Chapter 12 Administration

Certificate Management

Enrolling and Installing Identity Certificates

When you generate a request for an identity certificate, you need to provide the following information.

Tip Check to be sure that you have this information before you begin.

Table 12-1 Fields in a Certificate Request

 

 

 

 

Abbrev-

 

 

 

 

 

 

Field Name

iation

Manual

SCEP

Recommended Content

 

 

 

 

 

 

 

Common Name

CN

Yes

Yes

The primary identity of the entity associated with the certificate,

 

 

 

 

 

 

 

for example, Engineering VPN. Spaces are allowed. You must

 

 

 

 

 

 

 

enter a name in this field.

 

 

 

 

 

 

 

If you are requesting an SSL certificate, enter the IP address or

 

 

 

 

 

 

 

domain name you use to connect to this VPN 3002, for example:

 

 

 

 

 

 

 

10.10.147.2.

 

 

 

 

 

 

 

 

 

Organizational Unit

OU

Yes

Yes

The name of the department or other organizational unit to which

 

 

 

 

 

 

 

this VPN 3002 belongs, for example: CPU Design. Spaces are

 

 

 

 

 

 

 

allowed.

 

 

 

 

 

 

 

Organization

O

Yes

Yes

The name of the company or organization to which this VPN 3002

 

 

 

 

 

 

 

belongs, for example: Cisco Systems. Spaces are allowed.

 

 

 

 

 

 

 

Locality

L

Yes

Yes

The city or town where this VPN 3002 is located, for example:

 

 

 

 

 

 

 

San Jose. Spaces are allowed.

 

 

 

 

 

 

 

State/Province

SP

Yes

Yes

The state or province where this VPN 3002 is located, for

 

 

 

 

 

 

 

example: California. Spell the name out completely; do not

 

 

 

 

 

 

 

abbreviate. Spaces are allowed.

 

 

 

 

 

 

 

Country

C

Yes

Yes

The country where this VPN 3002 is located, for example: US.

 

 

 

 

 

 

 

Use two characters, no spaces, and no periods. This two-character

 

 

 

 

 

 

 

code must conform to ISO 3166 country codes.

 

 

 

 

 

 

 

Subject Alternative Name

FQDN

Yes

Yes

The fully qualified domain name that identifies this VPN 3002 in

 

(Fully Qualified Domain

 

 

 

this PKI, for example: vpn3030.cisco.com. This field is optional.

 

Name)

 

 

 

The alternative name is an additional data field in the certificate

 

 

 

 

 

 

 

that provides interoperability with many Cisco IOS and PIX

 

 

 

 

 

 

 

systems in LAN-to-LAN connections.

 

 

 

 

 

 

 

Subject Alternative Name

E-mail

Yes

Yes

The e-mail address of the VPN 3002 user.

 

(E-mail Address)

 

 

 

 

 

 

 

 

 

 

 

 

 

Challenge Password

-

No

Yes

This field appears if you are requesting a certificate using SCEP.

 

 

 

 

 

 

 

Use this field according to the policy of your CA:

 

 

 

 

 

 

 

Your CA might have given you a password. If so, enter it here

 

 

 

 

 

 

 

for authentication.

 

 

 

 

 

 

 

Your CA might allow you to provide your own password to

 

 

 

 

 

 

 

use to identify yourself to the CA in the future. If so, create

 

 

 

 

 

 

 

your password here.

 

 

 

 

 

 

 

Your CA might not require a password. If so, leave this field

 

 

 

 

 

 

 

blank.

 

 

 

 

 

 

 

 

 

 

 

 

 

VPN 3002 Hardware Client Reference

 

 

 

 

 

 

 

 

 

 

 

 

12-20

 

 

 

 

 

OL-1893-01

 

 

 

 

 

 

 

 

 

Page 145 Page 147
Page 146
Image 146
Cisco Systems VPN 3002 manual Enrolling and Installing Identity Certificates, 12-20
Page 145 Page 147

VPN 3002 specifications

Cisco Systems VPN 3002 is a versatile hardware device designed to provide secure remote access to corporate networks. As part of Cisco's family of VPN concentrators, the VPN 3002 is aimed at small to medium-sized businesses seeking to establish secure communications over the Internet.

One of the key features of the VPN 3002 is its ability to support a wide range of VPN protocols, including IPsec and L2TP. This flexibility allows businesses to tailor their security solutions to meet specific needs, thereby ensuring robust encryption and integrity for data in transit. The device also supports innovative technologies such as Clientless SSL VPN, enabling users to access corporate resources without the need for a full client installation.

Another vital characteristic of the VPN 3002 is its scalability. It can support multiple users while maintaining optimal performance due to its integrated firewall capabilities. This functionality allows organizations to manage user traffic effectively, ensuring that both security and efficiency are maintained during peak access periods.

Additionally, the VPN 3002 boasts advanced features like NAT traversal, which helps ensure that VPN connections can penetrate network address translation firewalls and other similar devices, thereby enhancing connectivity. It also features strong authentication mechanisms, including support for RADIUS and TACACS+, providing businesses with the ability to implement stringent user verification processes.

The device is designed with ease of use in mind. The setup process is relatively simple, and Cisco's intuitive web-based management interface makes it easy to configure and monitor VPN connections. Furthermore, the VPN 3002 comes with a variety of integrated tools for logging and reporting, allowing administrators to maintain comprehensive oversight of network activities.

In terms of hardware, the VPN 3002 is equipped with multiple Ethernet ports for network connectivity and can support a range of configurations to meet diverse organizational requirements. Its robust design ensures longevity and dependable operation, making it an ideal solution for businesses seeking reliable remote access capabilities.

In conclusion, Cisco Systems VPN 3002 provides a comprehensive solution for organizations looking to secure their remote connections. With its support for various protocols, scalable architecture, advanced security features, and ease of use, it stands out as a reliable choice for enhancing corporate network security.
Top Page Image Contents