ISEKI CISCO SYSTEMS OL-5450-10 User Manual

Usage Notes

34

Release Notes for VPN Client, Release 4.0 through Release 4.0.5.D

OL-5450-10

On the Mac OS X platform, Internet Explorer 5.2 that comes installed does not
allow certificates to be exported. The best course of action for these users is to
either enroll and export the certificate from a Windows workstation and email it
to the Mac user or to use direct enrollment from the Client itself.

Verisign works fine with the Macintosh version of the VPN Client. But the
“browsers” available on the Macintosh don't export certificates (Verisign or
others) in the proper format for the VPN Client to receive them, or they don't
allow the export of certificates at all (IE). This is because IE is a Windows product
and doesn't support on the Macintosh platform everything the normal Windows IE
does (CSCdz23397).

VPN Client Can Require Smart Card When Using Certificates

For Windows 2000 and Windows XP systems, you can configure the VPN Client
to require the presence of a Smart Card when Certificates are used. If this feature
is configured, the VPN Client displays an error message if a Smart Card is not
present. The Certificates need not be present on the Smart Card itself. To
configure this feature, add the following line to the user’s client profile, specifying
the appropriate vendor for your Smart Card:

SmartCardName=<Name of Smart Card Vendor>

If you are using pre-shared keys instead of Certificates, this requirement is not
enforced, even if configured.

To disable the Smart Card verification function, completely delete the entry:
SmartCardName=<text> from the user’s client profile (CSCec82220).

VPN Client GUI Connection History Display Lists Certificate Used

In Release 4.0.3.C, the VPN Client GUI connection history dialog box now
displays as the first entry the name of the certificate used for establishing the
connection (CSCec79691).