System information
176 Chapter 4: Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys
• IKE keepalives
• Split tunneling
• LZS data compression
Authentication features include the following:
• User authentication via the following:
— VPN concentrator internal database
— RADIUS
— NT Domain (Windows NT)
— RSA (formerly SDI) SecurID or SoftID
• Certificate Manager to manage client identity certificates
• Ability to use Entrust Entelligence certificates
• Ability to authenticate using smart cards with certificates
Firewall features include the following:
• Support for Cisco Secure PIX Firewall platforms
• Support for the following personal firewalls:
— Cisco Integrated Firewall (CIF)
— ZoneAlarmPro 2.6.3.57
— ZoneAlarm 2.6.3.57
— BlackIce Agent and BlackIce Defender 2.5
• Centralized Protection Policy provides support for firewall policies pushed to the VPN
Client from the VPN 3000 Concentrator.
VPN Client IPSec attributes include the following:
• Main and aggressive modes for negotiating phase 1 of establishing ISAKMP Security
Associations
• Authentication algorithms:
— HMAC (Hashed Message Authentication Coding) with MD5 (Message Digest
5) hash function
— HMAC with SHA-1 (Secure Hash Algorithm) hash function
• Authentication modes:
— Preshared keys
— X.509 Digital Certificates
• Diffie-Hellman Groups 1, 2, and 5
chpt_04.fm Page 176 Friday, April 4, 2003 9:19 AM