Managing the VPN Client

Aside from the VPN dialer, the Unity Client also contains several support utilities. Namely, the Set MTU utility enables you to manipulate the size of frames traversing the tunnel. In addition, the Unity Client contains a Log Viewer application in which you can enable logging on to the client; you can also use the log viewer to help you troubleshoot failing connections.

The final utility provided by the Cisco Unity Client is called Certificate Manager. As the name implies, it enables you to manage digital certificates that are stored on your workstation. This utility can be used to view, verify, delete, export, and password protect any installed identity and CA certificates. As depicted in Figure 10.13, you can generate a file-based or SCEP network-based PKCS#10 request for an identity certificate. When this request is generated, you can monitor the progress of the request in the Utility window. After an identity certificate is installed on the local workstation, it can be used in IKE phase 1 authentication if you select it in the Authentication tab of the connection's properties (see the "Authentication Tab" section in the beginning of this chapter).

Recall that the OU field in an identity certificate is used by the VPN Concentrator to associate the authenticating device to a group. Notice that the field to input this OU value is called Department in the Certificate Manager. Be sure that this field contains a valid group on the VPN 3000 Concentrator or external authentication server.