Manuals / Cisco Systems / Household Appliance / Home Safety Product

Cisco Systems VPN 3002 manual 12-21, Verify Challenge Password

Models: VPN 3002

1 282

Download 282 pages 2.25 Kb

Page 147

Chapter 12 Administration

Certificate Management

Table 12-1 Fields in a Certificate Request

Verify Challenge Password	-	No	Yes	Re-enter the challenge password.

Key Size	-	Yes	Yes	The algorithm for generating the public-key/private-key pair, and
				the key size. If you are requesting an SSL certificate, of if you are
				requesting an identity certificate using SCEP, only the RSA
				options are available.
				• RSA 512 bits = Generate 512-bit keys using the RSA (Rivest,
				Shamir, Adelman) algorithm. This key size provides
				sufficient security and is the default selection. It is the most
				common, and requires the least processing.
				• RSA 768 bits = Generate 768-bit keys using the RSA
				algorithm. This key size provides normal security. It requires
				approximately 2 to 4 times more processing than the 512-bit
				key.
				• RSA 1024 bits = Generate 1024-bit keys using the RSA
				algorithm. This key size provides high security, and it
				requires approximately 4 to 8 times more processing than the
				512-bit key.

		Yes	No	• DSA 512 bits = Generate 512-bit keys using DSA (Digital
				Signature Algorithm).
				• DSA 768 bits = Generate 768-bit keys using the DSA
				algorithm.
				• DSA 1024 bits = Generate 1024-bit keys using the DSA
				algorithm.

		VPN 3002 Hardware Client Reference
		VPN 3002 Hardware Client Reference
	OL-1893-01			12-21
	OL-1893-01			12-21

Image 147

Cisco Systems VPN 3002 manual 12-21, Verify Challenge Password

Contents

170 West Tasman Drive San Jose, CA Release NovemberCorporate Headquarters Cisco Systems, IncCopyright 2001, Cisco Systems, Inc VPN 3002 Hardware Client ReferenceC O N T E N T S ConfigurationSystem Configuration Configuration | SystemConfiguration System Management Protocols Configuration | System | Servers | DNSConfiguration | System | Tunneling Protocols Configuration | System | IP RoutingAdministration | Access Rights Configuration | Policy ManagementAdministration Administration | PingMonitoring | System Status MonitoringMonitoring | Routing Table Monitoring | Live Event LogMonitoring | Statistics | MIB-II| IP Files for Troubleshooting A-1LED Indicators Monitoring | Statistics | MIB-IIviii Contents78-13782-01 Chapter PrefacePrerequisites OrganizationChapter ChapterTitle DescriptionVPN Client Documentation Related DocumentationVPN 3002 Hardware Client Documentation VPN 3000 Series Concentrator Documentationboldface font Documentation conventionsOther References ConventionDocumentation CD-ROM Obtaining DocumentationData Formats World Wide WebCisco.com Obtaining technical assistanceOrdering documentation Documentation feedbackContacting TAC by using the Cisco TAC website Technical Assistance CenterContacting TAC by telephone Preface Obtaining technical assistance VPN 3002 Hardware Client ReferenceOL-1893-01 Using the VPN 3002 Hardware Client Manager VPN 3002 Hardware Client Browser RequirementsC H A P T E R Navigation Toolbar Connecting to the VPN 3002 Using HTTPRecommended PC Monitor/Display Settings JavaScript and CookiesOL-1893-01 Installing the SSL Certificate in Your BrowserInstalling the SSL Certificate in Your Browser VPN 3002 Hardware Client ReferenceFigure 1-2Install SSL Certificate Screen 4.Click Install Certificate 5.Click Next to continue 7.Click Finish Viewing Certificates with Internet Explorer Installing the SSL Certificate with Netscape Reinstallation First-timeInstallation1-10 2.Click Next> to proceed 1-111-12 1-13 8.Click Continue1-14 Viewing Certificates with NetscapeClick OK when finished 1-15Connecting to the VPN 3002 Using HTTPS Configuring HTTP, HTTPS, and SSL Parameters1-16 1-17 Logging into the VPN 3002 Hardware Client ManagerVPN 3002 Hardware Client Reference 1-18Figure 1-27Manager Main Welcome Screen Logging into the VPN 3002 Hardware Client ManagerVPN 3002 Hardware Client Reference Interactive Hardware Client AuthenticationIndividual User Authentication 1-19Step 1 Click the Connect Now button Step 1 Click the Connection Login Status button1-20 The Connection/Login Status screen displays1-21 Figure 1-31Connection Login Status ScreenStep 2 Click Connect 1-22 Figure 1-32Individual User Authentication ScreenFigure 1-33Connection/Login Status Screen 1-23 VPN 3002 Hardware Client ReferenceOL-1893-01 Top frame Title barStatus bar Mouse pointer and tipsConfiguration ResetRestore Table of Contents1-26 Open or expandedMain frame Manager screen–Interfaces: Ethernet parameters 1-27Navigating the VPN 3002 Hardware Client Manager 1-28Figure 1-35Manager Table of Contents Configuration ConfigurationC H A P T E R Chapter 2 Configuration Configuration VPN 3002 Hardware Client ReferenceOL-1893-01 Configuration | Interfaces InterfacesC H A P T E R DNS Domain Name InterfaceEthernet 1 Private, Ethernet 2 Public DNS ServersSubnet Mask Default GatewayStatus IP AddressIP Address Configuration | Interfaces | PrivateDisabled Static IP AddressingDuplex Apply/CancelSubnet Mask SpeedDisabled Configuration | Interfaces | PublicDHCP Client PPPoE ClientStatic IP Addressing PPPoE PasswordVerify PPPoE Password PPPoE User NameApply / Cancel DuplexReminder System Configuration Configuration | SystemC H A P T E R OL-1893-01 Chapter 4 System ConfigurationConfiguration | System VPN 3002 Hardware Client ReferenceC H A P T E R Configuration | System | ServersConfiguration | System | Servers | DNS ServersSecondary DNS Server EnabledDomain Primary DNS ServerConfiguration | System | Servers | DNS Timeout PeriodTimeout Retries Apply / CancelOL-1893-01 Configuration | System | Servers | DNSChapter VPN 3002 Hardware Client ReferenceC H A P T E R TunnelingConfiguration System Tunneling Protocols Remote Server Backup ServersAbout Backup Servers IPSec over TCP Port IPSec over TCPAbout IPSec over TCP Use CertificateCertificate Transmission GroupPassword PasswordUser VerifyTunneling ChapterVPN 3002 Hardware Client Reference OL-1893-01Configuration | System | IP Routing IP RoutingC H A P T E R Chapter 7 IP Routing Static RoutesAdd / Modify / Delete ReminderNetwork Address MetricSubnet Mask Interface Add or Apply / CancelDestination Destination Router AddressReminder Default GatewayApply / Cancel MetricEnabled Configuration | System | IP Routing | DHCPLease Timeout Address Pool Start/EndReminder DHCP OptionAdd/Modify/Delete Apply/CancelOption Value DHCP OptionReminder Nonconfigurable DHCP Options OL-1893-01 7-10Chapter 7 IP Routing VPN 3002 Hardware Client ReferenceConfiguration | System | Management Protocols Management ProtocolsC H A P T E R About HTTP/HTTPS Enable HTTPHTTPS Port Enable HTTPSEnable HTTPS on Public HTTP PortEnable Telnet Chapter 8 Management ProtocolsVPN 3002 Hardware Client Reference Maximum Connections Enable Telnet/SSLTelnet Port Telnet/SSL PortApply / Cancel Enable SNMPSNMP Port Maximum Queued RequestsReminder Reminder Community StringsCommunities | Add or Modify Add/Modify/DeleteCommunity String Add or Apply / CancelReminder Related information 8-10Client Authentication Encryption Algorithms8-11 Apply/Cancel SSL VersionGenerated Certificate Key Size 8-12OL-1893-01 8-13Chapter 8 Management Protocols VPN 3002 Hardware Client ReferenceKey Regeneration Period Enable SSHEnable SSH on Public SSH PortReminder 8-15Apply / Cancel To apply your SSH settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | Management Protocols screenChapter 8 Management Protocols Enable XML8-16 Enable HTTPS on PublicSSH Wildcard-mask HTTPS IP AddressHTTPS Wildcard-mask SSH IP AddressOL-1893-01 8-18Chapter 8 Management Protocols VPN 3002 Hardware Client ReferenceClass Name EventsEvent Class Class Description Event SourceEVENTMIB Class Description Event SourceClass Name Cisco-specificEvent ClassDescription Event Severity LevelLevel CategoryEvent Log Data Event LogConfiguration | System | Events Configuration System Events GeneralFigure 9-1Configuration | System | Events Screen String Syslog FormatCisco IOS Severity Severity to LogSeverity to Console Severity to SyslogTo send this “well-known” Configuration | System | Events | ClassesConfigure either General event Severity to TrapConfigured Event Classes Add/Modify/DeleteReminder 9-10 EnableClass Name Modify screenSeverity to Syslog Add or Apply/Cancel9-11 Severity to ConsoleChapter Trap Destinations9-12 Add/Modify/DeleteDestination SNMP VersionCommunity 9-13Add or Apply/Cancel Configuration System Events Syslog ServersPort 9-14Reminder Syslog Servers9-15 Add/Modify/DeletePort Syslog ServerFacility 9-16Reminder 9-17Add or Apply/Cancel To add this server to the list of syslog servers, click Add. Or to apply your changes to this syslog server, click Apply. Both actions include your entry in the active configuration. The Manager returns to the Configuration | System | Events | Syslog Servers screen. Any new server appears in the Syslog Servers listOL-1893-01 9-18Chapter VPN 3002 Hardware Client ReferenceC H A P T E R Configuration | System | GeneralGeneral 10-1Location Configuration | System | General | IdentificationSystem Name ContactNew Time Configuration | System | General | Time and DateEnable DST Support Current TimeChapter 10 General 10-4Configuration | System | General | Time and Date Reminder11-1 Policy ManagementClient Mode/PAT Client Mode with Split TunnelingNetwork Extension Mode Network Extension Mode11-2 Chapter 11 Policy Management11-3 Network Extension Mode with Split Tunneling11-4 Tunnel InitiationData Initiation Step 2 Click Connect NowTunneling Policy Configuration | Policy ManagementTraffic Management ModeEnable Configuration Policy Management TrafficManagement | PAT 11-6Reminder PAT Enabled11-7 Apply/CancelOL-1893-01 11-8Chapter 11 Policy Management VPN 3002 Hardware Client ReferenceC H A P T E R AdministrationAdministration 12-1Administration | Software Update 12-2Figure 12-1Administration Screen 12-3 Upload/CancelCurrent Software Revision Browse12-4 Software Update ProgressSoftware Update Success Software Update ErrorAdministration | System Reboot Administration | System Reboot12-5 Chapter 12 AdministrationFigure 12-6Administration | System Reboot Screen ConfigurationAction 12-6Apply/Cancel Administration | PingWhen to Reboot/Shutdown 12-7Success Ping Ping/CancelError Ping Address/Hostname to PingFigure 12-10Administration | Access Rights Screen Administration | Access RightsAdministration | Access Rights | Administrators 12-912-10 AdministratorPassword VerifySession Limit Administration | Access Rights | Access SettingsSession Idle Timeout Encrypt Config File12-12 Administration | File ManagementView Save Delete12-13 Swap Config FilesConfig File Upload via HTTP OK/CancelUpload/Cancel Local Config File/BrowseFile Upload Progress 12-14File Upload Error File Upload Success12-15 Enrolling and Installing Digital Certificates Certificate Management12-16 12-17 12-18 12-19 Installing CA Certificates ManuallyField Name Enrolling and Installing Identity CertificatesRecommended Content AbbrevVerify Challenge Password 12-2112-22 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The VPN 3002 sends the certificate request to the CA 12-2312-24 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The Manager displays the Administration | Certificate Management | Enrollment | Request Generated screen. See Figure 12-25Certificate Obtained via Enrollment Screen 12-2612-27 Obtaining SSL Certificates 12-29 Enabling Digital Certificates on the VPN12-30 Deleting Digital CertificatesAdministration | Certificate Management Certificate Authority12-31 Fields ContentCertificate Authorities Table Identity Certificates Table12-33 SSL Certificate Table GenerateFields 12-34Content Subject/IssuerContent Enrollment Status TableRemove All 12-35Status 12-36Content Field12-37 Administration | Certificate Management | EnrollIdentity Certificate SSL CertificateEnroll via SCEP at Name of SCEP CA Install a New SA Using SCEP before EnrollingType Enroll via PKCS10 Request ManualEnroll / Cancel Fields12-39 Chapter 12 Administration Go to Certificate ManagementGo to Certificate Enrollment 12-40Go to Certificate Installation 12-41Fields VPN 3002 Hardware Client Reference 12-42Enroll / Cancel Chapter 12 AdministrationFields CancelEnroll 12-43Install Certificate Obtained via Enrollment Administration | Certificate Management | InstallInstall CA Certificate Install SSL Certificate with Private Key12-45 Enrollment Status TableCertificate Obtained via Enrollment Screen 12-46 SCEP Simple Certificate Enrollment ProtocolCut & Paste Text Upload File from WorkstationRetrieve / Cancel CA Descriptor12-47 Password Install / CancelCertificate Text 12-48Install / Cancel Filename / Browse12-49 PasswordAdministration | Certificate Management | View Administration | Certificate Management | View12-50 Chapter 12 AdministrationField Certificate Fields12-51 ContentField Back12-52 ContentCertificate Administration | Certificate Management |Configure CA Certificate SCEP ConfigurationApply / Cancel Administration | Certificate Management | RenewalPolling Limit 12-54Renewal Type Challenge PasswordVerify Challenge Password Renew / CancelGo to Certificate Management 12-56Go to Certificate Installation StatusAdministration | Certificate Management | Delete 12-57Fields Administration | Certificate Management | View Enrollment RequestYes / No 12-58Field Enrollment Request Fields12-59 ContentContent Cancel Enrollment Request12-60 Administration Certificate ManagementFields Delete Enrollment Request12-61 Administration | Certificate Management |To delete this enrollment request, click Yes 12-62Fields Yes / NoFigure 13-1Monitoring Screen Monitoring13-1 C H A P T E RAddress Monitoring | Routing TableClear Routes Valid RoutesMonitoring | Filterable Event Log Metric13-3 Client IP Address Select Filter OptionsEvent Class SeveritiesThere is no undo Event Log FormatGet Log Clear LogEvent Class/Number Monitoring | Live Event LogEvent Time Event SeverityRestart TimerPause Display/Resume Display Clear Display13-8 ResetRestore Monitoring | System StatusSoftware Rev Bootcode RevRefresh VPN Client TypeSecurity Associations AuthenticationTunnel Established to Duration13-11 Front PanelBack Panel OtherBack 13-12Restore RefreshTx Multicast Rx UnicastTx Unicast Rx MulticastUsername Cisco IP Phone Bypass Enabled/DisabledLogin Time Monitoring | User Status13-15 Monitoring | StatisticsRestore Monitoring Statistics IPSec13-16 ResetReceived Bytes IKE Phase 1 StatisticsActive Tunnels Total TunnelsInvalid Phase-2Exchanges Sent Received Phase-2ExchangesSent Phase-2Exchanges Invalid Phase-2Exchanges ReceivedFailed Initiated Tunnels Phase-2SA Delete Requests SentAuthentication Failures Initiated TunnelsActive Tunnels IPSec Phase 2 StatisticsReceived Packets Dropped Anti-Replay 13-20Failed Outbound Authentications Inbound AuthenticationsFailed Inbound Authentications Outbound AuthenticationsSystem Capability Failures Monitoring Statistics HTTPProtocol Use Failures 13-22Peak Octets Sent/ReceivedPackets Sent/Received Packets Sent Sockets/SessionsMax Connections Login NameLogin Time HTTP SessionsReset Monitoring | Statistics | TelnetActive Sessions 13-25Telnet Sessions Inbound Octets CommandAttempted Sessions Successful Sessions13-27 Monitoring | Statistics | DNSRequests ResponsesOther Failures TimeoutsMonitoring | Statistics | SSL Server UnreachableEncrypted Outbound Octets Unencrypted Inbound OctetsEncrypted Inbound Octets Unencrypted Outbound Octets13-30 Monitoring | Statistics | DHCPActive Leases Maximum Active LeasesTime Left Pool StartPool End Leased IP AddressRestore Monitoring | Statistics | SSH13-32 ResetLogin Name SSH SessionsRemote IP Address:Port 13-33Reset Monitoring | Statistics | NATPackets In/Out 13-34Translations Total NAT SessionsTranslations Active Translations PeakReset Monitoring | Statistics | PPPoETranslated Bytes/Packets 13-36User Name PPPoE Access ConcentratorPADI Timeouts PADR TimeoutsMalformed Packets Rx Generic Errors RxPADT Rx PADT Tx13-39 Monitoring | Statistics | MIB-IIRestore Monitoring | Statistics | MIB-II| Interfaces13-40 ResetMulticast Out Unicast InUnicast Out Multicast InReset Monitoring | Statistics | MIB-II| TCP/UDPTCP Segments Received 13-42TCP Segments Retransmitted TCP Timeout MinTCP Timeout Max TCP Segments TransmittedUDP Datagrams Received TCP Established ResetsUDP Errored Datagrams TCP Current EstablishedRestore Monitoring | Statistics | MIB-II| IP13-45 ResetPackets Received Unknown Protocols Packets Received Header ErrorsPackets Received Address Errors Packets Received TotalOutbound Packets with No Route Fragments Needing ReassemblyReassembly Successes Reassembly FailuresReset Monitoring Statistics MIB-II ICMPTotal Received/Transmitted 13-48Time Exceeded Received/Transmitted Errors Received/TransmittedParameter Problems Received/Transmitted Destination Unreachable Received/TransmittedAddress Mask Replies Received/Transmitted Timestamp Requests Received/TransmittedTimestamp Replies Received/Transmitted Address Mask Requests Received/TransmittedChapter 13 Monitoring Monitoring | Statistics | MIB-II| ARP Table13-51 Refresh13-52 Physical AddressMapping Type Action/DeleteRestore Monitoring | Statistics | MIB-II| Ethernet13-53 ResetSQE Test Errors Alignment ErrorsFCS Errors Carrier Sense ErrorsSpeed Mbps MAC Errors: TransmitMAC Errors: Receive Excessive Collisions13-56 Monitoring | Statistics | MIB-II| SNMPRequests Received Bad VersionProxy Drops Parsing ErrorsBad Community String Silent DropsVPN 3002 Hardware Client Reference 13-58Chapter 13 Monitoring Monitoring | Statistics | MIB-II| SNMP14-1 Using the Command-LineInterfaceAccessing the Command-lineInterface Console AccessStarting the Command-lineInterface Telnet or Telnet/SSL access14-2 14-3 Using the Command-lineInterfaceChoosing Menu Items Entering ValuesUsing Shortcut Numbers Navigating Quickly14-4 Using Back and Home Getting Help Information14-5 14-6 Saving the Configuration FileStopping the Command-lineInterface Understanding Access RightsMenu Reference 1Configuration1.1 Configuration > Quick Configuration 1.2 Configuration > Interface Configuration1.3.1Configuration > System Management > Servers 1.3Configuration > System Management2Administration 1.4Configuration > Policy Management2.1 Administration > Software Update 14-10 2.2Administration > System Reboot2.3Administration > Ping 2.4Administration Access Rights2.6Administration > Certificate Management 2.5 Administration > File Management3 Monitoring 3.3 Monitoring > System Status 3.1 Monitoring > Routing Table3.2Monitoring > Event Log 3.2.2 Monitoring > Event Log > View Event Log3.5Monitoring > General Statistics 3.4 Monitoring > User StatusCrash Dump File Troubleshooting and System ErrorsFiles for Troubleshooting Event LogsCrash Dump File LED IndicatorsConfiguration Files VPN 3002 Front LEDsVPN 3002 Rear LEDs System ErrorsProblem or Symptom Possible Solutionon Connect Now Settings on the VPN ConcentratorSeries Concentrator Reference Volume the VPN 3002 Hardware Client User ReferenceInvalid Login or Session Timeout VPN 3002 Hardware Client Manager ErrorsManager Logs Out ProblemSolution LoginPossible cause Error MessageIncorrect Display Back or Forward onPossible cause Not Allowed MessageProblem SolutionSolution Not Foundinterface supported ProblemProblem Command-lineInterface ErrorsError A-10Numerics I N D EIN-1 help command See CLIIN-2 errors A-10IN-3 IN-4 IN-5 IN-6 IN-7 IN-8 See also tunnelIN-9 IN-10 IN-11 OL-1893-01 IN-12Index VPN 3002 Hardware Client Reference