Manuals / Cisco Systems / Household Appliance / Home Safety Product

Cisco Systems VPN 3002 Administration | Certificate Management | Renewal, Polling Limit, 12-54

Models: VPN 3002

1 282

Download 282 pages 2.25 Kb

Page 180

Polling Limit

Chapter 12 Administration

Administration Certificate Management Renewal

Polling Limit

Enter the number of times the VPN 3002 should re-send an enrollment request if the CA does not issue the certificate immediately. The minimum number of re-sends is 0; the maximum number is 100. If you do not want any polling limit (in other words you want infinite re-sends), enter none.

Apply / Cancel

To configure CRL checking for this certificate, click Apply. The Manager returns to the Administration Certificate Management screen.

To discard your settings, click Cancel. The Manager returns to the Administration

Certificate Management screen.

Administration Certificate Management Renewal

Certificate renewal is a shortcut that allows you to generate an enrollment request based on the content of an existing certificate.

When you renew a certificate via SCEP, the new certificate does not automatically overwrite the original certificate. It remains in the Enrollment Request table until the administrator manually activates it. For more information on activating certificates, see the “Administration Certificate Management Activate or Re-Submit Status” section.

Use this screen to re-enroll or re-key a certificate. If you re-enrollthe certificate, the new certificate uses the same key pair as the expiring certificate. If you re-keythe certificate, it uses a new key pair.

Figure 12-49 Administration Certificate Management Renewal

	VPN 3002 Hardware Client Reference
12-54	OL-1893-01

Image 180

Cisco Systems VPN 3002 manual Administration | Certificate Management | Renewal, Polling Limit, 12-54, Apply / Cancel

Contents

Release November Corporate HeadquartersCisco Systems, Inc 170 West Tasman Drive San Jose, CAVPN 3002 Hardware Client Reference Copyright 2001, Cisco Systems, IncConfiguration System ConfigurationConfiguration | System C O N T E N T SConfiguration | System | Servers | DNS Configuration | System | Tunneling ProtocolsConfiguration | System | IP Routing Configuration System Management ProtocolsConfiguration | Policy Management AdministrationAdministration | Ping Administration | Access RightsMonitoring Monitoring | Routing TableMonitoring | Live Event Log Monitoring | System StatusFiles for Troubleshooting A-1 LED IndicatorsMonitoring | Statistics | MIB-II Monitoring | Statistics | MIB-II| IPviii Contents78-13782-01 Preface PrerequisitesOrganization ChapterChapter TitleDescription ChapterRelated Documentation VPN 3002 Hardware Client DocumentationVPN 3000 Series Concentrator Documentation VPN Client DocumentationDocumentation conventions Other ReferencesConvention boldface fontObtaining Documentation Data FormatsWorld Wide Web Documentation CD-ROMObtaining technical assistance Ordering documentationDocumentation feedback Cisco.comContacting TAC by using the Cisco TAC website Technical Assistance CenterContacting TAC by telephone Preface Obtaining technical assistance VPN 3002 Hardware Client ReferenceOL-1893-01 Using the VPN 3002 Hardware Client Manager VPN 3002 Hardware Client Browser RequirementsC H A P T E R Connecting to the VPN 3002 Using HTTP Recommended PC Monitor/Display SettingsJavaScript and Cookies Navigation ToolbarInstalling the SSL Certificate in Your Browser Installing the SSL Certificate in Your BrowserVPN 3002 Hardware Client Reference OL-1893-01Figure 1-2Install SSL Certificate Screen 4.Click Install Certificate 5.Click Next to continue 7.Click Finish Viewing Certificates with Internet Explorer Installing the SSL Certificate with Netscape Reinstallation First-timeInstallation1-10 1-11 2.Click Next> to proceed1-12 8.Click Continue 1-13Viewing Certificates with Netscape 1-141-15 Click OK when finishedConnecting to the VPN 3002 Using HTTPS Configuring HTTP, HTTPS, and SSL Parameters1-16 Logging into the VPN 3002 Hardware Client Manager 1-171-18 Figure 1-27Manager Main Welcome ScreenLogging into the VPN 3002 Hardware Client Manager VPN 3002 Hardware Client ReferenceInteractive Hardware Client Authentication Individual User Authentication1-19 VPN 3002 Hardware Client ReferenceStep 1 Click the Connection Login Status button 1-20The Connection/Login Status screen displays Step 1 Click the Connect Now button1-21 Figure 1-31Connection Login Status ScreenStep 2 Click Connect 1-22 Figure 1-32Individual User Authentication ScreenFigure 1-33Connection/Login Status Screen 1-23 VPN 3002 Hardware Client ReferenceOL-1893-01 Title bar Status barMouse pointer and tips Top frameReset RestoreTable of Contents ConfigurationOpen or expanded Main frameManager screen 1-261-27 –Interfaces: Ethernet parametersNavigating the VPN 3002 Hardware Client Manager 1-28Figure 1-35Manager Table of Contents Configuration ConfigurationC H A P T E R Chapter 2 Configuration Configuration VPN 3002 Hardware Client ReferenceOL-1893-01 Configuration | Interfaces InterfacesC H A P T E R Interface Ethernet 1 Private, Ethernet 2 PublicDNS Servers DNS Domain NameDefault Gateway StatusIP Address Subnet MaskConfiguration | Interfaces | Private DisabledStatic IP Addressing IP AddressApply/Cancel Subnet MaskSpeed DuplexConfiguration | Interfaces | Public DHCP ClientPPPoE Client DisabledPPPoE Password Verify PPPoE PasswordPPPoE User Name Static IP AddressingApply / Cancel DuplexReminder System Configuration Configuration | SystemC H A P T E R Chapter 4 System Configuration Configuration | SystemVPN 3002 Hardware Client Reference OL-1893-01Configuration | System | Servers Configuration | System | Servers | DNSServers C H A P T E REnabled DomainPrimary DNS Server Secondary DNS ServerTimeout Period Timeout RetriesApply / Cancel Configuration | System | Servers | DNSConfiguration | System | Servers | DNS ChapterVPN 3002 Hardware Client Reference OL-1893-01Tunneling C H A P T E RConfiguration System Tunneling Protocols Backup Servers Remote ServerAbout Backup Servers IPSec over TCP IPSec over TCP PortUse Certificate Certificate TransmissionGroup About IPSec over TCPPassword UserVerify PasswordChapter VPN 3002 Hardware Client ReferenceOL-1893-01 TunnelingConfiguration | System | IP Routing IP RoutingC H A P T E R Static Routes Add / Modify / DeleteReminder Chapter 7 IP RoutingNetwork Address MetricSubnet Mask Add or Apply / Cancel DestinationDestination Router Address InterfaceDefault Gateway Apply / CancelMetric ReminderConfiguration | System | IP Routing | DHCP Lease TimeoutAddress Pool Start/End EnabledDHCP Option Add/Modify/DeleteApply/Cancel ReminderOption Value DHCP OptionReminder Nonconfigurable DHCP Options 7-10 Chapter 7 IP RoutingVPN 3002 Hardware Client Reference OL-1893-01Configuration | System | Management Protocols Management ProtocolsC H A P T E R Enable HTTP About HTTP/HTTPSEnable HTTPS Enable HTTPS on PublicHTTP Port HTTPS PortEnable Telnet Chapter 8 Management ProtocolsVPN 3002 Hardware Client Reference Enable Telnet/SSL Telnet PortTelnet/SSL Port Maximum ConnectionsEnable SNMP SNMP PortMaximum Queued Requests Apply / CancelReminder Community Strings Communities | Add or ModifyAdd/Modify/Delete ReminderCommunity String Add or Apply / CancelReminder 8-10 Related informationClient Authentication Encryption Algorithms8-11 SSL Version Generated Certificate Key Size8-12 Apply/Cancel8-13 Chapter 8 Management ProtocolsVPN 3002 Hardware Client Reference OL-1893-01Enable SSH Enable SSH on PublicSSH Port Key Regeneration Period8-15 Apply / CancelTo apply your SSH settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | Management Protocols screen ReminderEnable XML 8-16Enable HTTPS on Public Chapter 8 Management ProtocolsHTTPS IP Address HTTPS Wildcard-maskSSH IP Address SSH Wildcard-mask8-18 Chapter 8 Management ProtocolsVPN 3002 Hardware Client Reference OL-1893-01Events Event ClassClass Description Event Source Class NameClass Description Event Source Class NameCisco-specificEvent Class EVENTMIBEvent Severity Level LevelCategory DescriptionEvent Log Event Log DataConfiguration | System | Events Configuration System Events GeneralFigure 9-1Configuration | System | Events Screen Syslog Format StringSeverity to Log Severity to ConsoleSeverity to Syslog Cisco IOS SeverityConfiguration | System | Events | Classes Configure either General eventSeverity to Trap To send this “well-known”Configured Event Classes Add/Modify/DeleteReminder Enable Class NameModify screen 9-10Add or Apply/Cancel 9-11Severity to Console Severity to SyslogTrap Destinations 9-12Add/Modify/Delete ChapterSNMP Version Community9-13 DestinationConfiguration System Events Syslog Servers Port9-14 Add or Apply/CancelSyslog Servers 9-15Add/Modify/Delete ReminderSyslog Server Facility9-16 Port9-17 Add or Apply/CancelTo add this server to the list of syslog servers, click Add. Or to apply your changes to this syslog server, click Apply. Both actions include your entry in the active configuration. The Manager returns to the Configuration | System | Events | Syslog Servers screen. Any new server appears in the Syslog Servers list Reminder9-18 ChapterVPN 3002 Hardware Client Reference OL-1893-01Configuration | System | General General10-1 C H A P T E RConfiguration | System | General | Identification System NameContact LocationConfiguration | System | General | Time and Date Enable DST SupportCurrent Time New Time10-4 Configuration | System | General | Time and DateReminder Chapter 10 GeneralPolicy Management Client Mode/PATClient Mode with Split Tunneling 11-1Network Extension Mode 11-2Chapter 11 Policy Management Network Extension ModeNetwork Extension Mode with Split Tunneling 11-3Tunnel Initiation Data InitiationStep 2 Click Connect Now 11-4Configuration | Policy Management Traffic ManagementMode Tunneling PolicyConfiguration Policy Management Traffic Management | PAT11-6 EnablePAT Enabled 11-7Apply/Cancel Reminder11-8 Chapter 11 Policy ManagementVPN 3002 Hardware Client Reference OL-1893-01Administration Administration12-1 C H A P T E RAdministration | Software Update 12-2Figure 12-1Administration Screen Upload/Cancel Current Software RevisionBrowse 12-3Software Update Progress Software Update SuccessSoftware Update Error 12-4Administration | System Reboot 12-5Chapter 12 Administration Administration | System RebootConfiguration Action12-6 Figure 12-6Administration | System Reboot ScreenAdministration | Ping When to Reboot/Shutdown12-7 Apply/CancelPing/Cancel Error PingAddress/Hostname to Ping Success PingAdministration | Access Rights Administration | Access Rights | Administrators12-9 Figure 12-10Administration | Access Rights ScreenAdministrator PasswordVerify 12-10Administration | Access Rights | Access Settings Session Idle TimeoutEncrypt Config File Session LimitAdministration | File Management View SaveDelete 12-12Swap Config Files Config File Upload via HTTPOK/Cancel 12-13Local Config File/Browse File Upload Progress12-14 Upload/CancelFile Upload Error File Upload Success12-15 Enrolling and Installing Digital Certificates Certificate Management12-16 12-17 12-18 Installing CA Certificates Manually 12-19Enrolling and Installing Identity Certificates Recommended ContentAbbrev Field Name12-21 Verify Challenge Password12-22 12-23 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The VPN 3002 sends the certificate request to the CA12-24 12-25 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The Manager displays the Administration | Certificate Management | Enrollment | Request Generated screen. See Figure12-26 Certificate Obtained via Enrollment Screen12-27 Obtaining SSL Certificates Enabling Digital Certificates on the VPN 12-29Deleting Digital Certificates 12-30Administration | Certificate Management Certificate Authority12-31 Content Certificate Authorities TableIdentity Certificates Table FieldsSSL Certificate Table Generate 12-3312-34 ContentSubject/Issuer FieldsEnrollment Status Table Remove All12-35 Content12-36 ContentField StatusAdministration | Certificate Management | Enroll Identity CertificateSSL Certificate 12-37Install a New SA Using SCEP before Enrolling TypeEnroll via PKCS10 Request Manual Enroll via SCEP at Name of SCEP CAEnroll / Cancel Fields12-39 Go to Certificate Management Go to Certificate Enrollment12-40 Chapter 12 AdministrationGo to Certificate Installation 12-41Fields 12-42 Enroll / CancelChapter 12 Administration VPN 3002 Hardware Client ReferenceCancel Enroll12-43 FieldsAdministration | Certificate Management | Install Install CA CertificateInstall SSL Certificate with Private Key Install Certificate Obtained via Enrollment12-45 Enrollment Status TableCertificate Obtained via Enrollment Screen SCEP Simple Certificate Enrollment Protocol Cut & Paste TextUpload File from Workstation 12-46Retrieve / Cancel CA Descriptor12-47 Install / Cancel Certificate Text12-48 PasswordFilename / Browse 12-49Password Install / CancelAdministration | Certificate Management | View 12-50Chapter 12 Administration Administration | Certificate Management | ViewCertificate Fields 12-51Content FieldBack 12-52Content FieldAdministration | Certificate Management | Configure CA CertificateSCEP Configuration CertificateAdministration | Certificate Management | Renewal Polling Limit12-54 Apply / CancelChallenge Password Verify Challenge PasswordRenew / Cancel Renewal Type12-56 Go to Certificate InstallationStatus Go to Certificate ManagementAdministration | Certificate Management | Delete 12-57Fields View Enrollment Request Yes / No12-58 Administration | Certificate Management |Enrollment Request Fields 12-59Content FieldCancel Enrollment Request 12-60Administration Certificate Management ContentDelete Enrollment Request 12-61Administration | Certificate Management | Fields12-62 FieldsYes / No To delete this enrollment request, click YesMonitoring 13-1C H A P T E R Figure 13-1Monitoring ScreenMonitoring | Routing Table Clear RoutesValid Routes AddressMonitoring | Filterable Event Log Metric13-3 Select Filter Options Event ClassSeverities Client IP AddressEvent Log Format Get LogClear Log There is no undoMonitoring | Live Event Log Event TimeEvent Severity Event Class/NumberTimer Pause Display/Resume DisplayClear Display RestartReset RestoreMonitoring | System Status 13-8Bootcode Rev RefreshVPN Client Type Software RevAuthentication Tunnel Established toDuration Security AssociationsFront Panel Back PanelOther 13-1113-12 RestoreRefresh BackRx Unicast Tx UnicastRx Multicast Tx MulticastCisco IP Phone Bypass Enabled/Disabled Login TimeMonitoring | User Status UsernameMonitoring | Statistics 13-15Monitoring Statistics IPSec 13-16Reset RestoreIKE Phase 1 Statistics Active TunnelsTotal Tunnels Received BytesReceived Phase-2Exchanges Sent Phase-2ExchangesInvalid Phase-2Exchanges Received Invalid Phase-2Exchanges SentPhase-2SA Delete Requests Sent Authentication FailuresInitiated Tunnels Failed Initiated TunnelsIPSec Phase 2 Statistics Received Packets Dropped Anti-Replay13-20 Active TunnelsInbound Authentications Failed Inbound AuthenticationsOutbound Authentications Failed Outbound AuthenticationsMonitoring Statistics HTTP Protocol Use Failures13-22 System Capability FailuresOctets Sent/Received Packets Sent/ReceivedPackets Sent Sockets/Sessions PeakLogin Name Login TimeHTTP Sessions Max ConnectionsMonitoring | Statistics | Telnet Active Sessions13-25 ResetInbound Octets Command Attempted SessionsSuccessful Sessions Telnet SessionsMonitoring | Statistics | DNS RequestsResponses 13-27Timeouts Monitoring | Statistics | SSLServer Unreachable Other FailuresUnencrypted Inbound Octets Encrypted Inbound OctetsUnencrypted Outbound Octets Encrypted Outbound OctetsMonitoring | Statistics | DHCP Active LeasesMaximum Active Leases 13-30Pool Start Pool EndLeased IP Address Time LeftMonitoring | Statistics | SSH 13-32Reset RestoreSSH Sessions Remote IP Address:Port13-33 Login NameMonitoring | Statistics | NAT Packets In/Out13-34 ResetNAT Sessions Translations ActiveTranslations Peak Translations TotalMonitoring | Statistics | PPPoE Translated Bytes/Packets13-36 ResetPPPoE Access Concentrator PADI TimeoutsPADR Timeouts User NameGeneric Errors Rx PADT RxPADT Tx Malformed Packets RxMonitoring | Statistics | MIB-II 13-39Monitoring | Statistics | MIB-II| Interfaces 13-40Reset RestoreUnicast In Unicast OutMulticast In Multicast OutMonitoring | Statistics | MIB-II| TCP/UDP TCP Segments Received13-42 ResetTCP Timeout Min TCP Timeout MaxTCP Segments Transmitted TCP Segments RetransmittedTCP Established Resets UDP Errored DatagramsTCP Current Established UDP Datagrams ReceivedMonitoring | Statistics | MIB-II| IP 13-45Reset RestorePackets Received Header Errors Packets Received Address ErrorsPackets Received Total Packets Received Unknown ProtocolsFragments Needing Reassembly Reassembly SuccessesReassembly Failures Outbound Packets with No RouteMonitoring Statistics MIB-II ICMP Total Received/Transmitted13-48 ResetErrors Received/Transmitted Parameter Problems Received/TransmittedDestination Unreachable Received/Transmitted Time Exceeded Received/TransmittedTimestamp Requests Received/Transmitted Timestamp Replies Received/TransmittedAddress Mask Requests Received/Transmitted Address Mask Replies Received/TransmittedMonitoring | Statistics | MIB-II| ARP Table 13-51Refresh Chapter 13 MonitoringPhysical Address Mapping TypeAction/Delete 13-52Monitoring | Statistics | MIB-II| Ethernet 13-53Reset RestoreAlignment Errors FCS ErrorsCarrier Sense Errors SQE Test ErrorsMAC Errors: Transmit MAC Errors: ReceiveExcessive Collisions Speed MbpsMonitoring | Statistics | MIB-II| SNMP Requests ReceivedBad Version 13-56Parsing Errors Bad Community StringSilent Drops Proxy Drops13-58 Chapter 13 MonitoringMonitoring | Statistics | MIB-II| SNMP VPN 3002 Hardware Client ReferenceUsing the Command-LineInterface Accessing the Command-lineInterfaceConsole Access 14-1Starting the Command-lineInterface Telnet or Telnet/SSL access14-2 Using the Command-lineInterface Choosing Menu ItemsEntering Values 14-3Using Shortcut Numbers Navigating Quickly14-4 Using Back and Home Getting Help Information14-5 Saving the Configuration File Stopping the Command-lineInterfaceUnderstanding Access Rights 14-61Configuration 1.1 Configuration > Quick Configuration1.2 Configuration > Interface Configuration Menu Reference1.3Configuration > System Management 1.3.1Configuration > System Management > Servers2Administration 1.4Configuration > Policy Management2.1 Administration > Software Update 2.2Administration > System Reboot 2.3Administration > Ping2.4Administration Access Rights 14-102.5 Administration > File Management 2.6Administration > Certificate Management3 Monitoring 3.1 Monitoring > Routing Table 3.2Monitoring > Event Log3.2.2 Monitoring > Event Log > View Event Log 3.3 Monitoring > System Status3.4 Monitoring > User Status 3.5Monitoring > General StatisticsTroubleshooting and System Errors Files for TroubleshootingEvent Logs Crash Dump FileLED Indicators Configuration FilesVPN 3002 Front LEDs Crash Dump FileSystem Errors Problem or SymptomPossible Solution VPN 3002 Rear LEDsSettings on the VPN Concentrator Series Concentrator Reference Volumethe VPN 3002 Hardware Client User Reference on Connect NowVPN 3002 Hardware Client Manager Errors Invalid Login or Session TimeoutProblem SolutionLogin Manager Logs OutError Message Incorrect DisplayBack or Forward on Possible causeNot Allowed Message ProblemSolution Possible causeNot Found interface supportedProblem SolutionCommand-lineInterface Errors ErrorA-10 ProblemNumerics I N D EIN-1 See CLI IN-2errors A-10 help commandIN-3 IN-4 IN-5 IN-6 IN-7 See also tunnel IN-8IN-9 IN-10 IN-11 IN-12 IndexVPN 3002 Hardware Client Reference OL-1893-01