About ipsec over tcp, Use certificate, Certificate transmission – Cisco VPN 3002 User Manual

Page 66: Group, Name

Advertising
background image

6-6

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 6 Tunneling

Configuration | System | Tunneling Protocols | IPSec

About IPSec over TCP

IPSec over TCP encapsulates encrypted data traffic within TCP packets. This feature enables the VPN
3002 to operate in an environment in which standard Encapsulating Security Protocol (ESP, Protocol 50)
or Internet Key Exchange (IKE, UDP 500) cannot function, or can function only with modification to
existing firewall rules. IPSec over TCP encapsulates both the IKE and IPSec protocols within a TCP
packet, and enables secure tunneling through both NAT and PAT devices and firewalls.

Note

This feature does not work with proxy-based firewalls.

The VPN 3002 Hardware Client, which supports one tunnel at a time, can connect using either standard
IPSec, IPSec over TCP, or IPSec over UDP.

To use IPSec over TCP, both the VPN 3002 and the VPN Concentrator to which it connects must be
running version 3.5 software.

Use Certificate

This parameter specifies whether to use preshared keys or a PKI (Public Key Infrastructure) digital
identity certificate to authenticate the peer during Phase 1 IKE negotiations. See the discussion under
Administration | Certificate Management, which is where you install digital certificates on the VPN
3002.

Check the box to use digital certificates.

Certificate Transmission

If you configured authentication using digital certificates, choose the type of certificate transmission.

Entire certificate chain = Send the peer the identity certificate and all issuing certificates. Issuing
certificates include the root certificate and any subordinate CA certificates.

Identity certificate only = Send the peer only the identity certificate.

Group

The VPN 3002 connects to the VPN Concentrator using this Group name and password, which must be con-
figured on the central-site VPN Concentrator. Group and usernames and passwords must be identical on the
VPN 3002 and on the VPN Concentrator to which it connects.

Name

In the Group Name field, enter a unique name for the group to which this VPN 3002 belongs. This is the
group name configured on the central-site VPN Concentrator to which this VPN 3002 connects.
Maximum is 32 characters, case-sensitive.

Advertising
Popular Brands
Popular manuals