Manuals / Cisco Systems / Household Appliance / Home Safety Product

Cisco Systems VPN 3002 manual See also tunnel, IN-8

Models: VPN 3002

1 282

Download 282 pages 2.25 Kb

Page 278

See also tunnel

Index

browser	1-1
Internet Explorer		1-1
IPSec over TCP		6-6
JavaScript	1-2
Netscape Navigator 1-1
RFC 1650, Ethernet interface MIB objects			13-53
RFC 1907, SNMP version 2 MIB objects			13-56
RFC 2011, ARP table entries 13-51

RFC 2011, IP and ICMP MIB objects 13-45,13-48

RFC 2012,TCP MIB objects	13-42
RFC 2013, UDP MIB objects	13-42
RFC 2459 12-50
root CA certificate 12-16
routing table (monitoring) 13-2

RRC4-128/MD5 SSL encryption algorithm 8-11RSA key, SSH 8-13

S

SAVELOG.TXT file	9-4,12-5,A-1
saving
configuration file with CLI		14-6
event log 13-5
log file on system reboot		9-4,12-5
SCEP
(Simple Certificate Enrollment Protocol),
definition	12-16
enrolling an identity certificate			12-41
enrolling SSL certificate		12-42
installing CA certificates		12-17
installing identity certificates			12-22,12-24
SCEP-enabled certificate		12-17
troubleshooting	12-17
screen
login, using HTTPS 1-17
SDRAM memory	13-9
secure connection
See also tunnel
tunnel 6-1

VPN 3002 Hardware Client Reference

Secure Shell protocol See SSH
Secure Sockets Layer See SSL							12-16
Security Associations (SAs)							6-2
self-signed certificates
CA certificates				12-16
SSL	12-16
SSL certificate, generating							12-33
server identity certificates						12-32
server key, SSH				8-13
servers
backup, configuring					6-3
backup, overview					6-4
configuring system access							5-1
remote, configuring					6-3
session idle timeout
live event log overrides						13-6
session key
SSH	8-13
Session Timeout (error)						A-5
severity level, events					9-3
shutdown system				12-5
Simple Certificate Enrollment Protocol See SCEP
Simple Network Management Protocol See SNMP
SNMP
configuring internal server							8-6
enabling		8-6
event trap destinations, configuring								9-12
add	9-13
modify		9-13
MIB-II statistics				13-56
port number			8-6
traps, configuring "well-known" 9-8
traps, configuring for specific events								9-11
SNMP communities
adding	8-8
configuring			8-7
modifying			8-8
software image
filenames			12-3,13-9

	IN-8	OL-1893-01

Image 278

Cisco Systems VPN 3002 manual See also tunnel, IN-8

Contents

Cisco Systems, Inc Release NovemberCorporate Headquarters 170 West Tasman Drive San Jose, CAVPN 3002 Hardware Client Reference Copyright 2001, Cisco Systems, IncConfiguration | System ConfigurationSystem Configuration C O N T E N T SConfiguration | System | IP Routing Configuration | System | Servers | DNSConfiguration | System | Tunneling Protocols Configuration System Management ProtocolsAdministration | Ping Configuration | Policy ManagementAdministration Administration | Access RightsMonitoring | Live Event Log MonitoringMonitoring | Routing Table Monitoring | System StatusMonitoring | Statistics | MIB-II Files for Troubleshooting A-1LED Indicators Monitoring | Statistics | MIB-II| IP78-13782-01 viiiContents Organization PrefacePrerequisites ChapterDescription ChapterTitle ChapterVPN 3000 Series Concentrator Documentation Related DocumentationVPN 3002 Hardware Client Documentation VPN Client DocumentationConvention Documentation conventionsOther References boldface fontWorld Wide Web Obtaining DocumentationData Formats Documentation CD-ROMDocumentation feedback Obtaining technical assistanceOrdering documentation Cisco.comContacting TAC by telephone Contacting TAC by using the Cisco TAC websiteTechnical Assistance Center OL-1893-01 Preface Obtaining technical assistanceVPN 3002 Hardware Client Reference C H A P T E R Using the VPN 3002 Hardware Client ManagerVPN 3002 Hardware Client Browser Requirements JavaScript and Cookies Connecting to the VPN 3002 Using HTTPRecommended PC Monitor/Display Settings Navigation ToolbarVPN 3002 Hardware Client Reference Installing the SSL Certificate in Your BrowserInstalling the SSL Certificate in Your Browser OL-1893-01Figure 1-2Install SSL Certificate Screen 4.Click Install Certificate 5.Click Next to continue 7.Click Finish Viewing Certificates with Internet Explorer Installing the SSL Certificate with Netscape 1-10 ReinstallationFirst-timeInstallation 1-11 2.Click Next> to proceed1-12 8.Click Continue 1-13Viewing Certificates with Netscape 1-141-15 Click OK when finished1-16 Connecting to the VPN 3002 Using HTTPSConfiguring HTTP, HTTPS, and SSL Parameters Logging into the VPN 3002 Hardware Client Manager 1-17Logging into the VPN 3002 Hardware Client Manager 1-18Figure 1-27Manager Main Welcome Screen VPN 3002 Hardware Client Reference1-19 Interactive Hardware Client AuthenticationIndividual User Authentication VPN 3002 Hardware Client ReferenceThe Connection/Login Status screen displays Step 1 Click the Connection Login Status button1-20 Step 1 Click the Connect Now buttonStep 2 Click Connect 1-21Figure 1-31Connection Login Status Screen Figure 1-33Connection/Login Status Screen 1-22Figure 1-32Individual User Authentication Screen OL-1893-01 1-23VPN 3002 Hardware Client Reference Mouse pointer and tips Title barStatus bar Top frameTable of Contents ResetRestore ConfigurationManager screen Open or expandedMain frame 1-261-27 –Interfaces: Ethernet parametersFigure 1-35Manager Table of Contents Navigating the VPN 3002 Hardware Client Manager1-28 C H A P T E R ConfigurationConfiguration OL-1893-01 Chapter 2 Configuration ConfigurationVPN 3002 Hardware Client Reference C H A P T E R Configuration | InterfacesInterfaces DNS Servers InterfaceEthernet 1 Private, Ethernet 2 Public DNS Domain NameIP Address Default GatewayStatus Subnet MaskStatic IP Addressing Configuration | Interfaces | PrivateDisabled IP AddressSpeed Apply/CancelSubnet Mask DuplexPPPoE Client Configuration | Interfaces | PublicDHCP Client DisabledPPPoE User Name PPPoE PasswordVerify PPPoE Password Static IP AddressingReminder Apply / CancelDuplex C H A P T E R System ConfigurationConfiguration | System VPN 3002 Hardware Client Reference Chapter 4 System ConfigurationConfiguration | System OL-1893-01Servers Configuration | System | ServersConfiguration | System | Servers | DNS C H A P T E RPrimary DNS Server EnabledDomain Secondary DNS ServerApply / Cancel Timeout PeriodTimeout Retries Configuration | System | Servers | DNSVPN 3002 Hardware Client Reference Configuration | System | Servers | DNSChapter OL-1893-01Tunneling C H A P T E RConfiguration System Tunneling Protocols Backup Servers Remote ServerAbout Backup Servers IPSec over TCP IPSec over TCP PortGroup Use CertificateCertificate Transmission About IPSec over TCPVerify PasswordUser PasswordOL-1893-01 ChapterVPN 3002 Hardware Client Reference TunnelingC H A P T E R Configuration | System | IP RoutingIP Routing Reminder Static RoutesAdd / Modify / Delete Chapter 7 IP RoutingSubnet Mask Network AddressMetric Destination Router Address Add or Apply / CancelDestination InterfaceMetric Default GatewayApply / Cancel ReminderAddress Pool Start/End Configuration | System | IP Routing | DHCPLease Timeout EnabledApply/Cancel DHCP OptionAdd/Modify/Delete ReminderReminder Option ValueDHCP Option Nonconfigurable DHCP Options VPN 3002 Hardware Client Reference 7-10Chapter 7 IP Routing OL-1893-01C H A P T E R Configuration | System | Management ProtocolsManagement Protocols Enable HTTP About HTTP/HTTPSHTTP Port Enable HTTPSEnable HTTPS on Public HTTPS PortVPN 3002 Hardware Client Reference Enable TelnetChapter 8 Management Protocols Telnet/SSL Port Enable Telnet/SSLTelnet Port Maximum ConnectionsMaximum Queued Requests Enable SNMPSNMP Port Apply / CancelReminder Add/Modify/Delete Community StringsCommunities | Add or Modify ReminderReminder Community StringAdd or Apply / Cancel 8-10 Related information8-11 Client AuthenticationEncryption Algorithms 8-12 SSL VersionGenerated Certificate Key Size Apply/CancelVPN 3002 Hardware Client Reference 8-13Chapter 8 Management Protocols OL-1893-01SSH Port Enable SSHEnable SSH on Public Key Regeneration PeriodTo apply your SSH settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | Management Protocols screen 8-15Apply / Cancel ReminderEnable HTTPS on Public Enable XML8-16 Chapter 8 Management ProtocolsSSH IP Address HTTPS IP AddressHTTPS Wildcard-mask SSH Wildcard-maskVPN 3002 Hardware Client Reference 8-18Chapter 8 Management Protocols OL-1893-01Class Description Event Source EventsEvent Class Class NameCisco-specificEvent Class Class Description Event SourceClass Name EVENTMIBCategory Event Severity LevelLevel DescriptionEvent Log Event Log DataFigure 9-1Configuration | System | Events Screen Configuration | System | EventsConfiguration System Events General Syslog Format StringSeverity to Syslog Severity to LogSeverity to Console Cisco IOS SeveritySeverity to Trap Configuration | System | Events | ClassesConfigure either General event To send this “well-known”Reminder Configured Event ClassesAdd/Modify/Delete Modify screen EnableClass Name 9-10Severity to Console Add or Apply/Cancel9-11 Severity to SyslogAdd/Modify/Delete Trap Destinations9-12 Chapter9-13 SNMP VersionCommunity Destination9-14 Configuration System Events Syslog ServersPort Add or Apply/CancelAdd/Modify/Delete Syslog Servers9-15 Reminder9-16 Syslog ServerFacility PortTo add this server to the list of syslog servers, click Add. Or to apply your changes to this syslog server, click Apply. Both actions include your entry in the active configuration. The Manager returns to the Configuration | System | Events | Syslog Servers screen. Any new server appears in the Syslog Servers list 9-17Add or Apply/Cancel ReminderVPN 3002 Hardware Client Reference 9-18Chapter OL-1893-0110-1 Configuration | System | GeneralGeneral C H A P T E RContact Configuration | System | General | IdentificationSystem Name LocationCurrent Time Configuration | System | General | Time and DateEnable DST Support New TimeReminder 10-4Configuration | System | General | Time and Date Chapter 10 GeneralClient Mode with Split Tunneling Policy ManagementClient Mode/PAT 11-1Chapter 11 Policy Management Network Extension Mode11-2 Network Extension ModeNetwork Extension Mode with Split Tunneling 11-3Step 2 Click Connect Now Tunnel InitiationData Initiation 11-4Mode Configuration | Policy ManagementTraffic Management Tunneling Policy11-6 Configuration Policy Management TrafficManagement | PAT EnableApply/Cancel PAT Enabled11-7 ReminderVPN 3002 Hardware Client Reference 11-8Chapter 11 Policy Management OL-1893-0112-1 AdministrationAdministration C H A P T E RFigure 12-1Administration Screen Administration | Software Update12-2 Browse Upload/CancelCurrent Software Revision 12-3Software Update Error Software Update ProgressSoftware Update Success 12-4Chapter 12 Administration Administration | System Reboot12-5 Administration | System Reboot12-6 ConfigurationAction Figure 12-6Administration | System Reboot Screen12-7 Administration | PingWhen to Reboot/Shutdown Apply/CancelAddress/Hostname to Ping Ping/CancelError Ping Success Ping12-9 Administration | Access RightsAdministration | Access Rights | Administrators Figure 12-10Administration | Access Rights ScreenVerify AdministratorPassword 12-10Encrypt Config File Administration | Access Rights | Access SettingsSession Idle Timeout Session LimitDelete Administration | File ManagementView Save 12-12OK/Cancel Swap Config FilesConfig File Upload via HTTP 12-1312-14 Local Config File/BrowseFile Upload Progress Upload/Cancel12-15 File Upload ErrorFile Upload Success 12-16 Enrolling and Installing Digital CertificatesCertificate Management 12-17 12-18 Installing CA Certificates Manually 12-19Abbrev Enrolling and Installing Identity CertificatesRecommended Content Field Name12-21 Verify Challenge Password12-22 12-23 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The VPN 3002 sends the certificate request to the CA12-24 12-25 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The Manager displays the Administration | Certificate Management | Enrollment | Request Generated screen. See Figure12-26 Certificate Obtained via Enrollment Screen12-27 Obtaining SSL Certificates Enabling Digital Certificates on the VPN 12-29Deleting Digital Certificates 12-3012-31 Administration | Certificate ManagementCertificate Authority Identity Certificates Table ContentCertificate Authorities Table FieldsSSL Certificate Table Generate 12-33Subject/Issuer 12-34Content Fields12-35 Enrollment Status TableRemove All ContentField 12-36Content StatusSSL Certificate Administration | Certificate Management | EnrollIdentity Certificate 12-37Enroll via PKCS10 Request Manual Install a New SA Using SCEP before EnrollingType Enroll via SCEP at Name of SCEP CA12-39 Enroll / CancelFields 12-40 Go to Certificate ManagementGo to Certificate Enrollment Chapter 12 AdministrationFields Go to Certificate Installation12-41 Chapter 12 Administration 12-42Enroll / Cancel VPN 3002 Hardware Client Reference12-43 CancelEnroll FieldsInstall SSL Certificate with Private Key Administration | Certificate Management | InstallInstall CA Certificate Install Certificate Obtained via EnrollmentCertificate Obtained via Enrollment Screen 12-45Enrollment Status Table Upload File from Workstation SCEP Simple Certificate Enrollment ProtocolCut & Paste Text 12-4612-47 Retrieve / CancelCA Descriptor 12-48 Install / CancelCertificate Text PasswordPassword Filename / Browse12-49 Install / CancelChapter 12 Administration Administration | Certificate Management | View12-50 Administration | Certificate Management | ViewContent Certificate Fields12-51 FieldContent Back12-52 FieldSCEP Configuration Administration | Certificate Management |Configure CA Certificate Certificate12-54 Administration | Certificate Management | RenewalPolling Limit Apply / CancelRenew / Cancel Challenge PasswordVerify Challenge Password Renewal TypeStatus 12-56Go to Certificate Installation Go to Certificate ManagementFields Administration | Certificate Management | Delete12-57 12-58 View Enrollment RequestYes / No Administration | Certificate Management |Content Enrollment Request Fields12-59 FieldAdministration Certificate Management Cancel Enrollment Request12-60 ContentAdministration | Certificate Management | Delete Enrollment Request12-61 FieldsYes / No 12-62Fields To delete this enrollment request, click YesC H A P T E R Monitoring13-1 Figure 13-1Monitoring ScreenValid Routes Monitoring | Routing TableClear Routes Address13-3 Monitoring | Filterable Event LogMetric Severities Select Filter OptionsEvent Class Client IP AddressClear Log Event Log FormatGet Log There is no undoEvent Severity Monitoring | Live Event LogEvent Time Event Class/NumberClear Display TimerPause Display/Resume Display RestartMonitoring | System Status ResetRestore 13-8VPN Client Type Bootcode RevRefresh Software RevDuration AuthenticationTunnel Established to Security AssociationsOther Front PanelBack Panel 13-11Refresh 13-12Restore BackRx Multicast Rx UnicastTx Unicast Tx MulticastMonitoring | User Status Cisco IP Phone Bypass Enabled/DisabledLogin Time UsernameMonitoring | Statistics 13-15Reset Monitoring Statistics IPSec13-16 RestoreTotal Tunnels IKE Phase 1 StatisticsActive Tunnels Received BytesInvalid Phase-2Exchanges Received Received Phase-2ExchangesSent Phase-2Exchanges Invalid Phase-2Exchanges SentInitiated Tunnels Phase-2SA Delete Requests SentAuthentication Failures Failed Initiated Tunnels13-20 IPSec Phase 2 StatisticsReceived Packets Dropped Anti-Replay Active TunnelsOutbound Authentications Inbound AuthenticationsFailed Inbound Authentications Failed Outbound Authentications13-22 Monitoring Statistics HTTPProtocol Use Failures System Capability FailuresPackets Sent Sockets/Sessions Octets Sent/ReceivedPackets Sent/Received PeakHTTP Sessions Login NameLogin Time Max Connections13-25 Monitoring | Statistics | TelnetActive Sessions ResetSuccessful Sessions Inbound Octets CommandAttempted Sessions Telnet SessionsResponses Monitoring | Statistics | DNSRequests 13-27Server Unreachable TimeoutsMonitoring | Statistics | SSL Other FailuresUnencrypted Outbound Octets Unencrypted Inbound OctetsEncrypted Inbound Octets Encrypted Outbound OctetsMaximum Active Leases Monitoring | Statistics | DHCPActive Leases 13-30Leased IP Address Pool StartPool End Time LeftReset Monitoring | Statistics | SSH13-32 Restore13-33 SSH SessionsRemote IP Address:Port Login Name13-34 Monitoring | Statistics | NATPackets In/Out ResetTranslations Peak NAT SessionsTranslations Active Translations Total13-36 Monitoring | Statistics | PPPoETranslated Bytes/Packets ResetPADR Timeouts PPPoE Access ConcentratorPADI Timeouts User NamePADT Tx Generic Errors RxPADT Rx Malformed Packets RxMonitoring | Statistics | MIB-II 13-39Reset Monitoring | Statistics | MIB-II| Interfaces13-40 RestoreMulticast In Unicast InUnicast Out Multicast Out13-42 Monitoring | Statistics | MIB-II| TCP/UDPTCP Segments Received ResetTCP Segments Transmitted TCP Timeout MinTCP Timeout Max TCP Segments RetransmittedTCP Current Established TCP Established ResetsUDP Errored Datagrams UDP Datagrams ReceivedReset Monitoring | Statistics | MIB-II| IP13-45 RestorePackets Received Total Packets Received Header ErrorsPackets Received Address Errors Packets Received Unknown ProtocolsReassembly Failures Fragments Needing ReassemblyReassembly Successes Outbound Packets with No Route13-48 Monitoring Statistics MIB-II ICMPTotal Received/Transmitted ResetDestination Unreachable Received/Transmitted Errors Received/TransmittedParameter Problems Received/Transmitted Time Exceeded Received/TransmittedAddress Mask Requests Received/Transmitted Timestamp Requests Received/TransmittedTimestamp Replies Received/Transmitted Address Mask Replies Received/TransmittedRefresh Monitoring | Statistics | MIB-II| ARP Table13-51 Chapter 13 MonitoringAction/Delete Physical AddressMapping Type 13-52Reset Monitoring | Statistics | MIB-II| Ethernet13-53 RestoreCarrier Sense Errors Alignment ErrorsFCS Errors SQE Test ErrorsExcessive Collisions MAC Errors: TransmitMAC Errors: Receive Speed MbpsBad Version Monitoring | Statistics | MIB-II| SNMPRequests Received 13-56Silent Drops Parsing ErrorsBad Community String Proxy DropsMonitoring | Statistics | MIB-II| SNMP 13-58Chapter 13 Monitoring VPN 3002 Hardware Client ReferenceConsole Access Using the Command-LineInterfaceAccessing the Command-lineInterface 14-114-2 Starting the Command-lineInterfaceTelnet or Telnet/SSL access Entering Values Using the Command-lineInterfaceChoosing Menu Items 14-314-4 Using Shortcut NumbersNavigating Quickly 14-5 Using Back and HomeGetting Help Information Understanding Access Rights Saving the Configuration FileStopping the Command-lineInterface 14-61.2 Configuration > Interface Configuration 1Configuration1.1 Configuration > Quick Configuration Menu Reference1.3Configuration > System Management 1.3.1Configuration > System Management > Servers2.1 Administration > Software Update 2Administration1.4Configuration > Policy Management 2.4Administration Access Rights 2.2Administration > System Reboot2.3Administration > Ping 14-102.5 Administration > File Management 2.6Administration > Certificate Management3 Monitoring 3.2.2 Monitoring > Event Log > View Event Log 3.1 Monitoring > Routing Table3.2Monitoring > Event Log 3.3 Monitoring > System Status3.4 Monitoring > User Status 3.5Monitoring > General StatisticsEvent Logs Troubleshooting and System ErrorsFiles for Troubleshooting Crash Dump FileVPN 3002 Front LEDs LED IndicatorsConfiguration Files Crash Dump FilePossible Solution System ErrorsProblem or Symptom VPN 3002 Rear LEDsthe VPN 3002 Hardware Client User Reference Settings on the VPN ConcentratorSeries Concentrator Reference Volume on Connect NowVPN 3002 Hardware Client Manager Errors Invalid Login or Session TimeoutLogin ProblemSolution Manager Logs OutBack or Forward on Error MessageIncorrect Display Possible causeSolution Not Allowed MessageProblem Possible causeProblem Not Foundinterface supported SolutionA-10 Command-lineInterface ErrorsError ProblemIN-1 NumericsI N D E errors A-10 See CLIIN-2 help commandIN-3 IN-4 IN-5 IN-6 IN-7 See also tunnel IN-8IN-9 IN-10 IN-11 VPN 3002 Hardware Client Reference IN-12Index OL-1893-01