The Cisco Easy VPN supports the IPSec options and attributes shown in Table 14-2.
Initial Contact
If a Cisco VPN Client is suddenly disconnected, the gateway might not immediately detect
this, so the current connection information (IKE and IPSec security associations [SA]) will
still be valid. Then, if the VPN Client attempts to reestablish a connection, the new
connection will be refused because the gateway still has the previous connection marked
as valid. To avoid this scenario, Initial Contact has been implemented in all Cisco VPN
products. Initial Contact enables the VPN Client to send an initial message that instructs
the gateway to ignore and delete any existing connections from that client, thus preventing
connection problems caused by SA synchronization issues.
Table 14-2 IPSec Options and Attributes
IPSec Option Attributes
Authentication Algorithms • Keyed-Hash Message Authentication Code (HMAC)
• Message Digest 5 (MD5)
• HMAC Secure Hash Algorithm (SHA-1)
Authentication Types • Preshared keys
• Rivest-Shamir-Adleman (RSA) digital signatures (not supported
by Cisco Easy VPN Remote phase II)
Diffie-Hellman (DH) Groups • Group 1
• Group 2
• Group 5
IKE Encryption Algorithms • Data Encryption Standard (DES)
• Triple Data Encryption Standard (3DES)
• Advanced Encryption Standard (AES)
IPSec Encryption Algorithms • DES
• 3DES
• AES
• NULL
IPSec Protocol Identifiers • Encapsulating Security Payload (ESP)
• IP Payload Compression Protocol (IPComp)
• STAC-Lempel-Ziv Compression (LZS)
IPSec Protocol Mode • Tunnel Mode