Mode Configuration Parameters; Banner; Allow Password Storage On Client; Split Tunneling Network List - Cisco VPN 3000 User Manual

Notes: IPSec uses Mode Configuration to pass all configuration parameters to a client: IP address, DNS and
WINS addresses, etc. You must check this box to use Mode Configuration. Otherwise, those
parameters—even if configured with entries—are not passed to the client.
The Cisco VPN 3000 Client (IPSec client) supports Mode Configuration, but other IPSec clients may
not. For example, the Microsoft Windows 2000 IPSec client does not support Mode Configuration. (The
Windows 2000 client uses the PPP layer above L2TP to receive its IP address from the VPN
Concentrator.) Determine compatibility before using this option with other vendors' clients.

Mode Configuration Parameters

These parameters apply to this group's IPSec clients using Mode Configuration. If you check Mode
Configuration

Banner

Enter the banner, or text string, that this group's IPSec clients see when they log in. The maximum length
is 128 characters.

Allow Password Storage on Client

Check the box to allow this group's IPSec clients to store their login passwords on their local client
systems. If you do not allow password storage, IPSec users must enter their password each time they
seek access to the VPN. For maximum security, we recommend that you not allow password storage.

Split Tunneling Network List

Click the drop-down menu button and select the Network List to use for split tunneling. If no Network
Lists have been configured, the list shows --None-- , which means that split tunneling is disabled.
Selecting a configured Network List enables split tunneling. Configure Network Lists on the
Configuration | Policy Management | Traffic Management | Network Lists
See the discussion About split tunneling and Network Lists under Configuration | User Management | Base
Group
You can apply only one Network List to a group, but one Network List can contain up to 200 network
entries.

Default Domain Name

Enter the default domain name that the VPN Concentrator passes to the IPSec client, for the client's TCP/
IP stack to append to DNS queries that omit the domain field. This domain name applies only to tunneled
packets. For example, if this entry is xyzcorp.com , a DNS query for mail becomes
mail.xyzcorp.com
syntax.
VPN 3000 Concentrator Series User Guide
above, configure these parameters as desired; otherwise, ignore them.
on page 12-10.
. Maximum is 255 characters. The Manager checks the domain name for valid
Configuration | User Management | Groups | Add or Modify (Internal)
screens.
12-27