Manuals / Cisco Systems / Household Appliance / Home Safety Product

Cisco Systems manual 8-13, Management Protocols, VPN 3002 Hardware Client Reference, OL-1893-01

Models: VPN 3002

1 282

Download 282 pages 2.25 Kb

Page 91

8-13

Chapter 8 Management Protocols

Configuration System Management Protocols SSH

Figure 8-13 Configuration System Management Protocols Screen

Configuration System Management Protocols SSH

This screen lets you configure the VPN 3002 SSH (Secure Shell) protocol server. SSH is a secure Telnet-like terminal emulator protocol that you can use to manage the VPN 3002, using the Command Line Interface, over a remote connection.

The SSH server supports SSH1 (protocol version 1.5), which uses two RSA keys for security. All communication over the connection is encrypted. To provide additional security, the remote client authenticates the server and the server authenticates the client.

At the start of an SSH session, the VPN 3002 sends both a host key and a server key to the client, which responds with a session key that it generates and encrypts using the host and server keys. The RSA key of the SSL certificate is used as the host key, which uniquely identifies the VPN 3002. See Configuration System Management Protocols SSL.

Figure 8-14 Configuration System Management Protocols SSH screen

VPN 3002 Hardware Client Reference

	OL-1893-01	8-13

Image 91

Cisco Systems manual 8-13, Management Protocols, VPN 3002 Hardware Client Reference, OL-1893-01

Contents

170 West Tasman Drive San Jose, CA Release NovemberCorporate Headquarters Cisco Systems, IncCopyright 2001, Cisco Systems, Inc VPN 3002 Hardware Client ReferenceC O N T E N T S ConfigurationSystem Configuration Configuration | SystemConfiguration System Management Protocols Configuration | System | Servers | DNSConfiguration | System | Tunneling Protocols Configuration | System | IP RoutingAdministration | Access Rights Configuration | Policy ManagementAdministration Administration | PingMonitoring | System Status MonitoringMonitoring | Routing Table Monitoring | Live Event LogMonitoring | Statistics | MIB-II| IP Files for Troubleshooting A-1LED Indicators Monitoring | Statistics | MIB-IIContents viii78-13782-01 Chapter PrefacePrerequisites OrganizationChapter ChapterTitle DescriptionVPN Client Documentation Related DocumentationVPN 3002 Hardware Client Documentation VPN 3000 Series Concentrator Documentationboldface font Documentation conventionsOther References ConventionDocumentation CD-ROM Obtaining DocumentationData Formats World Wide WebCisco.com Obtaining technical assistanceOrdering documentation Documentation feedbackTechnical Assistance Center Contacting TAC by using the Cisco TAC websiteContacting TAC by telephone VPN 3002 Hardware Client Reference Preface Obtaining technical assistanceOL-1893-01 VPN 3002 Hardware Client Browser Requirements Using the VPN 3002 Hardware Client ManagerC H A P T E R Navigation Toolbar Connecting to the VPN 3002 Using HTTPRecommended PC Monitor/Display Settings JavaScript and CookiesOL-1893-01 Installing the SSL Certificate in Your BrowserInstalling the SSL Certificate in Your Browser VPN 3002 Hardware Client ReferenceFigure 1-2Install SSL Certificate Screen 4.Click Install Certificate 5.Click Next to continue 7.Click Finish Viewing Certificates with Internet Explorer Installing the SSL Certificate with Netscape First-timeInstallation Reinstallation1-10 2.Click Next> to proceed 1-111-12 1-13 8.Click Continue1-14 Viewing Certificates with NetscapeClick OK when finished 1-15Configuring HTTP, HTTPS, and SSL Parameters Connecting to the VPN 3002 Using HTTPS1-16 1-17 Logging into the VPN 3002 Hardware Client ManagerVPN 3002 Hardware Client Reference 1-18Figure 1-27Manager Main Welcome Screen Logging into the VPN 3002 Hardware Client ManagerVPN 3002 Hardware Client Reference Interactive Hardware Client AuthenticationIndividual User Authentication 1-19Step 1 Click the Connect Now button Step 1 Click the Connection Login Status button1-20 The Connection/Login Status screen displaysFigure 1-31Connection Login Status Screen 1-21Step 2 Click Connect Figure 1-32Individual User Authentication Screen 1-22Figure 1-33Connection/Login Status Screen VPN 3002 Hardware Client Reference 1-23OL-1893-01 Top frame Title barStatus bar Mouse pointer and tipsConfiguration ResetRestore Table of Contents1-26 Open or expandedMain frame Manager screen–Interfaces: Ethernet parameters 1-271-28 Navigating the VPN 3002 Hardware Client ManagerFigure 1-35Manager Table of Contents Configuration ConfigurationC H A P T E R VPN 3002 Hardware Client Reference Chapter 2 Configuration ConfigurationOL-1893-01 Interfaces Configuration | InterfacesC H A P T E R DNS Domain Name InterfaceEthernet 1 Private, Ethernet 2 Public DNS ServersSubnet Mask Default GatewayStatus IP AddressIP Address Configuration | Interfaces | PrivateDisabled Static IP AddressingDuplex Apply/CancelSubnet Mask SpeedDisabled Configuration | Interfaces | PublicDHCP Client PPPoE ClientStatic IP Addressing PPPoE PasswordVerify PPPoE Password PPPoE User NameDuplex Apply / CancelReminder Configuration | System System ConfigurationC H A P T E R OL-1893-01 Chapter 4 System ConfigurationConfiguration | System VPN 3002 Hardware Client ReferenceC H A P T E R Configuration | System | ServersConfiguration | System | Servers | DNS ServersSecondary DNS Server EnabledDomain Primary DNS ServerConfiguration | System | Servers | DNS Timeout PeriodTimeout Retries Apply / CancelOL-1893-01 Configuration | System | Servers | DNSChapter VPN 3002 Hardware Client ReferenceC H A P T E R TunnelingConfiguration System Tunneling Protocols Remote Server Backup ServersAbout Backup Servers IPSec over TCP Port IPSec over TCPAbout IPSec over TCP Use CertificateCertificate Transmission GroupPassword PasswordUser VerifyTunneling ChapterVPN 3002 Hardware Client Reference OL-1893-01IP Routing Configuration | System | IP RoutingC H A P T E R Chapter 7 IP Routing Static RoutesAdd / Modify / Delete ReminderMetric Network AddressSubnet Mask Interface Add or Apply / CancelDestination Destination Router AddressReminder Default GatewayApply / Cancel MetricEnabled Configuration | System | IP Routing | DHCPLease Timeout Address Pool Start/EndReminder DHCP OptionAdd/Modify/Delete Apply/CancelDHCP Option Option ValueReminder Nonconfigurable DHCP Options OL-1893-01 7-10Chapter 7 IP Routing VPN 3002 Hardware Client ReferenceManagement Protocols Configuration | System | Management ProtocolsC H A P T E R About HTTP/HTTPS Enable HTTPHTTPS Port Enable HTTPSEnable HTTPS on Public HTTP PortChapter 8 Management Protocols Enable TelnetVPN 3002 Hardware Client Reference Maximum Connections Enable Telnet/SSLTelnet Port Telnet/SSL PortApply / Cancel Enable SNMPSNMP Port Maximum Queued RequestsReminder Reminder Community StringsCommunities | Add or Modify Add/Modify/DeleteAdd or Apply / Cancel Community StringReminder Related information 8-10Encryption Algorithms Client Authentication8-11 Apply/Cancel SSL VersionGenerated Certificate Key Size 8-12OL-1893-01 8-13Chapter 8 Management Protocols VPN 3002 Hardware Client ReferenceKey Regeneration Period Enable SSHEnable SSH on Public SSH PortReminder 8-15Apply / Cancel To apply your SSH settings, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | Management Protocols screenChapter 8 Management Protocols Enable XML8-16 Enable HTTPS on PublicSSH Wildcard-mask HTTPS IP AddressHTTPS Wildcard-mask SSH IP AddressOL-1893-01 8-18Chapter 8 Management Protocols VPN 3002 Hardware Client ReferenceClass Name EventsEvent Class Class Description Event SourceEVENTMIB Class Description Event SourceClass Name Cisco-specificEvent ClassDescription Event Severity LevelLevel CategoryEvent Log Data Event LogConfiguration System Events General Configuration | System | EventsFigure 9-1Configuration | System | Events Screen String Syslog FormatCisco IOS Severity Severity to LogSeverity to Console Severity to SyslogTo send this “well-known” Configuration | System | Events | ClassesConfigure either General event Severity to TrapAdd/Modify/Delete Configured Event ClassesReminder 9-10 EnableClass Name Modify screenSeverity to Syslog Add or Apply/Cancel9-11 Severity to ConsoleChapter Trap Destinations9-12 Add/Modify/DeleteDestination SNMP VersionCommunity 9-13Add or Apply/Cancel Configuration System Events Syslog ServersPort 9-14Reminder Syslog Servers9-15 Add/Modify/DeletePort Syslog ServerFacility 9-16Reminder 9-17Add or Apply/Cancel To add this server to the list of syslog servers, click Add. Or to apply your changes to this syslog server, click Apply. Both actions include your entry in the active configuration. The Manager returns to the Configuration | System | Events | Syslog Servers screen. Any new server appears in the Syslog Servers listOL-1893-01 9-18Chapter VPN 3002 Hardware Client ReferenceC H A P T E R Configuration | System | GeneralGeneral 10-1Location Configuration | System | General | IdentificationSystem Name ContactNew Time Configuration | System | General | Time and DateEnable DST Support Current TimeChapter 10 General 10-4Configuration | System | General | Time and Date Reminder11-1 Policy ManagementClient Mode/PAT Client Mode with Split TunnelingNetwork Extension Mode Network Extension Mode11-2 Chapter 11 Policy Management11-3 Network Extension Mode with Split Tunneling11-4 Tunnel InitiationData Initiation Step 2 Click Connect NowTunneling Policy Configuration | Policy ManagementTraffic Management ModeEnable Configuration Policy Management TrafficManagement | PAT 11-6Reminder PAT Enabled11-7 Apply/CancelOL-1893-01 11-8Chapter 11 Policy Management VPN 3002 Hardware Client ReferenceC H A P T E R AdministrationAdministration 12-112-2 Administration | Software UpdateFigure 12-1Administration Screen 12-3 Upload/CancelCurrent Software Revision Browse12-4 Software Update ProgressSoftware Update Success Software Update ErrorAdministration | System Reboot Administration | System Reboot12-5 Chapter 12 AdministrationFigure 12-6Administration | System Reboot Screen ConfigurationAction 12-6Apply/Cancel Administration | PingWhen to Reboot/Shutdown 12-7Success Ping Ping/CancelError Ping Address/Hostname to PingFigure 12-10Administration | Access Rights Screen Administration | Access RightsAdministration | Access Rights | Administrators 12-912-10 AdministratorPassword VerifySession Limit Administration | Access Rights | Access SettingsSession Idle Timeout Encrypt Config File12-12 Administration | File ManagementView Save Delete12-13 Swap Config FilesConfig File Upload via HTTP OK/CancelUpload/Cancel Local Config File/BrowseFile Upload Progress 12-14File Upload Success File Upload Error12-15 Certificate Management Enrolling and Installing Digital Certificates12-16 12-17 12-18 12-19 Installing CA Certificates ManuallyField Name Enrolling and Installing Identity CertificatesRecommended Content AbbrevVerify Challenge Password 12-2112-22 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The VPN 3002 sends the certificate request to the CA 12-2312-24 Step 5 Fill in the fields and click Enroll. For information on the fields on this screen, see Table 12-1.The Manager displays the Administration | Certificate Management | Enrollment | Request Generated screen. See Figure 12-25Certificate Obtained via Enrollment Screen 12-2612-27 Obtaining SSL Certificates 12-29 Enabling Digital Certificates on the VPN12-30 Deleting Digital CertificatesCertificate Authority Administration | Certificate Management12-31 Fields ContentCertificate Authorities Table Identity Certificates Table12-33 SSL Certificate Table GenerateFields 12-34Content Subject/IssuerContent Enrollment Status TableRemove All 12-35Status 12-36Content Field12-37 Administration | Certificate Management | EnrollIdentity Certificate SSL CertificateEnroll via SCEP at Name of SCEP CA Install a New SA Using SCEP before EnrollingType Enroll via PKCS10 Request ManualFields Enroll / Cancel12-39 Chapter 12 Administration Go to Certificate ManagementGo to Certificate Enrollment 12-4012-41 Go to Certificate InstallationFields VPN 3002 Hardware Client Reference 12-42Enroll / Cancel Chapter 12 AdministrationFields CancelEnroll 12-43Install Certificate Obtained via Enrollment Administration | Certificate Management | InstallInstall CA Certificate Install SSL Certificate with Private KeyEnrollment Status Table 12-45Certificate Obtained via Enrollment Screen 12-46 SCEP Simple Certificate Enrollment ProtocolCut & Paste Text Upload File from WorkstationCA Descriptor Retrieve / Cancel12-47 Password Install / CancelCertificate Text 12-48Install / Cancel Filename / Browse12-49 PasswordAdministration | Certificate Management | View Administration | Certificate Management | View12-50 Chapter 12 AdministrationField Certificate Fields12-51 ContentField Back12-52 ContentCertificate Administration | Certificate Management |Configure CA Certificate SCEP ConfigurationApply / Cancel Administration | Certificate Management | RenewalPolling Limit 12-54Renewal Type Challenge PasswordVerify Challenge Password Renew / CancelGo to Certificate Management 12-56Go to Certificate Installation Status12-57 Administration | Certificate Management | DeleteFields Administration | Certificate Management | View Enrollment RequestYes / No 12-58Field Enrollment Request Fields12-59 ContentContent Cancel Enrollment Request12-60 Administration Certificate ManagementFields Delete Enrollment Request12-61 Administration | Certificate Management |To delete this enrollment request, click Yes 12-62Fields Yes / NoFigure 13-1Monitoring Screen Monitoring13-1 C H A P T E RAddress Monitoring | Routing TableClear Routes Valid RoutesMetric Monitoring | Filterable Event Log13-3 Client IP Address Select Filter OptionsEvent Class SeveritiesThere is no undo Event Log FormatGet Log Clear LogEvent Class/Number Monitoring | Live Event LogEvent Time Event SeverityRestart TimerPause Display/Resume Display Clear Display13-8 ResetRestore Monitoring | System StatusSoftware Rev Bootcode RevRefresh VPN Client TypeSecurity Associations AuthenticationTunnel Established to Duration13-11 Front PanelBack Panel OtherBack 13-12Restore RefreshTx Multicast Rx UnicastTx Unicast Rx MulticastUsername Cisco IP Phone Bypass Enabled/DisabledLogin Time Monitoring | User Status13-15 Monitoring | StatisticsRestore Monitoring Statistics IPSec13-16 ResetReceived Bytes IKE Phase 1 StatisticsActive Tunnels Total TunnelsInvalid Phase-2Exchanges Sent Received Phase-2ExchangesSent Phase-2Exchanges Invalid Phase-2Exchanges ReceivedFailed Initiated Tunnels Phase-2SA Delete Requests SentAuthentication Failures Initiated TunnelsActive Tunnels IPSec Phase 2 StatisticsReceived Packets Dropped Anti-Replay 13-20Failed Outbound Authentications Inbound AuthenticationsFailed Inbound Authentications Outbound AuthenticationsSystem Capability Failures Monitoring Statistics HTTPProtocol Use Failures 13-22Peak Octets Sent/ReceivedPackets Sent/Received Packets Sent Sockets/SessionsMax Connections Login NameLogin Time HTTP SessionsReset Monitoring | Statistics | TelnetActive Sessions 13-25Telnet Sessions Inbound Octets CommandAttempted Sessions Successful Sessions13-27 Monitoring | Statistics | DNSRequests ResponsesOther Failures TimeoutsMonitoring | Statistics | SSL Server UnreachableEncrypted Outbound Octets Unencrypted Inbound OctetsEncrypted Inbound Octets Unencrypted Outbound Octets13-30 Monitoring | Statistics | DHCPActive Leases Maximum Active LeasesTime Left Pool StartPool End Leased IP AddressRestore Monitoring | Statistics | SSH13-32 ResetLogin Name SSH SessionsRemote IP Address:Port 13-33Reset Monitoring | Statistics | NATPackets In/Out 13-34Translations Total NAT SessionsTranslations Active Translations PeakReset Monitoring | Statistics | PPPoETranslated Bytes/Packets 13-36User Name PPPoE Access ConcentratorPADI Timeouts PADR TimeoutsMalformed Packets Rx Generic Errors RxPADT Rx PADT Tx13-39 Monitoring | Statistics | MIB-IIRestore Monitoring | Statistics | MIB-II| Interfaces13-40 ResetMulticast Out Unicast InUnicast Out Multicast InReset Monitoring | Statistics | MIB-II| TCP/UDPTCP Segments Received 13-42TCP Segments Retransmitted TCP Timeout MinTCP Timeout Max TCP Segments TransmittedUDP Datagrams Received TCP Established ResetsUDP Errored Datagrams TCP Current EstablishedRestore Monitoring | Statistics | MIB-II| IP13-45 ResetPackets Received Unknown Protocols Packets Received Header ErrorsPackets Received Address Errors Packets Received TotalOutbound Packets with No Route Fragments Needing ReassemblyReassembly Successes Reassembly FailuresReset Monitoring Statistics MIB-II ICMPTotal Received/Transmitted 13-48Time Exceeded Received/Transmitted Errors Received/TransmittedParameter Problems Received/Transmitted Destination Unreachable Received/TransmittedAddress Mask Replies Received/Transmitted Timestamp Requests Received/TransmittedTimestamp Replies Received/Transmitted Address Mask Requests Received/TransmittedChapter 13 Monitoring Monitoring | Statistics | MIB-II| ARP Table13-51 Refresh13-52 Physical AddressMapping Type Action/DeleteRestore Monitoring | Statistics | MIB-II| Ethernet13-53 ResetSQE Test Errors Alignment ErrorsFCS Errors Carrier Sense ErrorsSpeed Mbps MAC Errors: TransmitMAC Errors: Receive Excessive Collisions13-56 Monitoring | Statistics | MIB-II| SNMPRequests Received Bad VersionProxy Drops Parsing ErrorsBad Community String Silent DropsVPN 3002 Hardware Client Reference 13-58Chapter 13 Monitoring Monitoring | Statistics | MIB-II| SNMP14-1 Using the Command-LineInterfaceAccessing the Command-lineInterface Console AccessTelnet or Telnet/SSL access Starting the Command-lineInterface14-2 14-3 Using the Command-lineInterfaceChoosing Menu Items Entering ValuesNavigating Quickly Using Shortcut Numbers14-4 Getting Help Information Using Back and Home14-5 14-6 Saving the Configuration FileStopping the Command-lineInterface Understanding Access RightsMenu Reference 1Configuration1.1 Configuration > Quick Configuration 1.2 Configuration > Interface Configuration1.3.1Configuration > System Management > Servers 1.3Configuration > System Management1.4Configuration > Policy Management 2Administration2.1 Administration > Software Update 14-10 2.2Administration > System Reboot2.3Administration > Ping 2.4Administration Access Rights2.6Administration > Certificate Management 2.5 Administration > File Management3 Monitoring 3.3 Monitoring > System Status 3.1 Monitoring > Routing Table3.2Monitoring > Event Log 3.2.2 Monitoring > Event Log > View Event Log3.5Monitoring > General Statistics 3.4 Monitoring > User StatusCrash Dump File Troubleshooting and System ErrorsFiles for Troubleshooting Event LogsCrash Dump File LED IndicatorsConfiguration Files VPN 3002 Front LEDsVPN 3002 Rear LEDs System ErrorsProblem or Symptom Possible Solutionon Connect Now Settings on the VPN ConcentratorSeries Concentrator Reference Volume the VPN 3002 Hardware Client User ReferenceInvalid Login or Session Timeout VPN 3002 Hardware Client Manager ErrorsManager Logs Out ProblemSolution LoginPossible cause Error MessageIncorrect Display Back or Forward onPossible cause Not Allowed MessageProblem SolutionSolution Not Foundinterface supported ProblemProblem Command-lineInterface ErrorsError A-10I N D E NumericsIN-1 help command See CLIIN-2 errors A-10IN-3 IN-4 IN-5 IN-6 IN-7 IN-8 See also tunnelIN-9 IN-10 IN-11 OL-1893-01 IN-12Index VPN 3002 Hardware Client Reference