Manual IPSec Implementation | Cisco Systems 2.1(1) guide

Chapter 6: About Support Tools Security

Using IPSecurity with Support Tools

–If a non-Cisco policy already exists on the target machine and is not assigned, Support Tools will create and assign a Cisco policy.

Manual IPSec Implementation

On Windows 2000 and XP platforms, IPSec can be used but must be configured manually. This section provides guidelines on setting up IPSec for Support Tools.

When configuring Support Tools to use IPSec:

•The policy for the Support Tools server should be configured to support shared keys.

•A filter should be added complying with the above listed recommendations when securing a Support Tools component that resides on a system with a one-to-one IPSEC policy. The filter should be added to the filter list of the existing policy and listed second.

A configuration example follows:

Client Policy IP Filter

From any IP address / TCP port

To any IP address / specific TCP port (39100, Support Tools default)

Filter Action

Request Security on Support Tools Server Require Security on Node Agent

Negotiate security

ESP with SHA1 Integrity and no encryption Authentication Mode (Both should be listed on Support Tools server)

Preshared key

Cisco Support Tools User Guide for Cisco Unified Software Release 2.1(1)

45

Image 59

Cisco Systems 2.1(1) manual Manual IPSec Implementation

Contents

Cisco Support Tools User Guide for Cisco Unified Software Page Table of Contents Part 3. Installing, Upgrading and Configuring Support Tools Iii Part 4. The Support Tools DashboardPage Part 6. Using Cisco Common Tools 153 Page Vii 193 Viii Sqlew Part 8. Reference 249 Page List of Figures Xii Audience PrefacePurpose Conventions OrganizationRelated Documentation Cisco.com Obtaining Documentation Product Documentation DVD Ordering Documentation You can access international Cisco websites at this URLDocumentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco ProductsProduct Alerts and Field Notices Cisco Technical Support & Documentation Website Obtaining Technical Assistance Definitions of Service Request Severity Submitting a Service Request Obtaining Additional Publications and Information Preface Obtaining Additional Publications and Information Preface Obtaining Additional Publications and Information Page Page Chapter New Features in this Release New Features in this Release Cisco Intelligent Contact Above All Management ICM and IP Support Tools Node RequirementsThis section contains the following topics Support Tools Server Hardware Requirements Support Tools Server RequirementsSupport Tools Node Hardware Requirements Support Tools Node Software Requirements Support Tools Server Network Requirements Support Tools Server / Node Version CompatibilitySupport Tools Port Requirements Support Tools Server OS Requirements Support Tools Listening Port Support Tools Dashboard Web Browser Requirements Part 2 Support Tools Overview Page About Cisco Support Tools Key Features About Support Tools Components Key Features Support Tools Node About Support Tools Network TopologySupport Tools Server What is the benefit of Support Tools? Frequently Asked Questions Who can use Support Tools? About Cisco Support Tools Frequently Asked Questions Support Tools Utilities List About Support Tools Utilities Trace and Log Tools Web Tools Cisco Common Tools Viewing status, statistics, etc. It is also possible to Enable specific debug tracing in the call router3rd Party Common Tools Use to view user-defined number of lines from Use to view statistics for the local Workstation Automatically restart the host after 60 seconds Displays and configures event triggers on local Privileged Utilities Utility Installation Locations Non-Dashboard Utilities Command-Line vs GUI Access About Support Tools Utilities Command-Line vs GUI Access Working in Batch Mode Interactive Mode vs. Batch ModeWorking in Interactive Mode Pending Jobs Using Tools in Batch ModeCanceling a Batch Mode Job Click Cancel Interactive Mode vs. Batch Mode Pending Jobs About Support Tools Security Support Tools Security Features Automated IPSec Implementation Using IPSecurity with Support Tools Manual IPSec Implementation Page Part 3 Installing, Upgrading and Configuring Support Tools Page Support Tools Installation Tasks Installing Support ToolsAbout Installing Support Tools Collect information for the install How to Collect Information for Support Tools Installation Post-Installation Configuration How to Create Support Tools User Groups Creating Local Accounts on the Support Tools Server How to Create the Distinguished User AccountTo Create Support Tools User Groups How to Install the Support Tools Server How to Create the Distinguished User AccountPage Page How to Install the Support Tools Node Password field, enter your Windows password case-sensitive How to Test the Support Tools InstallationPress Enter. The Support Tools Dashboard Login screen opens Page Page About Configuring Support Tools Configuring Support Tools How to Modify Support Tools Basic Configuration TCP/IP Port How to Disable Continuous Virus Scan for the Repository Supporttoolsroot\repository\system files\ Page List/wmi.asp Configuration of sysquery and Trace How to Uninstall Support Tools Uninstalling, Reinstalling and Upgrading Support Tools Upgrading Support Tools How to Reinstall Support Tools Part 4 The Support Tools Dashboard Page Support Tools Dashboard Using the Support Tools Dashboard Accessing Utilities in the Dashboard Accessing the Dashboard and PrivilegesUsing the Dashboard for the First Time Accessing the Dashboard Adding a System to the System List Selecting a System to Work With in Interactive Mode Navigating and Refreshing Pages in the Dashboard How to Access the Support Tools DashboardTo access the Support Tools Dashboard To Add a Node to the System List How to Use the System Management Screen Click the Add System Button To Automatically Add CVP and Support Tools Server NodesTo Test the Connection to a Node To Delete a Node from the System List Using the Select System Screen Using the Select System Screen Adding a Support Tools Node to the System List How to End a Dashboard SessionPage Page Part 5 Using Support Tools Web Tools Page How to Use the System Interrogate Screen Using Support Tools Utilities from the DashboardPage Mode Component & Sub-componentsInteractive Odbc Cisco ICM/IPCC Agent Reskilling Component & Sub-components Retrievable Only Interactive Mode Cisco Agent Desktop CAD Cisco CallManager Cisco Ipcc Express Component & Sub-components Cisco Support Tools To Retrieve System Information in Interactive Mode To Save System Information to a File To Retrieve System Information in Batch Mode To Save Files Returned from a System Interrogate How to Use the History Screens To Rename a File To Set an Expiration Date for History FilesTo View a Saved File To Download a File How to Use the Registry ScreenTo Delete a File To use the Registry Screen How to Use the Registry Compare Screen To Compare Two Saved Registry Files To Compare the Current System to AnotherTo Compare the Current System to a Saved Registry File 100 Understanding the Compare Registries DisplayClick the Compare Registries Files button 101 Viewing Registry Keys for Multiple Customer InstancesTo Copy Key Values Between Registries and Files 102 To Save a Registry Comparison to a File 103 How to Use the Processes ScreenTo View Processes 104 How to Use the Services ScreenTo Save a Process To Terminate a Process 105 To View ServicesTo Stop or Start a Service 106 To Save the Services List to a FileTrace and Log 107 How to Use the Create Log Group ScreenTo Create a Log Group 108 Click Next 109 Renaming Log Groups How to Use the Log Groups ScreenViewing Log Groups Editing Log Groups 111 How to Use the Create Trace Group Screen Batch ModeDeleting Log Groups Refreshing the Log Groups Screen 112 How to Use the Create Trace Group Screen Interactive ModeCreating a Trace Group 113 How to Use the Trace Groups ScreenViewing a Trace Groups Settings 114 Viewing a Trace Groups FileEditing a Trace Group 115 Renaming Trace GroupsDeleting Trace Groups Refreshing the Trace Groups Screen 116 How to Use the Schedule Trace ScreenScheduling a Trace 117 About Log CollectionProducts Supported for Log Collection Collect Logs General Steps 118 What are Merged Logs? 119 How to Use the Collect Logs Screen Batch ModeTo Create a Log Collection 120 How to Use the Log Collections Screen 121 To View Details of Log CollectionsTo Download Collected Logs Log files use the following naming conventions For ICM Log File Naming ConventionsTo Delete a Log Collection To Rename a Log Collection 123 How to Use the Collect Logs Screen Interactive Mode 124 125 Using Cisco Tools from a Command Line 126 Command-Line Mode vs Interactive ModeSelecting a System to Use Selecting a Different Application Server Saving, Viewing, and Retrieving Files Getting Help for Command Line ToolsSelecting a Different Target System Viewing a list of targetable systems 128 How to Use the Services Utility from a Command LineTo Access the Services Utility from a Command Line Embedded Spaces Specified, the utility is run against the local system Using the Services Utility from a Command LineUtility Displays syntax for a specified command Specified, the utility is run on the local system Quit, q Ends the program Starting a serviceStop Stops a started service on the target system Readfile, read Directs command input to another input file To Run the Processes Utility from a Command Line How to Use the Processes Utility from a Command LineViewing and Stopping a Service Examples 132 Using the Processes Utility from a Command Line 133 Viewing and Killing a Service ExamplesKill Terminates a started process on the target system Server 134 To Run the System Interrogate Utility from a Command LineUsing the System Interrogate Utility from a Command Line 135 Repository on the application server Viewing System Information Examples How to Use the Registry Utility from a Command Line 137 To Run the Registry Utility from a Command LineUsing the Registry Utility from a Command Line 138 Command DescriptionInstance whose registry values will be returned Timestamp.xml Viewing Registry Information ExamplesInvokes the Registry utility Named customer1 140 To Run the Compare Registries Utility from a Command LineUsing the Compare Registries Utility from a Command Line 141 Compare, compBy SRC = 142 Compare Registries Examples 143 How to Use the Log Groups Utility from a Command LineCases these may not be identical instances Apply 144 To Run the Log Groups Utility from a Command LineUsing the Log Groups Utility from a Command Line Enter lgtool 145 Rl logname Lsl Lgdesc description Closelg Lslg 146 Creating a Log Group ExamplesRepository Renameloggroup, renlg Enter lctool How to Use the Log Collection Utility from a Command LineTo Run the Log Collection Utility from a Command Line Using the Log Collection Utility from a Command Line 148 Ccolreq Specifies the new collections nameLcdesc Seticmbinary, bin Endtime 149 Downloadlog, download 150 Log Collection ExamplesAs your application server 151 152 153 Part 6 Using Cisco Common Tools 154 Call Routers but can X be run from any ICM component 155 Vrutrace Use to output tracing information from a VoiceUtility Description Name 156 157 Using Cisco Common ToolsHow to Use the CICMan Utility To Access CICMan from the Dashboard 158 To Access CICMan from a Command Line on a NodeUsing CICMan Command line Options 159 How to Use the CTITest UtilityTo Access CTITest from the Dashboard 160 To Access CTITest from a Command Line on a NodeUsing CTITest Configuring 161 Using CTITest Opening a SessionUsing CTITest Logging 162 Below is list of frequently used commands in CTITestCommand Parameters 163 How to Use the DBDiff UtilityTo Access DBDiff from the Dashboard Command 164 How to Use the DumpCfg UtilityTo Access DBDiff from a Command Line on a Node Using DBDiff Using DumpCfg How to Use the Icmdba UtilityTo Access DumpCfg from the Dashboard To Access DumpCfg from a Command Line on a Node To run MPTrace from the Support Tools Dashboard How to Use the MPTrace UtilityAccessing Icmdba To Access MPTrace from the Dashboard 167 To Access MPTrace from a Command Line on a NodeUsing MPTrace Command Line Options 168 How to Use the Nicroi UtilityTo Access Nicroi from the Dashboard To Access Nicroi from a Command Line on a Node 169 Using Tracing in NicroiCapturing Nicroi Data to niclog.xxx 170 Capturing Nicroi Data to Roilog.txtCopying Nicroi Log Files Transferring Files How to Use the NMStart UtilitySetting the Download Directory To Access NMStart from the Dashboard To Access NMStop from the Dashboard How to Use the NMStop UtilityTo Access NMStart from a Command Line on a Node Using NMStart To Access OPCTest from the Dashboard How to Use the OPCTest UtilityTo Access NMStop from a Command Line on a Node Using NMStop 174 To Access OPCTest from a Command Line on a NodeUsing OPCTest 175 176 ExampleDebug Information Exiting and Quitting OPCTest How to Use the Procmon UtilityTo Access Procmon from the Dashboard Use the quit command to exit OPCTest Procmon Basic Commands To Access Procmon from a Command Line on a NodeUsing Procmon 179 How to Use the RTRTrace UtilityProcmon Process-Specific and Troubleshooting Commands 180 How to Use the RTTest UtilityAccessing RTRTrace To Access RTTest from the Dashboard 181 To Access RTTest from a Command Line on a NodeUsing RTTest 182 Status Output ProcessProcess LastStateChange LastHeartBeat Process synchronized Equipment use UTC time as a common time referenceTransfer to the other side Signifies that the process is running fine Date Current date Time Current local time Status Output ControllerWith the ICM call router Data are sent to the ICM peripheral gateway Status Output PeripheralICM peripheral gateway Been established with the ICM peripheral gateway 186 Parameter Descriptions 187 188 Turning up ICM Call Router Tracing with RTTest 189 Turning Off Debug Tracing in RTTest To Access VRUTrace from the Dashboard How to Use the SS7NICTrace UtilityHow to Use the VRUTrace Utility Accessing SS7NICTrace 191 To Access VRUTrace from a Command Line on a NodeUsing VRUTrace Command Line Options VRUTrace Examples 192 193 Utility Name DescriptionSystems 194 195 196 Their properties EventtriggersNetwork Logman 197 Tasklist Displays a list of applications and servicesTasklistCSV Displays a list of applications and services Properties, such as RAM, disk space, Network cards Taskkill 198 Use the CAT utility to display, print, and combine files Using 3rd Party Common ToolsArp -a Cat 200 To Access CAT from the DashboardUsing CAT Command Line Options Use the Chmod utility to set file permissions To Access Chmod from the DashboardUsing Chmod Command Line Options Chmod 202 To Access CP from the DashboardUsing CP Command Line Options Use the CP utility to copy files 203 To Access DF from the Dashboard 204 Using DF Command Line OptionsTo Access Diff from the Dashboard Diff 205 Using Diff Command Line Options 206 To Access DU from the DashboardUsing DU Command Line Options 207 To Access FGrep from the DashboardUsing FGrep Command Line Options Fgrep 208 To Access Findstr from the DashboardFindStr 209 Using Findstr Command Line Options 210 To Access Grep from the DashboardGrep 211 Using Grep Command Line Options 212 To Access Head from the DashboardUsing Head Command Line Options Head 213 IPConfig /allCount defaults to 214 To Access Isql from the Dashboard 215 Using IsqlIsql uses the following options 216 Accessing ISQL/WTo Access LS from the Dashboard Use the LS utility to view directory listings 217 Using LS Command Line Options 218 To Access MV from the DashboardUsing MV Command Line Options 219 To Access NBTStat from the DashboardNBTStat 220 Using NBTStat Command Line OptionsNet Session NetStat To Access NetStat from the DashboardNet Statistics Server Net Statistics Workstation 222 Using NetStat Command Line OptionsTo Access NSLookup from the Dashboard NSLookUp PathPing Using NSLookup Command Line OptionsTo Access PathPing from the Dashboard Using PathPing Command Line Options Options for Ping are To Access Ping from the DashboardUsing Ping Command Line Options Ping 225 PStat 226 To Access RM from the DashboardUsing RM Command Line Options Route -PRINT StopShut To Access Stopshut from the DashboardUsing Stopshut Command Line Options Shutdown Tool 228 Accessing SqlewTo Access Strings from the Dashboard Strings 229 Using Strings Command Line OptionsTo Access Tail from the Dashboard Tail 230 Using Tail Command Line OptionsTo Access Touch from the Dashboard Touch 231 Using Touch Command Line Options Tracert To Access Tracert from the DashboardUsing Tracert Command Line Options To Access WC from the Dashboard 233 Using WC Command Line OptionsTo Access Which from the Dashboard Which 234 Using Which Command Line OptionsWinmsd NetshDump BootcfgqryAccessing WinMSD Displays the Boot.ini file settings of the selected system Eventtriggers To Access Eventtriggers from the DashboardDefragreport Driverquery Logman Using Eventtriggers Command Line OptionsTo Access Logman from the Dashboard Getmac 238 Logman Command Line options 239 240 OpenfilesRelog 241 To Access Relog from the DashboardUsing Relog Command Line Options 242 Answer yes to all questions without prompting Examples 243 To Access Schtasks from the DashboardSchtasks 244 Using Schtasks Command Line OptionsSysteminfoTable 245 SysteminfoListSysteminfoCSV Taskkill Eq, ne, gt, lt, ge, le PID value Eq, ne Service nameEq, ne Eq, ne Image name 247 TasklistTableTasklist TasklistCSV 248 249 Part 8 Reference 250 251 Starting and Stopping Support Tools Server/Node Processes 252 How to Enable/Disable the Stpa ProcessHow to Stop and Start the Support Tools Server How Stop and Start the Node Agent Service 253 254 How to View Stpa Log Files How to View Support Tools LogsHow to View Support ToolsInstall Logs How to View Support Tools Server and Stna Log Files 256 257 IPSec Settings and ProceduresHow to Examine Your IPSec Policy Select the IP Security Policy Management snap-in 258 How to Verif the PreShared KeyHow to Enable/Disable the IPSec Policy 259 260 261 How to Modify the Login Screen Disclaimer 262 263 How to Confirm the Support Tools Build Number 264 Support Tools Fails to Install Support Tools TroubleshootingInstallation Problems Install Hangs Services are not created and/or do not start Dashboard TroubleshootingSupport Tools Installs Disabled Connection Problems Re-enter username and password as follows Network Users Login ProblemsCan Access Dashboard Login Page but cannot log Incorrect or invalid username or password entered Local Users Utility ProblemsError When Selecting Host Support Tools Server fails to connect to the Node Agent 269 Error Processing RequestUtilities Missing Dashboard Online Help Does Not Display Dashboard ProblemsError Processing Request Dashboard Will Not Load 271 Dashboard online help does not display when selectedPopup blockers enabled on client machine Disable popup blocking 272 Index Index