Cisco VPN 5000 User Manual
Cisco VPN 5000 Client User Guide
for Mac OS X
Version 5.2.x
March 2002
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: OL-1446-02
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT
ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR
THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION
PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO
LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as
part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE
PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED
OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL
DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
CIP, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet Quotient, iQ
reakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice
AN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest Way to Increase
our Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA,
CNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco
ystems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA,
he Networkers logo, Network Registrar, Pack et , PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe,
eleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
ll other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a
artnership relationship between Cisco and any other company. (0201R)
Copyright ©2002, Cisco Systems, Inc.
All rights reserved.
About This Guide vii
Contents vii
Obtaining Documentation viii
World Wide Web viii
Documentation CD-ROM viii
Ordering Documentation viii
Documentation Feedback ix
Obtaining Technical Assistance ix
Cisco.com ix
Technical Assistance Center x
Contacting TAC by Using the Cisco TAC Website x
Contacting TAC by Telephone xi
CONTENTS
CHAPTER
CHAPTER
CHAPTER
OL-1446-02
1 Introduction to the Cisco VPN 5000 Client 1-1
Features 1-1
2 Installing the Cisco VPN 5000 Client 2-1
Contents 2-1
Uninstalling the VPN Client for Mac OS X 2-1
System Requirements 2-2
Installing the Software 2-2
3 Running the Cisco VPN 5000 Client 3-1
Contents 3-1
Cisco VPN 5000 Client User Guide for Mac OS X
iii
Contents
Setting Up a Login 3-1
Setting Up Digital Certificates 3-4
Manual Certificates 3-4
User Certificates 3-5
Requesting Certificates from a Certificate Authority 3-7
Connecting to the VPN Concentrator 3-8
Connecting After Startup and Login 3-8
Disconnecting the VPN Client 3-9
Configuration File Description 3-9
CHAPTER
4 Cisco VPN 5000 Client User Interface 4-1
Contents 4-1
VPN Client Window 4-1
Configurations Tab 4-2
Network Interface 4-3
Advanced Configuration Properties Dialog Box 4-4
Login Properties Dialog Box 4-5
Advanced Login Properties Dialog Box 4-8
Logging Tab 4-9
General Tab 4-11
Certificates Tab 4-12
Request Root Certificate Dialog Box 4-14
Request User Certificate Dialog Box 4-15
Digital Certificate Information Window 4-16
About Tab 4-19
Help Tab 4-20
Security Prompts 4-20
VPN Encryption Password 4-21
Prompt for Secret 4-21
iv
Cisco VPN 5000 Client User Guide for Mac OS X
OL-1446-02
RADIUS Login 4-22
SecurID Challenge 4-24
Changing the SecurID Passcode 4-26
File Menu 4-26
Contents
APPENDIX
A Configuration File Keywords A-1
VPN Partner Aliases A-1
VPN User A-2
VPN General Section A-4
VPN Root Cert A-4
Example Configuration File A-5
OL-1446-02
Cisco VPN 5000 Client User Guide for Mac OS X
v
Contents
vi
Cisco VPN 5000 Client User Guide for Mac OS X
OL-1446-02
Contents
About This Guide
This guide provides users and administrators with information about the
Cisco VPN 5000 Client software for the Mac OS X operating system.
This guide contains the following chapters and appendixes:
• Chapter 1, “Introduction to the Cisco VPN 5000 Client.” This chapter
describes how the VPN client works, including its main features.
OL-1446-02
• Chapter 2, “Installing the Cisco VPN 5000 Client.” This chapter describes
how to install the VPN client software.
• Chapter 3, “Running the Cisco VPN 5000 Client.” This chapter describes
how to operate the VPN client.
• Chapter 4, “Cisco VPN 5000 Client User Interface.” This chapter describes
the windows and features of the VPN client.
• Appendix A, “Configuration File Keywords.” This appendix lists acceptable
section names and keywords for editing the configuration file.
• Index
Cisco VPN 5000 Client User Guide for Mac OS X
vii
Obtaining Documentation
Obtaining Documentation
The following sections provide sources for obtaining documentation from Cisco
Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at
the following sites:
• http://www.cisco.com
• http://www-china.cisco.com
• http://www-europe.cisco.com
Documentation CD-ROM
Cisco documentation and additional literature are available in a CD-ROM
package, which ships with your product. The Documentation CD-ROM is updated
monthly and may be more current than printed documentation. The CD-ROM
package is available as a single unit or as an annual subscription.
About This Guide
Ordering Documentation
Cisco documentation is available in the following ways:
• Registered Cisco Direct Customers can order Cisco Product documentation
from the Networking Products MarketPlace:
http://www.cisco.com/cgi-bin/order/order_root.pl
• Registered Cisco.com users can order the Documentation CD-ROM through
the online Subscription Store:
http://www.cisco.com/go/subscription
• Nonregistered Cisco.com users can order documentation through a local
account representative by calling Cisco corporate headquarters (California,
USA) at 408 526-7208 or, in North America, by calling 800
553-NETS (6387).
Cisco VPN 5000 Client User Guide for Mac OS X
viii
OL-1446-02
About This Guide
Documentation Feedback
If you are reading Cisco product documentation on the World Wide Web, you can
submit technical comments electronically. Click Feedback in the toolbar and
select Documentation. After you complete the form, click Submit to send it to
Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover
of your document, or write to the following address:
Attn Document Resource Connection
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
Obtaining Technical Assistance
Cisco.com
OL-1446-02
Cisco provides Cisco.com as a starting point for all technical assistance.
Customers and partners can obtain documentation, troubleshooting tips, and
sample configurations from online tools. For Cisco.com registered users,
additional troubleshooting tools are available from the TAC website.
Cisco.com is the foundation of a suite of interactive, networked services that
provides immediate, open access to Cisco information and resources at anytime,
from anywhere in the world. This highly integrated Internet application is a
powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and
partners streamline business processes and improve productivity. Through
Cisco.com, you can find information about Cisco and our networking solutions,
services, and programs. In addition, you can resolve technical issues with online
technical support, download and test software packages, and order Cisco learning
materials and merchandise. Valuable online skill assessment, training, and
certification programs are also available.
Cisco VPN 5000 Client User Guide for Mac OS X
ix
Obtaining Technical Assistance
Customers and partners can self-register on Cisco.com to obtain additional
personalized information and services. Registered users can order products, check
on the status of an order, access technical support, and view benefits specific to
their relationships with Cisco.
To access Cisco.com, go to the following website:
http://www.cisco.com
Technical Assistance Center
The Cisco TAC website is available to all customers who need technical assistance
with a Cisco product or technology that is under warranty or covered by a
maintenance contract.
Contacting TAC by Using the Cisco TAC Website
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC
by going to the TAC website:
About This Guide
http://www.cisco.com/tac
P3 and P4 level problems are defined as follows:
• P3—Your network performance is degraded. Network functionality is
noticeably impaired, but most business operations continue.
• P4—You need information or assistance on Cisco product capabilities,
product installation, or basic product configuration.
In each of the above cases, use the Cisco TAC website to quickly find answers to
your questions.
To register for Cisco.com, go to the following website:
http://www.cisco.com/register/
If you cannot resolve your technical issue by using the TAC online resources,
Cisco.com registered users can open a case online by using the TAC Case Open
tool at the following website:
http://www.cisco.com/tac/caseopen
Cisco VPN 5000 Client User Guide for Mac OS X
x
OL-1446-02
About This Guide
Contacting TAC by Telephone
If you have a priority level 1 (P1) or priority level 2 (P2) problem, contact TAC
by telephone and immediately open a case. To obtain a directory of toll-free
numbers for your country, go to the following website:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
P1 and P2 level problems are defined as follows:
• P1—Your production network is down, causing a critical impact to business
operations if service is not restored quickly. No workaround is available.
• P2—Your production network is severely degraded, affecting significant
aspects of your business operations. No workaround is available.
Obtaining Technical Assistance
OL-1446-02
Cisco VPN 5000 Client User Guide for Mac OS X
xi
Obtaining Technical Assistance
About This Guide
xii
Cisco VPN 5000 Client User Guide for Mac OS X
OL-1446-02
CHAPTER
1
Introduction to the
Cisco VPN 5000 Client
The Cisco VPN 5000 Client connects a remote user to a corporate network.
The user connects to a local Internet Service Provider (ISP). Then, using the
VPN client, the user connects to the VPN concentrator Internet IP address to
create a secure tunnel for passing IP packets between the remote user and the
corporate network.
The VPN client encapsulates the data in a routable IP packet and encrypts it using
the IP Security (IPSec) Protocol.
The corporate server or concentrator authenticates the user, decrypts and
authenticates the IPSec packet, and translates the source address in the packets to
an address recognized on the corporate network. This address is used for all traffic
sent from the corporate network to the remote user for the duration of the
connection.
Features
OL-1446-02
The VPN client distinguishes between tunneled and nontunneled traffic and,
depending on your concentrator configuration, allows simultaneous access to the
corporate network and to Internet resources.
Cisco VPN 5000 Client User Guide for Mac OS X
1-1
Features
Chapter 1 Introduction to the Cisco VPN 5000 Client
Cisco VPN 5000 Client software is available for the Macintosh operating system,
Version 10.0, or Mac OS X.
The VPN client communicates over PPP links (including dialup and ISDN) and
over Internet-attached Ethernet connections (including DSL and cable modem).
Table 1-1 describes the VPN client features.
Table 1-1 VPN Client Features
Feature Description
Operating systems Mac OS X Version 10.0.0 to 10.1.
Connection types
Protocols
Tunnel protocol IPSec
User authentication
• PPP, including dialup and ISDN
• Ethernet, including DSL and cable modem
• IP
• RADIUS
• RSA SecurID
1-2
• Axent Defender
• PKI user certificates (Entrust and
RSA Security CAs only)
Cisco VPN 5000 Client User Guide for Mac OS X
OL-1446-02
Contents
CHAPTER
2
Installing the Cisco VPN 5000 Client
This chapter describes how to install and uninstall the Cisco VPN 5000 Client on
your computer for the Macintosh operating system Version 10.0, or Mac OS X.
You can obtain the install file by downloading it from the Cisco Systems website
or from your network administrator. The VPN client install file is located in the
VPN5000 folder.
This chapter contains the following sections:
• Uninstalling the VPN Client for Mac OS X, page 2-1
• System Requirements, page 2-2
• Installing the Software, page 2-2
OL-1446-02
Note Before you install a new version of the VPN client for Mac OS X, you must first
uninstall any earlier versions of the VPN client, and reboot your computer.
Cisco VPN 5000 Client User Guide for Mac OS X
2-1
Chapter 2 Installing the Cisco VPN 5000 Client
Uninstalling the VPN Client for Mac OS X
Uninstalling the VPN Client for Mac OS X
To uninstall the VPN client for Mac OS X you must run the vpn_uninstall scripts
located in the /Applications/VPN5000Client directory.
To uninstall the VPN client:
Step 1 Log in as root user or superuser.
Step 2 Make sure you are in the Applications/VPN5000 folder.
Step 3 Enter the following command from a terminal window:
./vpn_uninstall
This method completely uninstalls all previous versions of the VPN client.
If running the uninstall script does not work, you can manually uninstall the VPN
client by issuing the following set of commands from a terminal window as the
root user or superuser:
rm -rf /Library/Receipts/vpn5000macosx510.pkg/
rm -rf /System/Library/Extensions/VPN5000.kext/
rm -rf /System/Library/StartupItems/VPN/
rm -rf /Applications/VPN5000Client/
Step 4 Reboot your computer.
System Requirements
The VPN client for Mac OS X runs on any Power Macintosh or compatible
computer with the Macintosh operating system Versions 10.0.0 to 10.1.
Have available an application that can unpack the archive, such as StuffIt. This
application is included with the VPN client. Your web browser might perform the
translation automatically for you.
Cisco VPN 5000 Client User Guide for Mac OS X
2-2
OL-1446-02
Chapter 2 Installing the Cisco VPN 5000 Client
Installing the Software
This section describes the installation process for the VPN client for Mac OS X.
You must have root login priveleges for the computer on which you are installing
the VPN client.
To install the VPN client for Mac OS X
Step 1 From the VPN5000 folder, translate the set-up file from tar.gz using the StuffIt
application.
This operation creates two files: a tar file and a pkg file.
Step 2 If your tar.gz application did not expand the set-up package you must enter the
following commands from a terminal window:
gunzip vpn5000-macosx-510-k9.tar.gz
tar -xvf vpn5000-macosx-510-k9.tar
This set of commands creates an installer package named
vpn5000-macosx-510-k9.pkg.
Step 3 In a Finder application window, double-click the vpn5000-macosx-510-k9.pkg
icon and follow the instructions to install the VPN client.
Installing the Software
OL-1446-02
Step 4 Restart your computer.
After your computer completes the restart process, you can run the VPN client
program.
Cisco VPN 5000 Client User Guide for Mac OS X
2-3
Installing the Software
Chapter 2 Installing the Cisco VPN 5000 Client
2-4
Cisco VPN 5000 Client User Guide for Mac OS X
OL-1446-02
Contents
CHAPTER
3
Running the Cisco VPN 5000 Client
This chapter describes how to use the Cisco VPN 5000 Client for Mac OS X.
For an overview of the software user interface, see Chapter 4, “Cisco VPN 5000
Client User Interface.”
This chapter contains the following sections:
• Setting Up a Login, page 3-1
• Setting Up Digital Certificates, page 3-4
• Connecting to the VPN Concentrator, page 3-8
• Configuration File Description, page 3-9
Setting Up a Login
This section describes how to set up a login if your administrator has not already
done so.
OL-1446-02
Cisco VPN 5000 Client User Guide for Mac OS X
3-1
Setting Up a Login
Step 1 Double-click the VPN client icon on your desktop.
Chapter 3 Running the Cisco VPN 5000 Client
To set up your own login configuration
The VPN Client window opens with the Configurations tab forward (Figure 3-1).
Figure 3-1 VPN Client Window
3-2
Step 2
Click the Add button.
The Login Properties dialog box opens.
Step 3 Choose your login method.
If you choose Shared Secret, a shared key password authenticates the server
during the login.
If you choose Certificate, a digital certificate is used for authentication during the
login. Tabl e 3- 1 describes the digital certificate login methods.
Cisco VPN 5000 Client User Guide for Mac OS X
OL-1446-02
Loading...