Manuals / Cisco Systems / Household Appliance / Home Safety Product

Cisco Systems VPN 3002 manual Open or expanded, Main frame, Manager screen, 1-26

Models: VPN 3002

1 282

Download 282 pages 2.25 Kb

Page 42

Image 42

Chapter 1 Using the VPN 3002 Hardware Client Manager

Understanding the VPN 3002 Hardware Client Manager Window

Open or expanded	Click the open/expanded icon to close subordinate sections and titles.
	Clicking on this icon does not change the screen in the main frame.
Main frame	The main frame displays the current VPN 3002 Hardware Client
(Manager screen)	Manager screen.
	Many screens include a bullet list of links and descriptions of
	subordinate sections and titles. you can click a link to go to that
	Manager screen, and open subordinate sections and titles in the table
	of contents.

VPN 3002 Hardware Client Reference

1-26	OL-1893-01

Page 42

Image 42

Cisco Systems VPN 3002 manual Open or expanded, Main frame, Manager screen, 1-26

Contents

Cisco Systems, Inc Release NovemberCorporate Headquarters 170 West Tasman Drive San Jose, CAVPN 3002 Hardware Client Reference Copyright 2001, Cisco Systems, IncConfiguration | System ConfigurationSystem Configuration C O N T E N T SConfiguration | System | IP Routing Configuration | System | Servers | DNSConfiguration | System | Tunneling Protocols Configuration System Management ProtocolsAdministration | Ping Configuration | Policy ManagementAdministration Administration | Access RightsMonitoring | Live Event Log MonitoringMonitoring | Routing Table Monitoring | System StatusMonitoring | Statistics | MIB-II Files for Troubleshooting A-1LED Indicators Monitoring | Statistics | MIB-II| IPviii Contents78-13782-01 Organization PrefacePrerequisites ChapterDescription ChapterTitle ChapterVPN 3000 Series Concentrator Documentation Related DocumentationVPN 3002 Hardware Client Documentation VPN Client DocumentationConvention Documentation conventionsOther References boldface fontWorld Wide Web Obtaining DocumentationData Formats Documentation CD-ROMDocumentation feedback Obtaining technical assistanceOrdering documentation Cisco.comContacting TAC by using the Cisco TAC website Technical Assistance CenterContacting TAC by telephone Preface Obtaining technical assistance VPN 3002 Hardware Client ReferenceOL-1893-01 Using the VPN 3002 Hardware Client Manager VPN 3002 Hardware Client Browser RequirementsC H A P T E R JavaScript and Cookies Connecting to the VPN 3002 Using HTTPRecommended PC Monitor/Display Settings Navigation ToolbarVPN 3002 Hardware Client Reference Installing the SSL Certificate in Your BrowserInstalling the SSL Certificate in Your Browser OL-1893-01Figure 1-2Install SSL Certificate Screen 4.Click Install Certificate 5.Click Next to continue 7.Click Finish Viewing Certificates with Internet Explorer Installing the SSL Certificate with Netscape Reinstallation First-timeInstallation1-10 1-11 2.Click Next> to proceed1-12 8.Click Continue 1-13Viewing Certificates with Netscape 1-141-15 Click OK when finishedConnecting to the VPN 3002 Using HTTPS Configuring HTTP, HTTPS, and SSL Parameters1-16 Logging into the VPN 3002 Hardware Client Manager 1-17Logging into the VPN 3002 Hardware Client Manager 1-18Figure 1-27Manager Main Welcome Screen VPN 3002 Hardware Client Reference1-19 Interactive Hardware Client AuthenticationIndividual User Authentication VPN 3002 Hardware Client ReferenceThe Connection/Login Status screen displays Step 1 Click the Connection Login Status button1-20 Step 1 Click the Connect Now button1-21 Figure 1-31Connection Login Status ScreenStep 2 Click Connect 1-22 Figure 1-32Individual User Authentication ScreenFigure 1-33Connection/Login Status Screen 1-23 VPN 3002 Hardware Client ReferenceOL-1893-01 Mouse pointer and tips Title barStatus bar Top frameTable of Contents ResetRestore ConfigurationManager screen Open or expandedMain frame 1-261-27 –Interfaces: Ethernet parametersNavigating the VPN 3002 Hardware Client Manager 1-28Figure 1-35Manager Table of Contents Configuration ConfigurationC H A P T E R Chapter 2 Configuration Configuration VPN 3002 Hardware Client ReferenceOL-1893-01 Configuration | Interfaces InterfacesC H A P T E R DNS Servers InterfaceEthernet 1 Private, Ethernet 2 Public DNS Domain NameIP Address Default GatewayStatus Subnet MaskStatic IP Addressing Configuration | Interfaces | PrivateDisabled IP AddressSpeed Apply/CancelSubnet Mask DuplexPPPoE Client Configuration | Interfaces | PublicDHCP Client DisabledPPPoE User Name PPPoE PasswordVerify PPPoE Password Static IP AddressingApply / Cancel DuplexReminder System Configuration Configuration | SystemC H A P T E R VPN 3002 Hardware Client Reference Chapter 4 System ConfigurationConfiguration | System OL-1893-01Servers Configuration | System | ServersConfiguration | System | Servers | DNS C H A P T E RPrimary DNS Server EnabledDomain Secondary DNS ServerApply / Cancel Timeout PeriodTimeout Retries Configuration | System | Servers | DNSVPN 3002 Hardware Client Reference Configuration | System | Servers | DNSChapter OL-1893-01Tunneling C H A P T E RConfiguration System Tunneling Protocols Backup Servers Remote ServerAbout Backup Servers IPSec over TCP IPSec over TCP PortGroup Use CertificateCertificate Transmission About IPSec over TCPVerify PasswordUser PasswordOL-1893-01 ChapterVPN 3002 Hardware Client Reference TunnelingConfiguration | System | IP Routing IP RoutingC H A P T E R Reminder Static RoutesAdd / Modify / Delete Chapter 7 IP RoutingNetwork Address MetricSubnet Mask Destination Router Address Add or Apply / CancelDestination InterfaceMetric Default GatewayApply / Cancel ReminderAddress Pool Start/End Configuration | System | IP Routing | DHCPLease Timeout EnabledApply/Cancel DHCP OptionAdd/Modify/Delete ReminderOption Value DHCP OptionReminder Nonconfigurable DHCP Options VPN 3002 Hardware Client Reference 7-10Chapter 7 IP Routing OL-1893-01Configuration | System | Management Protocols Management ProtocolsC H A P T E R Enable HTTP About HTTP/HTTPSHTTP Port Enable HTTPSEnable HTTPS on Public HTTPS PortEnable Telnet Chapter 8 Management ProtocolsVPN 3002 Hardware Client Reference Telnet/SSL Port Enable Telnet/SSLTelnet Port Maximum ConnectionsMaximum Queued Requests Enable SNMPSNMP Port Apply / CancelReminder Add/Modify/Delete Community StringsCommunities | Add or Modify ReminderCommunity String Add or Apply / CancelReminder 8-10 Related informationClient Authentication Encryption Algorithms8-11 8-12 SSL VersionGenerated Certificate Key Size Apply/CancelVPN 3002 Hardware Client Reference 8-13Chapter 8 Management Protocols OL-1893-01SSH Port Enable SSHEnable SSH on Public Key Regeneration PeriodTo apply your SSH settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | Management Protocols screen 8-15Apply / Cancel ReminderEnable HTTPS on Public Enable XML8-16 Chapter 8 Management ProtocolsSSH IP Address HTTPS IP AddressHTTPS Wildcard-mask SSH Wildcard-maskVPN 3002 Hardware Client Reference 8-18Chapter 8 Management Protocols OL-1893-01Class Description Event Source EventsEvent Class Class NameCisco-specificEvent Class Class Description Event SourceClass Name EVENTMIBCategory Event Severity LevelLevel DescriptionEvent Log Event Log DataConfiguration | System | Events Configuration System Events GeneralFigure 9-1Configuration | System | Events Screen Syslog Format StringSeverity to Syslog Severity to LogSeverity to Console Cisco IOS SeveritySeverity to Trap Configuration | System | Events | ClassesConfigure either General event To send this “well-known”Configured Event Classes Add/Modify/DeleteReminder Modify screen EnableClass Name 9-10Severity to Console Add or Apply/Cancel9-11 Severity to SyslogAdd/Modify/Delete Trap Destinations9-12 Chapter9-13 SNMP VersionCommunity Destination9-14 Configuration System Events Syslog ServersPort Add or Apply/CancelAdd/Modify/Delete Syslog Servers9-15 Reminder9-16 Syslog ServerFacility PortTo add this server to the list of syslog servers, click Add. Or to apply your changes to this syslog server, click Apply. Both actions include your entry in the active configuration. The Manager returns to the Configuration | System | Events | Syslog Servers screen. Any new server appears in the Syslog Servers list 9-17Add or Apply/Cancel ReminderVPN 3002 Hardware Client Reference 9-18Chapter OL-1893-0110-1 Configuration | System | GeneralGeneral C H A P T E RContact Configuration | System | General | IdentificationSystem Name LocationCurrent Time Configuration | System | General | Time and DateEnable DST Support New TimeReminder 10-4Configuration | System | General | Time and Date Chapter 10 GeneralClient Mode with Split Tunneling Policy ManagementClient Mode/PAT 11-1Chapter 11 Policy Management Network Extension Mode11-2 Network Extension ModeNetwork Extension Mode with Split Tunneling 11-3Step 2 Click Connect Now Tunnel InitiationData Initiation 11-4Mode Configuration | Policy ManagementTraffic Management Tunneling Policy11-6 Configuration Policy Management TrafficManagement | PAT EnableApply/Cancel PAT Enabled11-7 ReminderVPN 3002 Hardware Client Reference 11-8Chapter 11 Policy Management OL-1893-0112-1 AdministrationAdministration C H A P T E RAdministration | Software Update 12-2Figure 12-1Administration Screen Browse Upload/CancelCurrent Software Revision 12-3Software Update Error Software Update ProgressSoftware Update Success 12-4Chapter 12 Administration Administration | System Reboot12-5 Administration | System Reboot12-6 ConfigurationAction Figure 12-6Administration | System Reboot Screen12-7 Administration | PingWhen to Reboot/Shutdown Apply/CancelAddress/Hostname to Ping Ping/CancelError Ping Success Ping12-9 Administration | Access RightsAdministration | Access Rights | Administrators Figure 12-10Administration | Access Rights ScreenVerify AdministratorPassword 12-10Encrypt Config File Administration | Access Rights | Access SettingsSession Idle Timeout Session LimitDelete Administration | File ManagementView Save 12-12OK/Cancel Swap Config FilesConfig File Upload via HTTP 12-1312-14 Local Config File/BrowseFile Upload Progress Upload/CancelFile Upload Error File Upload Success12-15 Enrolling and Installing Digital Certificates Certificate Management12-16 12-17 12-18 Installing CA Certificates Manually 12-19Abbrev Enrolling and Installing Identity CertificatesRecommended Content Field Name12-21 Verify Challenge Password12-22 12-23 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The VPN 3002 sends the certificate request to the CA12-24 12-25 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The Manager displays the Administration | Certificate Management | Enrollment | Request Generated screen. See Figure12-26 Certificate Obtained via Enrollment Screen12-27 Obtaining SSL Certificates Enabling Digital Certificates on the VPN 12-29Deleting Digital Certificates 12-30Administration | Certificate Management Certificate Authority12-31 Identity Certificates Table ContentCertificate Authorities Table FieldsSSL Certificate Table Generate 12-33Subject/Issuer 12-34Content Fields12-35 Enrollment Status TableRemove All ContentField 12-36Content StatusSSL Certificate Administration | Certificate Management | EnrollIdentity Certificate 12-37Enroll via PKCS10 Request Manual Install a New SA Using SCEP before EnrollingType Enroll via SCEP at Name of SCEP CAEnroll / Cancel Fields12-39 12-40 Go to Certificate ManagementGo to Certificate Enrollment Chapter 12 AdministrationGo to Certificate Installation 12-41Fields Chapter 12 Administration 12-42Enroll / Cancel VPN 3002 Hardware Client Reference12-43 CancelEnroll FieldsInstall SSL Certificate with Private Key Administration | Certificate Management | InstallInstall CA Certificate Install Certificate Obtained via Enrollment12-45 Enrollment Status TableCertificate Obtained via Enrollment Screen Upload File from Workstation SCEP Simple Certificate Enrollment ProtocolCut & Paste Text 12-46Retrieve / Cancel CA Descriptor12-47 12-48 Install / CancelCertificate Text PasswordPassword Filename / Browse12-49 Install / CancelChapter 12 Administration Administration | Certificate Management | View12-50 Administration | Certificate Management | ViewContent Certificate Fields12-51 FieldContent Back12-52 FieldSCEP Configuration Administration | Certificate Management |Configure CA Certificate Certificate12-54 Administration | Certificate Management | RenewalPolling Limit Apply / CancelRenew / Cancel Challenge PasswordVerify Challenge Password Renewal TypeStatus 12-56Go to Certificate Installation Go to Certificate ManagementAdministration | Certificate Management | Delete 12-57Fields 12-58 View Enrollment RequestYes / No Administration | Certificate Management |Content Enrollment Request Fields12-59 FieldAdministration Certificate Management Cancel Enrollment Request12-60 ContentAdministration | Certificate Management | Delete Enrollment Request12-61 FieldsYes / No 12-62Fields To delete this enrollment request, click YesC H A P T E R Monitoring13-1 Figure 13-1Monitoring ScreenValid Routes Monitoring | Routing TableClear Routes AddressMonitoring | Filterable Event Log Metric13-3 Severities Select Filter OptionsEvent Class Client IP AddressClear Log Event Log FormatGet Log There is no undoEvent Severity Monitoring | Live Event LogEvent Time Event Class/NumberClear Display TimerPause Display/Resume Display RestartMonitoring | System Status ResetRestore 13-8VPN Client Type Bootcode RevRefresh Software RevDuration AuthenticationTunnel Established to Security AssociationsOther Front PanelBack Panel 13-11Refresh 13-12Restore BackRx Multicast Rx UnicastTx Unicast Tx MulticastMonitoring | User Status Cisco IP Phone Bypass Enabled/DisabledLogin Time UsernameMonitoring | Statistics 13-15Reset Monitoring Statistics IPSec13-16 RestoreTotal Tunnels IKE Phase 1 StatisticsActive Tunnels Received BytesInvalid Phase-2Exchanges Received Received Phase-2ExchangesSent Phase-2Exchanges Invalid Phase-2Exchanges SentInitiated Tunnels Phase-2SA Delete Requests SentAuthentication Failures Failed Initiated Tunnels13-20 IPSec Phase 2 StatisticsReceived Packets Dropped Anti-Replay Active TunnelsOutbound Authentications Inbound AuthenticationsFailed Inbound Authentications Failed Outbound Authentications13-22 Monitoring Statistics HTTPProtocol Use Failures System Capability FailuresPackets Sent Sockets/Sessions Octets Sent/ReceivedPackets Sent/Received PeakHTTP Sessions Login NameLogin Time Max Connections13-25 Monitoring | Statistics | TelnetActive Sessions ResetSuccessful Sessions Inbound Octets CommandAttempted Sessions Telnet SessionsResponses Monitoring | Statistics | DNSRequests 13-27Server Unreachable TimeoutsMonitoring | Statistics | SSL Other FailuresUnencrypted Outbound Octets Unencrypted Inbound OctetsEncrypted Inbound Octets Encrypted Outbound OctetsMaximum Active Leases Monitoring | Statistics | DHCPActive Leases 13-30Leased IP Address Pool StartPool End Time LeftReset Monitoring | Statistics | SSH13-32 Restore13-33 SSH SessionsRemote IP Address:Port Login Name13-34 Monitoring | Statistics | NATPackets In/Out ResetTranslations Peak NAT SessionsTranslations Active Translations Total13-36 Monitoring | Statistics | PPPoETranslated Bytes/Packets ResetPADR Timeouts PPPoE Access ConcentratorPADI Timeouts User NamePADT Tx Generic Errors RxPADT Rx Malformed Packets RxMonitoring | Statistics | MIB-II 13-39Reset Monitoring | Statistics | MIB-II| Interfaces13-40 RestoreMulticast In Unicast InUnicast Out Multicast Out13-42 Monitoring | Statistics | MIB-II| TCP/UDPTCP Segments Received ResetTCP Segments Transmitted TCP Timeout MinTCP Timeout Max TCP Segments RetransmittedTCP Current Established TCP Established ResetsUDP Errored Datagrams UDP Datagrams ReceivedReset Monitoring | Statistics | MIB-II| IP13-45 RestorePackets Received Total Packets Received Header ErrorsPackets Received Address Errors Packets Received Unknown ProtocolsReassembly Failures Fragments Needing ReassemblyReassembly Successes Outbound Packets with No Route13-48 Monitoring Statistics MIB-II ICMPTotal Received/Transmitted ResetDestination Unreachable Received/Transmitted Errors Received/TransmittedParameter Problems Received/Transmitted Time Exceeded Received/TransmittedAddress Mask Requests Received/Transmitted Timestamp Requests Received/TransmittedTimestamp Replies Received/Transmitted Address Mask Replies Received/TransmittedRefresh Monitoring | Statistics | MIB-II| ARP Table13-51 Chapter 13 MonitoringAction/Delete Physical AddressMapping Type 13-52Reset Monitoring | Statistics | MIB-II| Ethernet13-53 RestoreCarrier Sense Errors Alignment ErrorsFCS Errors SQE Test ErrorsExcessive Collisions MAC Errors: TransmitMAC Errors: Receive Speed MbpsBad Version Monitoring | Statistics | MIB-II| SNMPRequests Received 13-56Silent Drops Parsing ErrorsBad Community String Proxy DropsMonitoring | Statistics | MIB-II| SNMP 13-58Chapter 13 Monitoring VPN 3002 Hardware Client ReferenceConsole Access Using the Command-LineInterfaceAccessing the Command-lineInterface 14-1Starting the Command-lineInterface Telnet or Telnet/SSL access14-2 Entering Values Using the Command-lineInterfaceChoosing Menu Items 14-3Using Shortcut Numbers Navigating Quickly14-4 Using Back and Home Getting Help Information14-5 Understanding Access Rights Saving the Configuration FileStopping the Command-lineInterface 14-61.2 Configuration > Interface Configuration 1Configuration1.1 Configuration > Quick Configuration Menu Reference1.3Configuration > System Management 1.3.1Configuration > System Management > Servers2Administration 1.4Configuration > Policy Management2.1 Administration > Software Update 2.4Administration Access Rights 2.2Administration > System Reboot2.3Administration > Ping 14-102.5 Administration > File Management 2.6Administration > Certificate Management3 Monitoring 3.2.2 Monitoring > Event Log > View Event Log 3.1 Monitoring > Routing Table3.2Monitoring > Event Log 3.3 Monitoring > System Status3.4 Monitoring > User Status 3.5Monitoring > General StatisticsEvent Logs Troubleshooting and System ErrorsFiles for Troubleshooting Crash Dump FileVPN 3002 Front LEDs LED IndicatorsConfiguration Files Crash Dump FilePossible Solution System ErrorsProblem or Symptom VPN 3002 Rear LEDsthe VPN 3002 Hardware Client User Reference Settings on the VPN ConcentratorSeries Concentrator Reference Volume on Connect NowVPN 3002 Hardware Client Manager Errors Invalid Login or Session TimeoutLogin ProblemSolution Manager Logs OutBack or Forward on Error MessageIncorrect Display Possible causeSolution Not Allowed MessageProblem Possible causeProblem Not Foundinterface supported SolutionA-10 Command-lineInterface ErrorsError ProblemNumerics I N D EIN-1 errors A-10 See CLIIN-2 help commandIN-3 IN-4 IN-5 IN-6 IN-7 See also tunnel IN-8IN-9 IN-10 IN-11 VPN 3002 Hardware Client Reference IN-12Index OL-1893-01

Open or expanded

Main frame

(Manager screen)

1-26