NT Domain authentication     5-6

RADIUS authentication     5-5

RSA authentication     5-7

V

verifying a certificate     6-12

version

VPN Client

displaying     3-12

viewing

certificate     6-9

connection status     5-20

enrollment request     6-16

Virtual Private Network (VPN)

defined     1-1

VPN

defined     1-1

VPN Client

applications     1-1

event log     7-7

features     1-2

installing     2-1

menus     3-4

software updates     7-16, 7-17

version     3-12

window     3-3

VPN Client version 3.6

removing     2-7

VPN device

authentication using internal server     5-5

backup     4-9

Cisco     1-1

DPD     4-9

hostname     4-3

IP address     4-3

notifications     7-14

VPN Dialer

closing     5-29

main dialog box     4-2

W

Windows

NT logon properties     7-3

platforms requirement     2-1

window settings     3-2, 3-9

WLANs

auto initiation     5-14

X

X.509 DER file     6-6

XAUTH (extended authentication)     1-7

Z

Zone Labs Integrity     5-24, 5-28