Tunneling Protocols
The Cisco VPN Software Client supports the following tunneling options:
¦ IPSec Encapsulating Security Payload (ESP)
¦ IPSec over TCP: NAT or PAT
¦ IPSec over UDP: NAT, PAT, or firewall
Encryption and Authentication
The Cisco VPN Software Client supports the following encryption algorithms:
¦ DES
¦ 3DES
¦ AES (128- and 256-bit)
It also supports the following cryptographic hash algorithms:
¦ MD5
¦ SHA-1
Key Management Techniques
The Cisco VPN Client supports the following key management techniques:
¦ IKE main mode
¦ IKE aggressive mode
¦ Diffie-Hellman (DH) groups 1, 2, 5, and 7
NOTE IPSec over TCP and IPSec over UDP refer to the VPN Client encapsulating the
IPSec traffic inside of either TCP or UDP packets. By encapsulating the complete IPSec
packets inside of another transport protocol (such as UDP), the integrity checks on the
IPSec packets remain valid even when a NAT device changes the IP addresses on the outer
transport protocol.