Manuals / Cisco Systems / Household Appliance / Home Safety Product

Cisco Systems VPN 3002 Configuration | System | Events | Classes, Severity to Trap, SNMP trap

Models: VPN 3002

1 282

Download 282 pages 2.25 Kb

Page 104

Severity to Trap

Chapter 9

Events

Configuration System Events Classes

Severity to Trap

Click the drop-down menu button and select the range of event severity levels to send to an SNMP network management system (NMS) by default. Event messages sent to SNMP systems are called “traps.” The choices are: None, 1, 1-2, 1-3. The default is None; if you choose this range, no events are sent as SNMP traps.

If you select any severity levels to send, you must also configure SNMP destination system parameters on the Configuration System Events Trap Destinations screens.

The VPN 3002 can send the standard, or “well-known,” SNMP traps listed in Table 9-4. To have an SNMP NMS receive them, you must configure the events as in the table, and configure a trap destination.

Table 9-4	Configuring “Well-Known” SNMP Traps

To send this “well-known”	Configure either General event
SNMP trap	handling or this Event Class	With this Severity to Trap

coldStart	EVENT	1 or higher

linkDown	IP	1-3 or higher

linkUp	IP	1-3 or higher

authFailure1	SNMP	1-3 or higher

1. This trap is SNMP authentication failure, not tunnel authentication failure.

Apply/Cancel

To include your settings for default event handling in the active configuration, click Apply. The Manager returns to the Configuration System Events screen.

Reminder:

To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.

To discard your settings, click Cancel. The Manager returns to the Configuration System Events screen.

Configuration System Events Classes

This section of the Manager lets you add, configure, modify, and delete specific event classes for special handling. You can thus override the general, or default, handling of event classes. For example, you might want to send email for HARDWAREMON events of severity 1-2, whereas default event handling does not send any email.

Event classes denote the source of an event and refer to a specific hardware or software subsystem within the VPN 3002. Table 9-1describes the event classes.

VPN 3002 Hardware Client Reference

9-8	OL-1893-01

Image 104

Cisco Systems VPN 3002 Configuration | System | Events | Classes, Severity to Trap, To send this “well-known”, SNMP trap

Contents

Release November Corporate HeadquartersCisco Systems, Inc 170 West Tasman Drive San Jose, CAVPN 3002 Hardware Client Reference Copyright 2001, Cisco Systems, IncConfiguration System ConfigurationConfiguration | System C O N T E N T SConfiguration | System | Servers | DNS Configuration | System | Tunneling ProtocolsConfiguration | System | IP Routing Configuration System Management ProtocolsConfiguration | Policy Management AdministrationAdministration | Ping Administration | Access RightsMonitoring Monitoring | Routing TableMonitoring | Live Event Log Monitoring | System StatusFiles for Troubleshooting A-1 LED IndicatorsMonitoring | Statistics | MIB-II Monitoring | Statistics | MIB-II| IP78-13782-01 viiiContents Preface PrerequisitesOrganization ChapterChapter TitleDescription ChapterRelated Documentation VPN 3002 Hardware Client DocumentationVPN 3000 Series Concentrator Documentation VPN Client DocumentationDocumentation conventions Other ReferencesConvention boldface fontObtaining Documentation Data FormatsWorld Wide Web Documentation CD-ROMObtaining technical assistance Ordering documentationDocumentation feedback Cisco.comContacting TAC by telephone Contacting TAC by using the Cisco TAC websiteTechnical Assistance Center OL-1893-01 Preface Obtaining technical assistanceVPN 3002 Hardware Client Reference C H A P T E R Using the VPN 3002 Hardware Client ManagerVPN 3002 Hardware Client Browser Requirements Connecting to the VPN 3002 Using HTTP Recommended PC Monitor/Display SettingsJavaScript and Cookies Navigation ToolbarInstalling the SSL Certificate in Your Browser Installing the SSL Certificate in Your BrowserVPN 3002 Hardware Client Reference OL-1893-01Figure 1-2Install SSL Certificate Screen 4.Click Install Certificate 5.Click Next to continue 7.Click Finish Viewing Certificates with Internet Explorer Installing the SSL Certificate with Netscape 1-10 ReinstallationFirst-timeInstallation 1-11 2.Click Next> to proceed1-12 8.Click Continue 1-13Viewing Certificates with Netscape 1-141-15 Click OK when finished1-16 Connecting to the VPN 3002 Using HTTPSConfiguring HTTP, HTTPS, and SSL Parameters Logging into the VPN 3002 Hardware Client Manager 1-171-18 Figure 1-27Manager Main Welcome ScreenLogging into the VPN 3002 Hardware Client Manager VPN 3002 Hardware Client ReferenceInteractive Hardware Client Authentication Individual User Authentication1-19 VPN 3002 Hardware Client ReferenceStep 1 Click the Connection Login Status button 1-20The Connection/Login Status screen displays Step 1 Click the Connect Now buttonStep 2 Click Connect 1-21Figure 1-31Connection Login Status Screen Figure 1-33Connection/Login Status Screen 1-22Figure 1-32Individual User Authentication Screen OL-1893-01 1-23VPN 3002 Hardware Client Reference Title bar Status barMouse pointer and tips Top frameReset RestoreTable of Contents ConfigurationOpen or expanded Main frameManager screen 1-261-27 –Interfaces: Ethernet parametersFigure 1-35Manager Table of Contents Navigating the VPN 3002 Hardware Client Manager1-28 C H A P T E R ConfigurationConfiguration OL-1893-01 Chapter 2 Configuration ConfigurationVPN 3002 Hardware Client Reference C H A P T E R Configuration | InterfacesInterfaces Interface Ethernet 1 Private, Ethernet 2 PublicDNS Servers DNS Domain NameDefault Gateway StatusIP Address Subnet MaskConfiguration | Interfaces | Private DisabledStatic IP Addressing IP AddressApply/Cancel Subnet MaskSpeed DuplexConfiguration | Interfaces | Public DHCP ClientPPPoE Client DisabledPPPoE Password Verify PPPoE PasswordPPPoE User Name Static IP AddressingReminder Apply / CancelDuplex C H A P T E R System ConfigurationConfiguration | System Chapter 4 System Configuration Configuration | SystemVPN 3002 Hardware Client Reference OL-1893-01Configuration | System | Servers Configuration | System | Servers | DNSServers C H A P T E REnabled DomainPrimary DNS Server Secondary DNS ServerTimeout Period Timeout RetriesApply / Cancel Configuration | System | Servers | DNSConfiguration | System | Servers | DNS ChapterVPN 3002 Hardware Client Reference OL-1893-01Tunneling C H A P T E RConfiguration System Tunneling Protocols Backup Servers Remote ServerAbout Backup Servers IPSec over TCP IPSec over TCP PortUse Certificate Certificate TransmissionGroup About IPSec over TCPPassword UserVerify PasswordChapter VPN 3002 Hardware Client ReferenceOL-1893-01 TunnelingC H A P T E R Configuration | System | IP RoutingIP Routing Static Routes Add / Modify / DeleteReminder Chapter 7 IP RoutingSubnet Mask Network AddressMetric Add or Apply / Cancel DestinationDestination Router Address InterfaceDefault Gateway Apply / CancelMetric ReminderConfiguration | System | IP Routing | DHCP Lease TimeoutAddress Pool Start/End EnabledDHCP Option Add/Modify/DeleteApply/Cancel ReminderReminder Option ValueDHCP Option Nonconfigurable DHCP Options 7-10 Chapter 7 IP RoutingVPN 3002 Hardware Client Reference OL-1893-01C H A P T E R Configuration | System | Management ProtocolsManagement Protocols Enable HTTP About HTTP/HTTPSEnable HTTPS Enable HTTPS on PublicHTTP Port HTTPS PortVPN 3002 Hardware Client Reference Enable TelnetChapter 8 Management Protocols Enable Telnet/SSL Telnet PortTelnet/SSL Port Maximum ConnectionsEnable SNMP SNMP PortMaximum Queued Requests Apply / CancelReminder Community Strings Communities | Add or ModifyAdd/Modify/Delete ReminderReminder Community StringAdd or Apply / Cancel 8-10 Related information8-11 Client AuthenticationEncryption Algorithms SSL Version Generated Certificate Key Size8-12 Apply/Cancel8-13 Chapter 8 Management ProtocolsVPN 3002 Hardware Client Reference OL-1893-01Enable SSH Enable SSH on PublicSSH Port Key Regeneration Period8-15 Apply / CancelTo apply your SSH settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | Management Protocols screen ReminderEnable XML 8-16Enable HTTPS on Public Chapter 8 Management ProtocolsHTTPS IP Address HTTPS Wildcard-maskSSH IP Address SSH Wildcard-mask8-18 Chapter 8 Management ProtocolsVPN 3002 Hardware Client Reference OL-1893-01Events Event ClassClass Description Event Source Class NameClass Description Event Source Class NameCisco-specificEvent Class EVENTMIBEvent Severity Level LevelCategory DescriptionEvent Log Event Log DataFigure 9-1Configuration | System | Events Screen Configuration | System | EventsConfiguration System Events General Syslog Format StringSeverity to Log Severity to ConsoleSeverity to Syslog Cisco IOS SeverityConfiguration | System | Events | Classes Configure either General eventSeverity to Trap To send this “well-known”Reminder Configured Event ClassesAdd/Modify/Delete Enable Class NameModify screen 9-10Add or Apply/Cancel 9-11Severity to Console Severity to SyslogTrap Destinations 9-12Add/Modify/Delete ChapterSNMP Version Community9-13 DestinationConfiguration System Events Syslog Servers Port9-14 Add or Apply/CancelSyslog Servers 9-15Add/Modify/Delete ReminderSyslog Server Facility9-16 Port9-17 Add or Apply/CancelTo add this server to the list of syslog servers, click Add. Or to apply your changes to this syslog server, click Apply. Both actions include your entry in the active configuration. The Manager returns to the Configuration | System | Events | Syslog Servers screen. Any new server appears in the Syslog Servers list Reminder9-18 ChapterVPN 3002 Hardware Client Reference OL-1893-01Configuration | System | General General10-1 C H A P T E RConfiguration | System | General | Identification System NameContact LocationConfiguration | System | General | Time and Date Enable DST SupportCurrent Time New Time10-4 Configuration | System | General | Time and DateReminder Chapter 10 GeneralPolicy Management Client Mode/PATClient Mode with Split Tunneling 11-1Network Extension Mode 11-2Chapter 11 Policy Management Network Extension ModeNetwork Extension Mode with Split Tunneling 11-3Tunnel Initiation Data InitiationStep 2 Click Connect Now 11-4Configuration | Policy Management Traffic ManagementMode Tunneling PolicyConfiguration Policy Management Traffic Management | PAT11-6 EnablePAT Enabled 11-7Apply/Cancel Reminder11-8 Chapter 11 Policy ManagementVPN 3002 Hardware Client Reference OL-1893-01Administration Administration12-1 C H A P T E RFigure 12-1Administration Screen Administration | Software Update12-2 Upload/Cancel Current Software RevisionBrowse 12-3Software Update Progress Software Update SuccessSoftware Update Error 12-4Administration | System Reboot 12-5Chapter 12 Administration Administration | System RebootConfiguration Action12-6 Figure 12-6Administration | System Reboot ScreenAdministration | Ping When to Reboot/Shutdown12-7 Apply/CancelPing/Cancel Error PingAddress/Hostname to Ping Success PingAdministration | Access Rights Administration | Access Rights | Administrators12-9 Figure 12-10Administration | Access Rights ScreenAdministrator PasswordVerify 12-10Administration | Access Rights | Access Settings Session Idle TimeoutEncrypt Config File Session LimitAdministration | File Management View SaveDelete 12-12Swap Config Files Config File Upload via HTTPOK/Cancel 12-13Local Config File/Browse File Upload Progress12-14 Upload/Cancel12-15 File Upload ErrorFile Upload Success 12-16 Enrolling and Installing Digital CertificatesCertificate Management 12-17 12-18 Installing CA Certificates Manually 12-19Enrolling and Installing Identity Certificates Recommended ContentAbbrev Field Name12-21 Verify Challenge Password12-22 12-23 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The VPN 3002 sends the certificate request to the CA12-24 12-25 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The Manager displays the Administration | Certificate Management | Enrollment | Request Generated screen. See Figure12-26 Certificate Obtained via Enrollment Screen12-27 Obtaining SSL Certificates Enabling Digital Certificates on the VPN 12-29Deleting Digital Certificates 12-3012-31 Administration | Certificate ManagementCertificate Authority Content Certificate Authorities TableIdentity Certificates Table FieldsSSL Certificate Table Generate 12-3312-34 ContentSubject/Issuer FieldsEnrollment Status Table Remove All12-35 Content12-36 ContentField StatusAdministration | Certificate Management | Enroll Identity CertificateSSL Certificate 12-37Install a New SA Using SCEP before Enrolling TypeEnroll via PKCS10 Request Manual Enroll via SCEP at Name of SCEP CA12-39 Enroll / CancelFields Go to Certificate Management Go to Certificate Enrollment12-40 Chapter 12 AdministrationFields Go to Certificate Installation12-41 12-42 Enroll / CancelChapter 12 Administration VPN 3002 Hardware Client ReferenceCancel Enroll12-43 FieldsAdministration | Certificate Management | Install Install CA CertificateInstall SSL Certificate with Private Key Install Certificate Obtained via EnrollmentCertificate Obtained via Enrollment Screen 12-45Enrollment Status Table SCEP Simple Certificate Enrollment Protocol Cut & Paste TextUpload File from Workstation 12-4612-47 Retrieve / CancelCA Descriptor Install / Cancel Certificate Text12-48 PasswordFilename / Browse 12-49Password Install / CancelAdministration | Certificate Management | View 12-50Chapter 12 Administration Administration | Certificate Management | ViewCertificate Fields 12-51Content FieldBack 12-52Content FieldAdministration | Certificate Management | Configure CA CertificateSCEP Configuration CertificateAdministration | Certificate Management | Renewal Polling Limit12-54 Apply / CancelChallenge Password Verify Challenge PasswordRenew / Cancel Renewal Type12-56 Go to Certificate InstallationStatus Go to Certificate ManagementFields Administration | Certificate Management | Delete12-57 View Enrollment Request Yes / No12-58 Administration | Certificate Management |Enrollment Request Fields 12-59Content FieldCancel Enrollment Request 12-60Administration Certificate Management ContentDelete Enrollment Request 12-61Administration | Certificate Management | Fields12-62 FieldsYes / No To delete this enrollment request, click YesMonitoring 13-1C H A P T E R Figure 13-1Monitoring ScreenMonitoring | Routing Table Clear RoutesValid Routes Address13-3 Monitoring | Filterable Event LogMetric Select Filter Options Event ClassSeverities Client IP AddressEvent Log Format Get LogClear Log There is no undoMonitoring | Live Event Log Event TimeEvent Severity Event Class/NumberTimer Pause Display/Resume DisplayClear Display RestartReset RestoreMonitoring | System Status 13-8Bootcode Rev RefreshVPN Client Type Software RevAuthentication Tunnel Established toDuration Security AssociationsFront Panel Back PanelOther 13-1113-12 RestoreRefresh BackRx Unicast Tx UnicastRx Multicast Tx MulticastCisco IP Phone Bypass Enabled/Disabled Login TimeMonitoring | User Status UsernameMonitoring | Statistics 13-15Monitoring Statistics IPSec 13-16Reset RestoreIKE Phase 1 Statistics Active TunnelsTotal Tunnels Received BytesReceived Phase-2Exchanges Sent Phase-2ExchangesInvalid Phase-2Exchanges Received Invalid Phase-2Exchanges SentPhase-2SA Delete Requests Sent Authentication FailuresInitiated Tunnels Failed Initiated TunnelsIPSec Phase 2 Statistics Received Packets Dropped Anti-Replay13-20 Active TunnelsInbound Authentications Failed Inbound AuthenticationsOutbound Authentications Failed Outbound AuthenticationsMonitoring Statistics HTTP Protocol Use Failures13-22 System Capability FailuresOctets Sent/Received Packets Sent/ReceivedPackets Sent Sockets/Sessions PeakLogin Name Login TimeHTTP Sessions Max ConnectionsMonitoring | Statistics | Telnet Active Sessions13-25 ResetInbound Octets Command Attempted SessionsSuccessful Sessions Telnet SessionsMonitoring | Statistics | DNS RequestsResponses 13-27Timeouts Monitoring | Statistics | SSLServer Unreachable Other FailuresUnencrypted Inbound Octets Encrypted Inbound OctetsUnencrypted Outbound Octets Encrypted Outbound OctetsMonitoring | Statistics | DHCP Active LeasesMaximum Active Leases 13-30Pool Start Pool EndLeased IP Address Time LeftMonitoring | Statistics | SSH 13-32Reset RestoreSSH Sessions Remote IP Address:Port13-33 Login NameMonitoring | Statistics | NAT Packets In/Out13-34 ResetNAT Sessions Translations ActiveTranslations Peak Translations TotalMonitoring | Statistics | PPPoE Translated Bytes/Packets13-36 ResetPPPoE Access Concentrator PADI TimeoutsPADR Timeouts User NameGeneric Errors Rx PADT RxPADT Tx Malformed Packets RxMonitoring | Statistics | MIB-II 13-39Monitoring | Statistics | MIB-II| Interfaces 13-40Reset RestoreUnicast In Unicast OutMulticast In Multicast OutMonitoring | Statistics | MIB-II| TCP/UDP TCP Segments Received13-42 ResetTCP Timeout Min TCP Timeout MaxTCP Segments Transmitted TCP Segments RetransmittedTCP Established Resets UDP Errored DatagramsTCP Current Established UDP Datagrams ReceivedMonitoring | Statistics | MIB-II| IP 13-45Reset RestorePackets Received Header Errors Packets Received Address ErrorsPackets Received Total Packets Received Unknown ProtocolsFragments Needing Reassembly Reassembly SuccessesReassembly Failures Outbound Packets with No RouteMonitoring Statistics MIB-II ICMP Total Received/Transmitted13-48 ResetErrors Received/Transmitted Parameter Problems Received/TransmittedDestination Unreachable Received/Transmitted Time Exceeded Received/TransmittedTimestamp Requests Received/Transmitted Timestamp Replies Received/TransmittedAddress Mask Requests Received/Transmitted Address Mask Replies Received/TransmittedMonitoring | Statistics | MIB-II| ARP Table 13-51Refresh Chapter 13 MonitoringPhysical Address Mapping TypeAction/Delete 13-52Monitoring | Statistics | MIB-II| Ethernet 13-53Reset RestoreAlignment Errors FCS ErrorsCarrier Sense Errors SQE Test ErrorsMAC Errors: Transmit MAC Errors: ReceiveExcessive Collisions Speed MbpsMonitoring | Statistics | MIB-II| SNMP Requests ReceivedBad Version 13-56Parsing Errors Bad Community StringSilent Drops Proxy Drops13-58 Chapter 13 MonitoringMonitoring | Statistics | MIB-II| SNMP VPN 3002 Hardware Client ReferenceUsing the Command-LineInterface Accessing the Command-lineInterfaceConsole Access 14-114-2 Starting the Command-lineInterfaceTelnet or Telnet/SSL access Using the Command-lineInterface Choosing Menu ItemsEntering Values 14-314-4 Using Shortcut NumbersNavigating Quickly 14-5 Using Back and HomeGetting Help Information Saving the Configuration File Stopping the Command-lineInterfaceUnderstanding Access Rights 14-61Configuration 1.1 Configuration > Quick Configuration1.2 Configuration > Interface Configuration Menu Reference1.3Configuration > System Management 1.3.1Configuration > System Management > Servers2.1 Administration > Software Update 2Administration1.4Configuration > Policy Management 2.2Administration > System Reboot 2.3Administration > Ping2.4Administration Access Rights 14-102.5 Administration > File Management 2.6Administration > Certificate Management3 Monitoring 3.1 Monitoring > Routing Table 3.2Monitoring > Event Log3.2.2 Monitoring > Event Log > View Event Log 3.3 Monitoring > System Status3.4 Monitoring > User Status 3.5Monitoring > General StatisticsTroubleshooting and System Errors Files for TroubleshootingEvent Logs Crash Dump FileLED Indicators Configuration FilesVPN 3002 Front LEDs Crash Dump FileSystem Errors Problem or SymptomPossible Solution VPN 3002 Rear LEDsSettings on the VPN Concentrator Series Concentrator Reference Volumethe VPN 3002 Hardware Client User Reference on Connect NowVPN 3002 Hardware Client Manager Errors Invalid Login or Session TimeoutProblem SolutionLogin Manager Logs OutError Message Incorrect DisplayBack or Forward on Possible causeNot Allowed Message ProblemSolution Possible causeNot Found interface supportedProblem SolutionCommand-lineInterface Errors ErrorA-10 ProblemIN-1 NumericsI N D E See CLI IN-2errors A-10 help commandIN-3 IN-4 IN-5 IN-6 IN-7 See also tunnel IN-8IN-9 IN-10 IN-11 IN-12 IndexVPN 3002 Hardware Client Reference OL-1893-01