Managing the VPN Client

This chapter describes how to manage connection entries, and view and manage the event logging.

Managing Connection Entries

The following sections describe the operations used to manage connection entries. This includes how to import, modify, and delete a connection entry.

Importing a Connection Entry

You can automatically configure your VPN client with new settings by importing a new configuration file (a file with a .pcf extension, called a profile) supplied by your network administrator.

Step 2 Click Import at the top of the VPN client window. The Import VPN Connection dialog box appears (Figure 7-1).

Step 3 Locate the connection entry to import. A valid connection entry configuration file must have a .pcf extension.

Step 4 Click Open. The connection entry is added to the list of available profiles and you return to the Connection Entries tab.

Alternately, you can copy the .pcf file into the profiles directory and restart the VPN client application.

Modifying a Connection Entry

You can make changes to a connection entry at any time. The new configuration is stored in the profiles directory and is applied during the next connection attempt.

Step 3 Click Modify at the top of the VPN client window. The VPN Client Properties dialog box appears (Figure 7-2).

Step 5 Click Save. The VPN client Properties dialog box closes and you return to the Connection Entries tab.

Deleting a Connection Entry

You can delete any connection entry that does not have an active VPN connection.

Step 3 Click Delete at the top of the VPN client window. You are prompted to confirm the connection entry to delete (Figure 7-3).

Step 4 Click Delete to delete this connection entry. The connection entry is removed from the profiles directory and you are returned to the Connection Entries tab.

Click Do not Delete to return to the VPN client window without deleting the selected connection entry.

Viewing Tunnel Details

The Tunnel Details tab displays information related to the active VPN session, including:

Figure 7-4 shows the Tunnel Details tab display, which includes the IP addresses assigned for this session and byte and packet statistics.

Use the Reset button at the top of the VPN client window to clear the fields in the tunnel details display. Alternately, you can reset the statistics by choosing Reset Stats from the Connection Entries menu.

Table 7-1 Tunnel Details Tab Fields

Field	Description
Client	IP address assigned to the client for this VPN session
Server	IP address of the VPN device you are connected to.
Packets Encrypted	Number of packets encrypted during this VPN session.
Packets Decrypted	Number of packets decrypted during this VPN session.
Packets Discarded	Number of packets discarded during this VPN session.
Packets Bypassed	Number of packets bypassed during this VPN session.
Bytes Received	Number of bytes received by the client during the active session.
Bytes Sent	Number of bytes sent by the client during the active session.
Encryption	Encryption algorithm used for this VPN session. The VPN client supports: 56-bit DES (Data Encryption Standard) 168-bit Triple-DES AES 128-bit and 256-bit Note The VPN client continues to support DES/MD5. However, support for DES/SHA is no longer available, and Release 3.7 VPN clients cannot connect to any central-site device group that is configured for (or proposing) DES/SHA. The VPN client must either connect to a different group or the system administrator for the central-site device must change the configuration from DES/SHA to DES/MD5 or another supported configuration. The Cisco VPN Client Administrator Guide lists all supported encryption configurations.
Authentication	Authentication algorithm used for this VPN session. The VPN client supports: HMAC-MD 5 (Hashed Message Authentication Coding with Message Digest 5 hash function) HMAC-SHA-1 (Secure Hash Algorithm hash function)
NAT	Displays whether NAT is enabled; if enabled, lists the protocol and port number.
Local LAN	Displays whether Local LAN access (split tunneling) is enabled.
Compression	Displays what type of data compression is used, if any.

Notifications

The VPN device that provides your connection to the private network might send notifications to the VPN client. These notifications appear on the Notifications window. To display the notifications window (Figure 7-5), click Notifications on the Tunnel Connections tab.

When you first establish a VPN connection, a notification regarding your connection appears. This is typically the login banner or connection history.

Other notifications might include messages from your network administrator about upgrades to the VPN client software or information regarding the specific VPN device you are connected to.

The top pane of the Notifications window lists the title of each stored notification. The bottom pane displays the notification message associated with the selected title.

All notifications from the VPN device are stored in this display during the VPN session. Every VPN session contains at least one notification, the connection history.

VPN Client Routes

The routes window displays the routes that VPN traffic takes into the network, which can be either excluded routes or secured routes.

To display route data during an active VPN session, click Routes on the Tunnel Connections tab. The Routes window appears (Figure 7-6).

Event Logging

The following sections describe how to view and manage the VPN client event log.

The event log can help you diagnose problems with an IPSec connection between the VPN client and a peer VPN device. The log collects event messages from all processes that contribute to the client-peer connection.

Enable Logging

To enable logging, click Enable at the top of the VPN client window. The event logging window appears (Figure 7-7).

To disable logging, click the Disable button at the top of the VPN client window.

Clear Logging

To clear the event messages from the logging window, click Clear at the top of the VPN client window. Clearing the display does not reset event numbering or clear the log file.

Set Logging Options

Logging options apply to the active VPN session. Changing the logging settings clears the event log and the new logging settings take effect immediately.

Step 2 Click Options at the top of the VPN client window. The Logging Options dialog box appears (Figure 7-8).

Table 7-2 describes the log classes that generate events in the VPN client log viewer.

Table 7-2 VPN Client Logging Classes

Log Class	Description	Module
[LOG.IKE]	Internet Key Exchange module, which manages secure associations.	IKE
[LOG.CM]	Connection Manager (CM), which drives VPN connections. (CM dials a PPP device, configures IKE for establishing secure connections, and manages connection states.)	Connection Manager
[LOG.CVPND]	Cisco VPN Daemon, which initializes client service and controls the messaging process and flow.	Daemon (cvpnd)
[LOG.XAUTH]	Extended authorization application, which validates a remote user's credentials.	eXtended AUTHentication
[LOG.CERT]	Certificate management process, which handles obtaining, validating, and renewing certificates from certificate authorities. CERT also displays errors that occur as you use the application.	Certificates
[LOG.IPSEC]	IPSec module, which obtains network traffic and applies IPSec rules to it.	IPSec
[LOG.CLI]	Command-Line Interface, which allows you to perform certain operations from the command line rather than using the VPN client graphical user interface.	Command Line

Step 3 Select the logging level for each module that uses logging services.The logging levels allow you to choose the amount of information you want to capture. Figure 7-8 shows the logging levels.

Step 4 Click Apply. This clears the event log and immediately applies the new logging levels.

External Log Viewer

To display the events log in a separate window, click External Log Viewer at the top of the VPN client window. The VPN client Connection Log window appears (Figure 7-10).

Table of Contents