Cisco Systems 2.1(1) Manual IPSec Implementation

–If a non-Cisco policy already exists on the target machine and is not assigned, Support

Tools will create and assign a Cisco policy.

Manual IPSec Implementation

On Windows 2000 and XP platforms, IPSec can be used but must be conﬁgured manually. This

section provides guidelines on setting up IPSec for Support Tools.

When conﬁguring Support Tools to use IPSec:

•The policy for the Support Tools server should be conﬁgured to support shared keys.

•A ﬁlter should be added complying with the above listed recommendations when securing

a Support Tools component that resides on a system with a one-to-one IPSEC policy. The

ﬁlter should be added to the ﬁlter list of the existing policy and listed second.

A conﬁguration example follows:

Client Policy

IP Filter

From any IP address / TCP port

To any IP address / specific TCP port (39100, Support

Tools default)

Filter Action

Request Security on Support Tools Server

Require Security on Node Agent

Negotiate security

ESP with SHA1 Integrity and no encryption

Authentication Mode (Both should be listed on Support

Tools server)

Preshared key

Cisco Support Tools User Guide for Cisco Unified Software Release 2.1(1)

45

Chapter 6: About Support Tools Security

Using IPSecurity with Support Tools

Contents

Main Page Table of Contents Page Page Page Page Page Page Page Page Page Page Page Page Organization Related Documentation Conventions Obtaining Documentation Cisco.com Product Documentation DVD Ordering Documentation Documentation Feedback Product Alerts and Field Notices Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support & Documentation Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information Page Page Page Page Chapter 1 New Features in this Release Page Chapter 2 Support Tools Requirements and Compatibility Support Tools Node Requirements Support Tools Node Compatibility with Cisco Unified Products and Product Components Support Tools Node Hardware Requirements Support Tools Server Requirements Support Tools Server Hardware Requirements Support Tools Server OS Requirements Support Tools Server Network Requirements Support Tools Server / Node Version Compatibility Support Tools Port Requirements Support Tools HTTP Server (Tomcat) HTTP and HTTPS Port Support Tools Listening Port Support Tools Dashboard Web Browser Requirements Page Page Chapter 3 About Cisco Support Tools Key Features Key Features About Support Tools Components The Support Tools Server The Support Tools Node About Support Tools Network Topology Frequently Asked Questions Page Page Chapter 4 About Support Tools Utilities Support Tools Utilities List Web Tools Trace and Log Tools Cisco Common Tools 3rd Party Common Tools Page Page Page Page Privileged Utilities Utility Installation Locations Non-Dashboard Utilities Command-Line vs GUI Access Page Chapter 5 Interactive Mode vs. Batch Mode Working in Interactive Mode Working in Batch Mode Using Tools in Batch Mode Pending Jobs Canceling a Batch Mode Job Page Page Chapter 6 About Support Tools Security Support Tools Security Features Using IPSecurity with Support Tools Automated IPSec Implementation Manual IPSec Implementation Page Page Page Chapter 7 Installing Support Tools About Installing Support Tools Support Tools Installation Tasks Page Post-Installation Configuration How to Collect Information for Support Tools Installation How to Create Support Tools User Groups To Create Support Tools User Groups Creating Local Accounts on the Support Tools Server How to Create the Distinguished User Account How to Create the Distinguished User Account How to Assign Directory Privileges to the Distinguished User How to Install the Support Tools Server Page Page How to Install the Support Tools Node How to Test the Support Tools Installation Page Page Chapter 8 Configuring Support Tools About Configuring Support Tools How to Modify Support Tools Basic Configuration Communication Port Location of the Support Tools Installation Location of the Support Tools Repository Support Tools Administrative Group How to Disable Continuous Virus Scan for the Repository How to Modify Processes and Services Listed in the Process Information List Page Page How to Configure SQL for Use with the System Interrogate Tool Configuration of sysquery and Trace Chapter 9 Uninstalling, Reinstalling and Upgrading Support Tools How to Uninstall Support Tools How to Reinstall Support Tools Upgrading Support Tools Page Page Chapter 10 Using the Support Tools Dashboard Accessing the Dashboard and Privileges Accessing the Dashboard Dashboard Privileges Using the Dashboard for the First Time Accessing Utilities in the Dashboard Selecting a System to Work With in Interactive Mode Adding a System to the System List Navigating and Refreshing Pages in the Dashboard How to Access the Support Tools Dashboard How to Use the System Management Screen To Add a Node to the System List To Automatically Add CVP and Support Tools Server Nodes To Test the Connection to a Node To Delete a Node from the System List Using the Select System Screen Using the Select System Screen Adding a Support Tools Node to the System List How to End a Dashboard Session Page Page Part 5: Using Support Tools Web Tools Page Chapter 11 Using Support Tools Utilities from the Dashboard How to Use the System Interrogate Screen Page Page Page Page Page Page Page Page Page To Retrieve System Information in Interactive Mode To Retrieve System Information in Batch Mode To Save System Information to a File To Save Files Returned from a System Interrogate How to Use the History Screens To Set an Expiration Date for History Files To View a Saved File To View Diff Only for Registry Compare Files (Registry Compare - History Screen Only) To Rename a File To Delete a File How to Use the Registry Screen To use the Registry Screen How to Use the Registry Compare Screen To Compare the Current System to Another To Compare the Current System to a Saved Registry File To Compare Two Saved Registry Files Understanding the Compare Registries Display Viewing Registry Keys for Multiple Customer Instances To Copy Key Values Between Registries and Files To Save a Registry Comparison to a File How to Use the Processes Screen To View Processes To Save a Process To Terminate a Process How to Use the Services Screen To View Services To Stop or Start a Service To Save the Services List to a File Trace and Log How to Use the Create Log Group Screen To Create a Log Group Page Page How to Use the Log Groups Screen Viewing Log Groups Editing Log Groups Renaming Log Groups Deleting Log Groups How to Use the Create Trace Group Screen (Batch Mode) Creating a Trace Group How to Use the Create Trace Group Screen (Interactive Mode) Creating a Trace Group How to Use the Trace Groups Screen Viewing a Trace Group's Settings Viewing a Trace Group's File Editing a Trace Group Renaming Trace Groups Deleting Trace Groups Refreshing the Trace Groups Screen How to Use the Schedule Trace Screen Scheduling a Trace About Log Collection Products Supported for Log Collection Collect Logs: General Steps What are Merged Logs? How to Use the Collect Logs Screen (Batch Mode) To Create a Log Collection How to Use the Log Collections Screen To View Details of Log Collections To Download Collected Logs Log File Naming Conventions To Delete a Log Collection To Rename a Log Collection How to Use the Collect Logs Screen (Interactive Mode) To Create a Log Collection Page Chapter 12 Using Cisco Tools from a Command Line Command-Line Mode vs Interactive Mode Selecting a System to Use Selecting a Different Application Server Selecting a Different Target System Viewing a list of targetable systems Saving, Viewing, and Retrieving Files Getting Help for Command Line Tools Embedded Spaces How to Use the Services Utility from a Command Line To Access the Services Utility from a Command Line Using the Services Utility from a Command Line Page Viewing and Stopping a Service - Examples How to Use the Processes Utility from a Command Line To Run the Processes Utility from a Command Line Using the Processes Utility from a Command Line Viewing and Killing a Service - Examples How to Use the System Interrogate Utility from a Command Line To Run the System Interrogate Utility from a Command Line Using the System Interrogate Utility from a Command Line Page Viewing System Information - Examples How to Use the Registry Utility from a Command Line To Run the Registry Utility from a Command Line Using the Registry Utility from a Command Line Page Viewing Registry Information - Examples How to Use the Compare Registries Utility from a Command Line To Run the Compare Registries Utility from a Command Line Using the Compare Registries Utility from a Command Line Page Compare Registries - Examples How to Use the Log Groups Utility from a Command Line To Run the Log Groups Utility from a Command Line Using the Log Groups Utility from a Command Line Page Creating a Log Group - Examples How to Use the Log Collection Utility from a Command Line To Run the Log Collection Utility from a Command Line Using the Log Collection Utility from a Command Line Page Page Log Collection - Examples Page Page Part 6: Using Cisco Common Tools Page Page Page Chapter 13 Using Cisco Common Tools How to Use the CICMan Utility To Access CICMan from the Dashboard To Access CICMan from a Command Line on a Node Using CICMan - Command line Options How to Use the CTITest Utility To Access CTITest from the Dashboard To Access CTITest from a Command Line on a Node Using CTITest - Configuring Using CTITest - Opening a Session Using CTITest - Logging In How to Use the DBDiff Utility To Access DBDiff from the Dashboard To Access DBDiff from a Command Line on a Node Using DBDiff How to Use the DumpCfg Utility To Access DumpCfg from the Dashboard To Access DumpCfg from a Command Line on a Node Using DumpCfg How to Use the ICMDBA Utility Accessing ICMDBA How to Use the MPTrace Utility To Access MPTrace from the Dashboard To Access MPTrace from a Command Line on a Node Using MPTrace - Command Line Options How to Use the NICROI Utility To Access NICROI from the Dashboard To Access NICROI from a Command Line on a Node Using Tracing in NICROI Capturing NICROI Data to niclog.xxx Capturing NICROI Data to Roilog.txt Copying NICROI Log Files Setting the Download Directory Transferring Files How to Use the NMStart Utility To Access NMStart from the Dashboard To Access NMStart from a Command Line on a Node Using NMStart How to Use the NMStop Utility To Access NMStop from the Dashboard To Access NMStop from a Command Line on a Node Using NMStop How to Use the OPCTest Utility To Access OPCTest from the Dashboard To Access OPCTest from a Command Line on a Node Using OPCTest Page Example Debug Information Exiting and Quitting OPCTest How to Use the Procmon Utility To Access Procmon from the Dashboard To Access Procmon from a Command Line on a Node Using Procmon Procmon Basic Commands Procmon Process-Specific and Troubleshooting Commands How to Use the RTRTrace Utility Accessing RTRTrace How to Use the RTTest Utility To Access RTTest from the Dashboard To Access RTTest from a Command Line on a Node Using RTTest Status Output: Process Page Status Output: Controller Status Output: Peripheral Parameter Descriptions Page Turning up ICM Call Router Tracing with RTTest Turning Off Debug Tracing in RTTest Ending an RTTest Session How to Use the SS7NICTrace Utility Accessing SS7NICTrace How to Use the VRUTrace Utility To Access VRUTrace from the Dashboard To Access VRUTrace from a Command Line on a Node Using VRUTrace - Command Line Options VRUTrace Examples Page Part 7: Using 3rd Party Common Tools Page Page Page Page Page Chapter 14 Using 3rd Party Common Tools Arp -a cat To Access CAT from the Dashboard Using CAT - Command Line Options chmod To Access CHMOD from the Dashboard Using CHMOD - Command Line Options cp To Access CP from the Dashboard Using CP - Command Line Options df To Access DF from the Dashboard Using DF - Command Line Options diff To Access Diff from the Dashboard Using Diff - Command Line Options du To Access DU from the Dashboard Using DU - Command Line Options fgrep To Access FGrep from the Dashboard Using FGrep - Command Line Options FindStr To Access Findstr from the Dashboard Using Findstr - Command Line Options grep To Access Grep from the Dashboard Using Grep - Command Line Options head To Access Head from the Dashboard Using Head - Command Line Options IPConfig /all ISQL To Access ISQL from the Dashboard Using ISQL ISQLW Accessing ISQL/W ls To Access LS from the Dashboard Using LS - Command Line Options mv To Access MV from the Dashboard Using MV - Command Line Options NBTStat To Access NBTStat from the Dashboard Using NBTStat - Command Line Options Net Session Net Statistics Server Net Statistics Workstation NetStat To Access NetStat from the Dashboard Using NetStat - Command Line Options NSLookUp To Access NSLookup from the Dashboard Using NSLookup - Command Line Options PathPing To Access PathPing from the Dashboard Using PathPing - Command Line Options Ping To Access Ping from the Dashboard Using Ping - Command Line Options PStat rm To Access RM from the Dashboard Using RM - Command Line Options Route -PRINT Shutdown Tool StopShut To Access Stopshut from the Dashboard Using Stopshut - Command Line Options SQLEW Accessing SQLEW Strings To Access Strings from the Dashboard Using Strings - Command Line Options tail To Access Tail from the Dashboard Using Tail - Command Line Options touch To Access Touch from the Dashboard Using Touch - Command Line Options Tracert To Access Tracert from the Dashboard Using Tracert - Command Line Options wc To Access WC from the Dashboard which To Access Which from the Dashboard Using Which - Command Line Options Winmsd Accessing WinMSD NetshDump Bootcfgqry Defraganalyze Defragreport Driverquery Eventtriggers To Access Eventtriggers from the Dashboard Using Eventtriggers - Command Line Options Getmac Logman To Access Logman from the Dashboard Logman - Command Line options Page Openfiles Relog To Access Relog from the Dashboard Using Relog - Command Line Options SC Schtasks To Access Schtasks from the Dashboard Using Schtasks - Command Line Options SysteminfoTable SysteminfoList SysteminfoCSV Taskkill Page TasklistTable Tasklist TasklistCSV Page Page Page Chapter 15 Starting and Stopping Support Tools Server/Node Processes How to Stop and Start the Support Tools Dashboard/Cisco CCBU Support Tools HTTP Server (Tomcat) How to Stop and Start the Support Tools Server How Stop and Start the Node Agent Service How to Enable/Disable the STPA Process Page Page Chapter 16 How to View Support Tools Logs Page Chapter 17 IPSec Settings and Procedures How to Examine Your IPSec Policy How to Verif the PreShared Key How to Enable/Disable the IPSec Policy How to Correlate the Support Tools Port Against Ports in the IPSec policy Page Page Chapter 18 How to Modify the Login Screen Disclaimer Page Page Page Support Tools Troubleshooting Installation Problems Install Hangs Support Tools Fails to Install Chapter 20 Troubleshooting Support Tools Installs Disabled Dashboard Troubleshooting Connection Problems Action: Login Problems Symptom: Message: Cause: Action: Utility Problems Error When Selecting Host Utilities Missing Error Processing Request Dashboard Problems Dashboard Will Not Load Dashboard Online Help Does Not Display Page Page Index