Summary

The Cisco Unity VPN client is part of Cisco's Unified Client Framework, which allows the client to interoperate with VPN Concentrators, PIX firewalls, and Cisco routers. The client can be installed on several platforms, including Microsoft Windows, Linux, Solaris UltraSparc, and Macintosh. The Cisco VPN Client for Windows and the Cisco VPN Client for Mac OSX are the only software clients that are GUI-based. You can install the client automatically in silent mode by creating an oem.ini file.

When you create a connection entry, it is stored as a .pcf file in the profile directory. You can edit the connection entries by pressing the Options button and selecting Properties on the menu. This brings up a new window with three tabs on it labeled General, Authentication, and Connections. The General tab allows you to enable transparent tunneling, allow local LAN access, and set the Dead Peer Detection time. On the Authentication tab, you can specify the group and preshared key or digital certificate to utilize during IKE negotiations. Finally, the Connections tab allows you to define up to 10 backup servers and specify any dial-up parameters to connect to the Internet.

If you want the client to auto-initiate a connection to the VPN concentrator, you must edit the vpnclient.ini file and enable this feature. In addition, you can create a list of up to 64 connection entries, which you must associate with a .pcf connection profile.

The Options menu offers you several parameters that you can manipulate to tweak settings for the VPN client. Namely, you can clone, create, delete, and import profile entries. What's more, you can delete locally stored user passwords, create a desktop shortcut, and enable the CIC stateful firewall (which is based on Zone Labs technologies). In the Options menu, you also can launch an application, turn off Auto-initiate, and instruct the VPN dialer to initiate a tunnel before logging into a Windows domain.

When you press the Connect button to initiate the tunnel, a closed lock icon appears in the systray. You can click on this icon to display the Connection Status window, which contains a General, Statistics, and Firewall tab. The General tab displays connections statistics, such as IP addresses, encryption algorithms, compression, tunnel transparency, local LAN access, and firewall options. The Statistics tab displays packets being transmitted for all known secure and local LAN routes. The Firewall tab displays the firewall policy in place and any firewall rules that are assigned as a result of the firewall policy and split tunneling. If you want to disconnect, click on the Disconnect button at the bottom of this window or right-click on the icon and choose the Disconnect option.

The Cisco Unity Client also contains some additional applications to help manage the VPN Dialer. The Log Viewer is utilized to help troubleshoot connectivity problems when logging is enabled on the VPN Dialer. You also may manipulate the frame MTU size by using the Set MTU application. The last utility, called Certificate Manger, enables you to delete, view, verify, and request identity and CA certificates for the workstation. The Cisco VPN Client supports network-based enrollment with SCEP or file-based enrollment.

Version 4.x of the Cisco Client for Windows has some significant changes to the graphical interface. Specifically, the Log Viewer and the Certificate Manager applications are integrated in the once-called VPN Dialer application now called VPN Client. In addition, the connection entry properties, as well as the connection status windows, have changed and added tabs from the 3.0 version of the Cisco VPN Client. Finally, the vpnclient.ini global profile has added support for additional entries that can force local PC account logins, as well as present users in either Advanced View or Simple View when they open the client.