cc/td/doc/product/vpn/client/rel4_0
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Managing the VPN Client
 Managing Connection Entries
 Event Logging
 Viewing Statistics

Managing the VPN Client

This chapter describes how to manage connection entries, and view and manage the event logging.

Managing Connection Entries

The following sections describe the operations used to manage connection entries. This includes how to import, modify, and delete a connection entry.

Importing a Connection Entry

You can automatically configure your VPN Client with new settings by importing a new configuration file (a file with a .pcf extension, called a profile) supplied by your network administrator.

To import a stored profile:

Step 1   Click the Connection Entries tab.

Step 2   Click Import at the top of the VPN Client window. The Import VPN Connection dialog box appears (Figure 7-1).


Figure 7-1   Import VPN Connection


Step 3   Locate the connection entry to import. A valid connection entry configuration file must have a .pcf extension.

Step 4   Click Open. The connection entry is added to the list of available profiles and you return to the Connection Entries tab.

Alternately, you can copy the .pcf file into the profiles directory and restart the VPN Client application.


Modifying a Connection Entry

You can make changes to a connection entry at any time. The new configuration is stored in the profiles directory and is applied during the next connection attempt.

To modify a connection entry:

Step 1   Click the Connection Entries tab.

Step 2   Select the connection entry to modify.

Step 3   Click Modify at the top of the VPN Client window. The VPN Client Properties dialog box appears (Figure 7-2).


Figure 7-2   Connection Entry Settings


The existing configuration for this connection entry is displayed.

Step 4   Make adjustments to this connection entry configuration.

Step 5   Click Save. The VPN Client Properties dialog box closes and you return to the Connection Entries tab.


Deleting a Connection Entry

You can delete any connection entry that does not have an active VPN connection.

To delete a connection entry:

Step 1   The Connection Entries tab must be forward.

Step 2   Select the connection entry to delete.

Step 3   Click Delete at the top of the VPN Client window. You are prompted to confirm the connection entry to delete (Figure 7-3).


Figure 7-3   Confirm Delete


Caution   You cannot retrieve a connection entry that has been deleted.

Step 4   Click Delete to delete this connection entry. The connection entry is removed from the profiles directory and you are returned to the Connection Entries tab.

Click Do not Delete to return to the VPN Client window without deleting the selected connection entry.


Event Logging

The following sections describe how to view and manage the VPN Client event log.

The event log can help diagnose problems with an IPSec connection between the VPN Client and a peer VPN device. The log collects event messages from all processes that contribute to the client-peer connection.

From the Log tab on the VPN Client window you can:

Enable Logging

Note   If you enable logging during normal use of the VPN Client, it might affect the performance of the application. We recommend that you only enable logging when troubleshooting.

To enable logging, click Enable at the top of the VPN Client window. Alternately, you can choose Enable from the Log menu. The event logging window displays (Figure 7-4).


Figure 7-4   Event Log


Every VPN session contains at least one log entry, the connection history.

To disable logging, click the Disable button at the top of the VPN Client window.

Clear Logging

To clear the event messages from the logging window, click Clear at the top of the VPN Client window. Clearing the display does not reset event numbering or clear the log file itself.

Note   To store the event messages before you clear the log, choose Save from the Log menu.

Set Logging Options

Logging options apply to the active VPN session. Changing the logging settings clears the event log and the new logging settings take effect immediately.

To set logging options for the VPN Client:

Step 1   Click the Log tab.

Step 2   Click Options at the top of the VPN Client window. The Log Settings dialog box appears (Figure 7-5).


Figure 7-5   Log Settings


Table 7-1 describes the log classes that generate events in the VPN Client log viewer.

Table 7-1   VPN Client Logging Classes

Log Class Description Module

[LOG.IKE]

Internet Key Exchange module, which manages secure associations.

IKE

[LOG.CM]

Connection Manager (CM), which drives VPN connections. (CM dials a PPP device, configures IKE for establishing secure connections, and manages connection states.)

Connection Manager

[LOG.CVPND]

Cisco VPN Daemon, which initializes client service and controls the messaging process and flow.

Daemon (cvpnd)

[LOG.XAUTH]

Extended authorization application, which validates a remote user's credentials.

eXtended AUTHentication

[LOG.CERT]

Certificate management process, which handles obtaining, validating, and renewing certificates from certificate authorities. CERT also displays errors that occur as you use the application.

Certificates

[LOG.IPSEC]

IPSec module, which obtains network traffic and applies IPSec rules to it.

IPSec

[LOG.CLI]

Command-Line Interface, which allows you to perform certain operations from the command line rather than using the VPN Client graphical user interface.

Command Line

[LOG.GUI]

The VPN Client for Mac OS X user interface.

Graphical User Interface

Step 3   Select the logging level for each module that uses logging services. The logging levels allow you to choose the amount of information you want to capture. Figure 7-6 shows the logging levels.


Figure 7-6   Logging Levels


There are four logging levels:

Step 4   Click Apply. This clears the event log and immediately applies the new logging levels.


Opening the Log Window

To display the events log in a separate window, click Log Window at the top of the VPN Client window. The VPN Client Log Window appears (Figure 7-7).


Figure 7-7   Log Window


The following buttons allow you to manage the information in the Log Window:

Note    The VPN Client saves the information to the Client install directory. The default file name is based on the date and time (in 24-hour format) that the log file was created; for example, LOG-2003-03-13-52-56.text. You can save what is in the present log to a different directory and filename, but you cannot change the default log directory and filename.

Viewing Statistics

View VPN session information on the Statistics window. The Statistics window lists tunnel details, route details, and other information related to the active VPN session, including:

To view VPN session statistics, choose Statistics from the Status menu.

The Statistics window has two tabs, Tunnel Details and Route Details. The Tunnel Details tab lists information about the VPN tunnel. The Route Details tab lists information about excluded and secured routes.

Tunnel Details

The Tunnel Details tab (Figure 7-8) displays the IP addresses assigned for this session and byte and packet statistics.


Figure 7-8   Statistics Window—Tunnel Details


Use the Reset button to clear the fields in the tunnel details display. Alternately, you can reset the statistics by choosing Reset Stats from the Status menu.

Table 7-2 describes the statistics fields on the Tunnel Details tab.

Table 7-2   Tunnel Details

Field Description

Client Address Information

IP address assigned to the client for this VPN session

Server Address Information

IP address of the VPN device you are connected to.

Bytes Received

Number of bytes received by the client during the active session.

Bytes Sent

Number of bytes sent by the client during the active session.

Packets Encrypted

Number of packets encrypted during this VPN session.

Packets Decrypted

Number of packets decrypted during this VPN session.

Packets Discarded

Number of packets discarded during this VPN session.

Packets Bypassed

Number of packets bypassed during this VPN session.

Connection Entry Name

The name of the connection entry for this VPN session.

Connection Time

The connection time for this VPN session.

Encryption

Encryption algorithm used for this VPN session. The VPN Client supports:

  • 56-bit DES (Data Encryption Standard)
  • 168-bit Triple-DES
  • AES 128-bit and 256-bit

Note The VPN Client continues to support DES/MD5. However, support for DES/SHA is no longer available, and Release 3.7 VPN Clients cannot connect to any central-site device group that is configured for (or proposing) DES/SHA. The VPN Client must either connect to a different group or the system administrator for the central-site device must change the configuration from DES/SHA to DES/MD5 or another supported configuration. The Cisco VPN Client Administrator Guide lists all supported encryption configurations.

Authentication

Authentication algorithm used for this VPN session. The VPN Client supports:

  • HMAC-MD 5 (Hashed Message Authentication Coding with Message Digest 5 hash function)
  • HMAC-SHA-1 (Secure Hash Algorithm hash function)

Transparent tunneling

Displays whether transparent tunneling is enabled; if enabled, lists the protocol and port number.

Local LAN

Displays whether Local LAN access (split tunneling) is enabled.

Compression

Displays what type of data compression is used, if any.

Route Details

The Route Details tab displays the routes that VPN traffic takes into the network, which can be either Local LAN routes or secured routes.

To display route data during an active VPN session, open the Statistics window and click the Route Details tab (Figure 7-9).


Figure 7-9   Statistics Window—Route Details


For each local LAN or secured route, the following information is listed:

Notifications

The VPN device that provides your connection to the private network might send notifications to the VPN Client. These notifications appear on the Notifications window. To display the notifications window (Figure 7-10), choose Notifications from the Status menu.

When you first establish a VPN connection, you receive a notification regarding your connection. This is typically the login banner or connection history.

Other notifications might include messages from your network administrator about upgrades to the VPN Client software or information regarding the specific VPN device you are connected to.


Figure 7-10   Notifications Window


The top pane of the Notifications window lists the title of each stored notification. The bottom pane displays the notification message associated with the selected title.

All notifications from the VPN device are stored in this display during the VPN session. Every VPN session contains at least one notification, the connection history.

Some notifications contain a URL which directs you to the location of more current versions of the VPN Client. If the URL exists, the Launch button becomes active. If you click the Launch button, a browser open on your workstation.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Mon Apr 14 11:19:21 PDT 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.