Manuals / Cisco Systems / Household Appliance / Home Safety Product

Cisco Systems VPN 3002 manual Certificate Fields, 12-51, Content

Models: VPN 3002

1 282

Download 282 pages 2.25 Kb

Page 177

Chapter 12 Administration

Administration Certificate Management View

Certificate Fields

A certificate contains some or all of the following fields:

	Field	Content
	Subject	The person or system that uses the certificate. For a CA root certificate, the
		Subject and Issuer are the same.
	Issuer	The CA or other entity (jurisdiction) that issued the certificate.
		Subject and Issuer consist of a specific-to-general identification hierarchy: CN,
		OU, O, L, SP, and C. These labels and acronyms conform to X.520
		terminology, and they echo the fields on the Administration Certificate
		Management Enrollment screen.
	CN	Common Name: the name of a person, system, or other entity. This is the
		lowest (most specific) level in the identification hierarchy.
		For the VPN 3002 self-signed SSL certificate, the CN is the IP address on the
		Ethernet 1 (Private) interface at the time the certificate is generated. SSL
		compares this CN with the address you use to connect to the VPN 3002 via
		HTTPS, as part of its validation.
	OU	Organizational Unit: the subgroup within the organization (O).
	O	Organization: the name of the company, institution, agency, association, or
		other entity.
	L	Locality: the city or town where the organization is located.
	SP	State/Province: the state or province where the organization is located.
	C	Country: the two-letter country abbreviation. These codes conform to ISO
		3166 country abbreviations.
	Serial Number	The serial number of the certificate. Each certificate issued by a CA must be
		unique among all certificates issued by that CA. CRL checking uses this serial
		number.
	Signing Algorithm	The cryptographic algorithm that the CA or other issuer used to sign this
		certificate.
	Public Key Type	The algorithm and size of the certified public key.
	Certificate Usage	The purpose of the key contained in the certificate, for example: digital
		signature, certificate signing, nonrepudiation, key or data encipherment, etc.
	MD5 Thumbprint	A 128-bit MD5 hash of the complete certificate contents, shown as a 16-byte
		string. This value is unique for every certificate, and it positively identifies the
		certificate.
		If you question a root certificate’s authenticity, you can check this value with
		the issuer.
		VPN 3002 Hardware Client Reference

	OL-1893-01			12-51

Image 177

Cisco Systems VPN 3002 manual Certificate Fields, 12-51, Content

Contents

Corporate Headquarters Release NovemberCisco Systems, Inc 170 West Tasman Drive San Jose, CACopyright 2001, Cisco Systems, Inc VPN 3002 Hardware Client ReferenceSystem Configuration ConfigurationConfiguration | System C O N T E N T SConfiguration | System | Tunneling Protocols Configuration | System | Servers | DNSConfiguration | System | IP Routing Configuration System Management ProtocolsAdministration Configuration | Policy ManagementAdministration | Ping Administration | Access RightsMonitoring | Routing Table MonitoringMonitoring | Live Event Log Monitoring | System StatusLED Indicators Files for Troubleshooting A-1Monitoring | Statistics | MIB-II Monitoring | Statistics | MIB-II| IPviii Contents78-13782-01 Prerequisites PrefaceOrganization ChapterTitle ChapterDescription ChapterVPN 3002 Hardware Client Documentation Related DocumentationVPN 3000 Series Concentrator Documentation VPN Client DocumentationOther References Documentation conventionsConvention boldface fontData Formats Obtaining DocumentationWorld Wide Web Documentation CD-ROMOrdering documentation Obtaining technical assistanceDocumentation feedback Cisco.comContacting TAC by using the Cisco TAC website Technical Assistance CenterContacting TAC by telephone Preface Obtaining technical assistance VPN 3002 Hardware Client ReferenceOL-1893-01 Using the VPN 3002 Hardware Client Manager VPN 3002 Hardware Client Browser RequirementsC H A P T E R Recommended PC Monitor/Display Settings Connecting to the VPN 3002 Using HTTPJavaScript and Cookies Navigation ToolbarInstalling the SSL Certificate in Your Browser Installing the SSL Certificate in Your BrowserVPN 3002 Hardware Client Reference OL-1893-01Figure 1-2Install SSL Certificate Screen 4.Click Install Certificate 5.Click Next to continue 7.Click Finish Viewing Certificates with Internet Explorer Installing the SSL Certificate with Netscape Reinstallation First-timeInstallation1-10 2.Click Next> to proceed 1-111-12 1-13 8.Click Continue1-14 Viewing Certificates with NetscapeClick OK when finished 1-15Connecting to the VPN 3002 Using HTTPS Configuring HTTP, HTTPS, and SSL Parameters1-16 1-17 Logging into the VPN 3002 Hardware Client ManagerFigure 1-27Manager Main Welcome Screen 1-18Logging into the VPN 3002 Hardware Client Manager VPN 3002 Hardware Client ReferenceIndividual User Authentication Interactive Hardware Client Authentication1-19 VPN 3002 Hardware Client Reference1-20 Step 1 Click the Connection Login Status buttonThe Connection/Login Status screen displays Step 1 Click the Connect Now button1-21 Figure 1-31Connection Login Status ScreenStep 2 Click Connect 1-22 Figure 1-32Individual User Authentication ScreenFigure 1-33Connection/Login Status Screen 1-23 VPN 3002 Hardware Client ReferenceOL-1893-01 Status bar Title barMouse pointer and tips Top frameRestore ResetTable of Contents ConfigurationMain frame Open or expandedManager screen 1-26–Interfaces: Ethernet parameters 1-27Navigating the VPN 3002 Hardware Client Manager 1-28Figure 1-35Manager Table of Contents Configuration ConfigurationC H A P T E R Chapter 2 Configuration Configuration VPN 3002 Hardware Client ReferenceOL-1893-01 Configuration | Interfaces InterfacesC H A P T E R Ethernet 1 Private, Ethernet 2 Public InterfaceDNS Servers DNS Domain NameStatus Default GatewayIP Address Subnet MaskDisabled Configuration | Interfaces | PrivateStatic IP Addressing IP AddressSubnet Mask Apply/CancelSpeed DuplexDHCP Client Configuration | Interfaces | PublicPPPoE Client DisabledVerify PPPoE Password PPPoE PasswordPPPoE User Name Static IP AddressingApply / Cancel DuplexReminder System Configuration Configuration | SystemC H A P T E R Configuration | System Chapter 4 System ConfigurationVPN 3002 Hardware Client Reference OL-1893-01Configuration | System | Servers | DNS Configuration | System | ServersServers C H A P T E RDomain EnabledPrimary DNS Server Secondary DNS ServerTimeout Retries Timeout PeriodApply / Cancel Configuration | System | Servers | DNSChapter Configuration | System | Servers | DNSVPN 3002 Hardware Client Reference OL-1893-01C H A P T E R TunnelingConfiguration System Tunneling Protocols Remote Server Backup ServersAbout Backup Servers IPSec over TCP Port IPSec over TCPCertificate Transmission Use CertificateGroup About IPSec over TCPUser PasswordVerify PasswordVPN 3002 Hardware Client Reference ChapterOL-1893-01 TunnelingConfiguration | System | IP Routing IP RoutingC H A P T E R Add / Modify / Delete Static RoutesReminder Chapter 7 IP RoutingNetwork Address MetricSubnet Mask Destination Add or Apply / CancelDestination Router Address InterfaceApply / Cancel Default GatewayMetric ReminderLease Timeout Configuration | System | IP Routing | DHCPAddress Pool Start/End EnabledAdd/Modify/Delete DHCP OptionApply/Cancel ReminderOption Value DHCP OptionReminder Nonconfigurable DHCP Options Chapter 7 IP Routing 7-10VPN 3002 Hardware Client Reference OL-1893-01Configuration | System | Management Protocols Management ProtocolsC H A P T E R About HTTP/HTTPS Enable HTTPEnable HTTPS on Public Enable HTTPSHTTP Port HTTPS PortEnable Telnet Chapter 8 Management ProtocolsVPN 3002 Hardware Client Reference Telnet Port Enable Telnet/SSLTelnet/SSL Port Maximum ConnectionsSNMP Port Enable SNMPMaximum Queued Requests Apply / CancelReminder Communities | Add or Modify Community StringsAdd/Modify/Delete ReminderCommunity String Add or Apply / CancelReminder Related information 8-10Client Authentication Encryption Algorithms8-11 Generated Certificate Key Size SSL Version8-12 Apply/CancelChapter 8 Management Protocols 8-13VPN 3002 Hardware Client Reference OL-1893-01Enable SSH on Public Enable SSHSSH Port Key Regeneration PeriodApply / Cancel 8-15To apply your SSH settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | Management Protocols screen Reminder8-16 Enable XMLEnable HTTPS on Public Chapter 8 Management ProtocolsHTTPS Wildcard-mask HTTPS IP AddressSSH IP Address SSH Wildcard-maskChapter 8 Management Protocols 8-18VPN 3002 Hardware Client Reference OL-1893-01Event Class EventsClass Description Event Source Class NameClass Name Class Description Event SourceCisco-specificEvent Class EVENTMIBLevel Event Severity LevelCategory DescriptionEvent Log Data Event LogConfiguration | System | Events Configuration System Events GeneralFigure 9-1Configuration | System | Events Screen String Syslog FormatSeverity to Console Severity to LogSeverity to Syslog Cisco IOS SeverityConfigure either General event Configuration | System | Events | ClassesSeverity to Trap To send this “well-known”Configured Event Classes Add/Modify/DeleteReminder Class Name EnableModify screen 9-109-11 Add or Apply/CancelSeverity to Console Severity to Syslog9-12 Trap DestinationsAdd/Modify/Delete ChapterCommunity SNMP Version9-13 DestinationPort Configuration System Events Syslog Servers9-14 Add or Apply/Cancel9-15 Syslog ServersAdd/Modify/Delete ReminderFacility Syslog Server9-16 PortAdd or Apply/Cancel 9-17To add this server to the list of syslog servers, click Add. Or to apply your changes to this syslog server, click Apply. Both actions include your entry in the active configuration. The Manager returns to the Configuration | System | Events | Syslog Servers screen. Any new server appears in the Syslog Servers list ReminderChapter 9-18VPN 3002 Hardware Client Reference OL-1893-01General Configuration | System | General10-1 C H A P T E RSystem Name Configuration | System | General | IdentificationContact LocationEnable DST Support Configuration | System | General | Time and DateCurrent Time New TimeConfiguration | System | General | Time and Date 10-4Reminder Chapter 10 GeneralClient Mode/PAT Policy ManagementClient Mode with Split Tunneling 11-111-2 Network Extension ModeChapter 11 Policy Management Network Extension Mode11-3 Network Extension Mode with Split TunnelingData Initiation Tunnel InitiationStep 2 Click Connect Now 11-4Traffic Management Configuration | Policy ManagementMode Tunneling PolicyManagement | PAT Configuration Policy Management Traffic11-6 Enable11-7 PAT EnabledApply/Cancel ReminderChapter 11 Policy Management 11-8VPN 3002 Hardware Client Reference OL-1893-01Administration Administration12-1 C H A P T E RAdministration | Software Update 12-2Figure 12-1Administration Screen Current Software Revision Upload/CancelBrowse 12-3Software Update Success Software Update ProgressSoftware Update Error 12-412-5 Administration | System RebootChapter 12 Administration Administration | System RebootAction Configuration12-6 Figure 12-6Administration | System Reboot ScreenWhen to Reboot/Shutdown Administration | Ping12-7 Apply/CancelError Ping Ping/CancelAddress/Hostname to Ping Success PingAdministration | Access Rights | Administrators Administration | Access Rights12-9 Figure 12-10Administration | Access Rights ScreenPassword AdministratorVerify 12-10Session Idle Timeout Administration | Access Rights | Access SettingsEncrypt Config File Session LimitView Save Administration | File ManagementDelete 12-12Config File Upload via HTTP Swap Config FilesOK/Cancel 12-13File Upload Progress Local Config File/Browse12-14 Upload/CancelFile Upload Error File Upload Success12-15 Enrolling and Installing Digital Certificates Certificate Management12-16 12-17 12-18 12-19 Installing CA Certificates ManuallyRecommended Content Enrolling and Installing Identity CertificatesAbbrev Field NameVerify Challenge Password 12-2112-22 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The VPN 3002 sends the certificate request to the CA 12-2312-24 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The Manager displays the Administration | Certificate Management | Enrollment | Request Generated screen. See Figure 12-25Certificate Obtained via Enrollment Screen 12-2612-27 Obtaining SSL Certificates 12-29 Enabling Digital Certificates on the VPN12-30 Deleting Digital CertificatesAdministration | Certificate Management Certificate Authority12-31 Certificate Authorities Table ContentIdentity Certificates Table Fields12-33 SSL Certificate Table GenerateContent 12-34Subject/Issuer FieldsRemove All Enrollment Status Table12-35 ContentContent 12-36Field StatusIdentity Certificate Administration | Certificate Management | EnrollSSL Certificate 12-37Type Install a New SA Using SCEP before EnrollingEnroll via PKCS10 Request Manual Enroll via SCEP at Name of SCEP CAEnroll / Cancel Fields12-39 Go to Certificate Enrollment Go to Certificate Management12-40 Chapter 12 AdministrationGo to Certificate Installation 12-41Fields Enroll / Cancel 12-42Chapter 12 Administration VPN 3002 Hardware Client ReferenceEnroll Cancel12-43 FieldsInstall CA Certificate Administration | Certificate Management | InstallInstall SSL Certificate with Private Key Install Certificate Obtained via Enrollment12-45 Enrollment Status TableCertificate Obtained via Enrollment Screen Cut & Paste Text SCEP Simple Certificate Enrollment ProtocolUpload File from Workstation 12-46Retrieve / Cancel CA Descriptor12-47 Certificate Text Install / Cancel12-48 Password12-49 Filename / BrowsePassword Install / Cancel12-50 Administration | Certificate Management | ViewChapter 12 Administration Administration | Certificate Management | View12-51 Certificate FieldsContent Field12-52 BackContent FieldConfigure CA Certificate Administration | Certificate Management |SCEP Configuration CertificatePolling Limit Administration | Certificate Management | Renewal12-54 Apply / CancelVerify Challenge Password Challenge PasswordRenew / Cancel Renewal TypeGo to Certificate Installation 12-56Status Go to Certificate ManagementAdministration | Certificate Management | Delete 12-57Fields Yes / No View Enrollment Request12-58 Administration | Certificate Management |12-59 Enrollment Request FieldsContent Field12-60 Cancel Enrollment RequestAdministration Certificate Management Content12-61 Delete Enrollment RequestAdministration | Certificate Management | FieldsFields 12-62Yes / No To delete this enrollment request, click Yes13-1 MonitoringC H A P T E R Figure 13-1Monitoring ScreenClear Routes Monitoring | Routing TableValid Routes AddressMonitoring | Filterable Event Log Metric13-3 Event Class Select Filter OptionsSeverities Client IP AddressGet Log Event Log FormatClear Log There is no undoEvent Time Monitoring | Live Event LogEvent Severity Event Class/NumberPause Display/Resume Display TimerClear Display RestartRestore ResetMonitoring | System Status 13-8Refresh Bootcode RevVPN Client Type Software RevTunnel Established to AuthenticationDuration Security AssociationsBack Panel Front PanelOther 13-11Restore 13-12Refresh BackTx Unicast Rx UnicastRx Multicast Tx MulticastLogin Time Cisco IP Phone Bypass Enabled/DisabledMonitoring | User Status Username13-15 Monitoring | Statistics13-16 Monitoring Statistics IPSecReset RestoreActive Tunnels IKE Phase 1 StatisticsTotal Tunnels Received BytesSent Phase-2Exchanges Received Phase-2ExchangesInvalid Phase-2Exchanges Received Invalid Phase-2Exchanges SentAuthentication Failures Phase-2SA Delete Requests SentInitiated Tunnels Failed Initiated TunnelsReceived Packets Dropped Anti-Replay IPSec Phase 2 Statistics13-20 Active TunnelsFailed Inbound Authentications Inbound AuthenticationsOutbound Authentications Failed Outbound AuthenticationsProtocol Use Failures Monitoring Statistics HTTP13-22 System Capability FailuresPackets Sent/Received Octets Sent/ReceivedPackets Sent Sockets/Sessions PeakLogin Time Login NameHTTP Sessions Max ConnectionsActive Sessions Monitoring | Statistics | Telnet13-25 ResetAttempted Sessions Inbound Octets CommandSuccessful Sessions Telnet SessionsRequests Monitoring | Statistics | DNSResponses 13-27Monitoring | Statistics | SSL TimeoutsServer Unreachable Other FailuresEncrypted Inbound Octets Unencrypted Inbound OctetsUnencrypted Outbound Octets Encrypted Outbound OctetsActive Leases Monitoring | Statistics | DHCPMaximum Active Leases 13-30Pool End Pool StartLeased IP Address Time Left13-32 Monitoring | Statistics | SSHReset RestoreRemote IP Address:Port SSH Sessions13-33 Login NamePackets In/Out Monitoring | Statistics | NAT13-34 ResetTranslations Active NAT SessionsTranslations Peak Translations TotalTranslated Bytes/Packets Monitoring | Statistics | PPPoE13-36 ResetPADI Timeouts PPPoE Access ConcentratorPADR Timeouts User NamePADT Rx Generic Errors RxPADT Tx Malformed Packets Rx13-39 Monitoring | Statistics | MIB-II13-40 Monitoring | Statistics | MIB-II| InterfacesReset RestoreUnicast Out Unicast InMulticast In Multicast OutTCP Segments Received Monitoring | Statistics | MIB-II| TCP/UDP13-42 ResetTCP Timeout Max TCP Timeout MinTCP Segments Transmitted TCP Segments RetransmittedUDP Errored Datagrams TCP Established ResetsTCP Current Established UDP Datagrams Received13-45 Monitoring | Statistics | MIB-II| IPReset RestorePackets Received Address Errors Packets Received Header ErrorsPackets Received Total Packets Received Unknown ProtocolsReassembly Successes Fragments Needing ReassemblyReassembly Failures Outbound Packets with No RouteTotal Received/Transmitted Monitoring Statistics MIB-II ICMP13-48 ResetParameter Problems Received/Transmitted Errors Received/TransmittedDestination Unreachable Received/Transmitted Time Exceeded Received/TransmittedTimestamp Replies Received/Transmitted Timestamp Requests Received/TransmittedAddress Mask Requests Received/Transmitted Address Mask Replies Received/Transmitted13-51 Monitoring | Statistics | MIB-II| ARP TableRefresh Chapter 13 MonitoringMapping Type Physical AddressAction/Delete 13-5213-53 Monitoring | Statistics | MIB-II| EthernetReset RestoreFCS Errors Alignment ErrorsCarrier Sense Errors SQE Test ErrorsMAC Errors: Receive MAC Errors: TransmitExcessive Collisions Speed MbpsRequests Received Monitoring | Statistics | MIB-II| SNMPBad Version 13-56Bad Community String Parsing ErrorsSilent Drops Proxy DropsChapter 13 Monitoring 13-58Monitoring | Statistics | MIB-II| SNMP VPN 3002 Hardware Client ReferenceAccessing the Command-lineInterface Using the Command-LineInterfaceConsole Access 14-1Starting the Command-lineInterface Telnet or Telnet/SSL access14-2 Choosing Menu Items Using the Command-lineInterfaceEntering Values 14-3Using Shortcut Numbers Navigating Quickly14-4 Using Back and Home Getting Help Information14-5 Stopping the Command-lineInterface Saving the Configuration FileUnderstanding Access Rights 14-61.1 Configuration > Quick Configuration 1Configuration1.2 Configuration > Interface Configuration Menu Reference1.3.1Configuration > System Management > Servers 1.3Configuration > System Management2Administration 1.4Configuration > Policy Management2.1 Administration > Software Update 2.3Administration > Ping 2.2Administration > System Reboot2.4Administration Access Rights 14-102.6Administration > Certificate Management 2.5 Administration > File Management3 Monitoring 3.2Monitoring > Event Log 3.1 Monitoring > Routing Table3.2.2 Monitoring > Event Log > View Event Log 3.3 Monitoring > System Status3.5Monitoring > General Statistics 3.4 Monitoring > User StatusFiles for Troubleshooting Troubleshooting and System ErrorsEvent Logs Crash Dump FileConfiguration Files LED IndicatorsVPN 3002 Front LEDs Crash Dump FileProblem or Symptom System ErrorsPossible Solution VPN 3002 Rear LEDsSeries Concentrator Reference Volume Settings on the VPN Concentratorthe VPN 3002 Hardware Client User Reference on Connect NowInvalid Login or Session Timeout VPN 3002 Hardware Client Manager ErrorsSolution ProblemLogin Manager Logs OutIncorrect Display Error MessageBack or Forward on Possible causeProblem Not Allowed MessageSolution Possible causeinterface supported Not FoundProblem SolutionError Command-lineInterface ErrorsA-10 ProblemNumerics I N D EIN-1 IN-2 See CLIerrors A-10 help commandIN-3 IN-4 IN-5 IN-6 IN-7 IN-8 See also tunnelIN-9 IN-10 IN-11 Index IN-12VPN 3002 Hardware Client Reference OL-1893-01