Cisco 3002 - VPN Hardware Client User's Guide

Browse online or download User's Guide for Networking Cisco 3002 - VPN Hardware Client. Cisco 3002 - VPN Hardware Client User guide User Manual

  • Download
  • Add to my manuals
  • Print
  • Page
    / 220
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews

Summary of Contents

Page 1 - User Guide

170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comCisco Systems, Inc.Corporate HeadquartersTel:800 553-NETS (6387)408 526-4000Fax: 40

Page 3 - CONTENTS

10 General10-2VPN 3002 Hardware Client User GuideConfiguration | System | General | IdentificationThis screen lets you configure system identification

Page 4 - 9 Events

Configuration | System | General | Time and Date10-3VPN 3002 Hardware Client User GuideConfiguration | System | General | Time and DateThis screen let

Page 6

11 - 1VPN 3002 Hardware Client User GuideCHAPTER11Policy ManagementThe VPN 3002 works in either of two modes: Client mode or Network Extension mode. P

Page 7

11 Policy Management11- 2VPN 3002 Hardware Client User GuideVPN 3000 Series Concentrator settings required for PATFor the VPN 3002 to use PAT, these

Page 8 - Contents—Table of contents

Configuration | Policy Management11 - 3VPN 3002 Hardware Client User Guide5 If you want the VPN 3002 to be able to reach devices on other networks tha

Page 9 - Contents

Configuration | Policy Management | Traffic Management | PATThe Configuration | Policy Management | Traffic Management | PAT screen displays.Figure 11

Page 10

Configuration | Policy Management | Traffic Management | PAT | Enable11 - 5VPN 3002 Hardware Client User GuideApply / CancelTo enable or disable PAT,

Page 12 - Additional documentation

12-1VPN 3002 Hardware Client User GuideCHAPTER12AdministrationAdministering the VPN 3002 involves activities that keep the system operational and secu

Page 13 - Obtaining documentation

xiVPN 3002 Hardware Client User GuidePrefaceAbout this manualThe VPN 3002 Hardware Client User Guide provides guidelines for configuring the Cisco VPN

Page 14 - Technical Assistance Center

12 Administration12-2VPN 3002 Hardware Client User GuideFigure 12-1: Administration screen Administration | Software UpdateThis section of the Manage

Page 15 - Other references

Administration | Software Update12-3VPN 3002 Hardware Client User GuideFigure 12-2: Administration | Software Update screen Current Software Revision

Page 16 - Data formats

12 Administration12-4VPN 3002 Hardware Client User GuideSoftware Update ProgressThis window shows the progress of the software upload. It refreshes th

Page 17 - Port numbers

Administration | System Reboot12-5VPN 3002 Hardware Client User GuideAdministration | System RebootThis screen lets you reboot or shutdown (halt) the

Page 18

12 Administration12-6VPN 3002 Hardware Client User GuideShutdown without automatic reboot = Shut down the VPN 3002; that is, bring the system to a hal

Page 19 - Browser requirements

Administration | Ping12-7VPN 3002 Hardware Client User GuideAdministration | PingThis screen lets you use the ICMP ping (Packet Internet Groper) utili

Page 20 - Navigation toolbar

12 Administration12-8VPN 3002 Hardware Client User GuideError (Ping)If the system is unreachable for any reason—host down, ICMP not running on host, r

Page 21

Administration | Access Rights | Administrators12-9VPN 3002 Hardware Client User GuideAdministration | Access Rights | AdministratorsAdministrators ar

Page 22 - Install SSL Certificate link

12 Administration12-10VPN 3002 Hardware Client User GuidePasswordEnter or edit the unique password for this administrator. Maximum is 31 characters. T

Page 23

Administration | File Management12-11VPN 3002 Hardware Client User GuideSession Idle TimeoutEnter the idle timeout period in seconds for administrativ

Page 24 - Next to continue

PrefacexiiVPN 3002 Hardware Client User GuideChapter 7, IP Routing explains how to configure static routes, default gateways, and DHCP parameters and

Page 25

12 Administration12-12VPN 3002 Hardware Client User GuideView FilesView Files lets you view or delete configuration, crash dump, and saved log files.

Page 26 - Security Alert screen

Administration | File Management | Swap Config Files12-13VPN 3002 Hardware Client User GuideSave Target As..., Save Link As... = Save a copy of the fi

Page 27

12 Administration12-14VPN 3002 Hardware Client User GuideFigure 12-16: Administration | File Management | Config File Upload screen Local Config File

Page 28 - First-time installation

Administration | Certificate Management12-15VPN 3002 Hardware Client User GuideFile Upload SuccessThe Manager displays this screen to confirm that the

Page 29

12 Administration12-16VPN 3002 Hardware Client User GuideCAs issue root certificates (also known as trusted or signing certificates). They may also is

Page 30

Administration | Certificate Management | Enrollment12-17VPN 3002 Hardware Client User Guidea Install the root certificate on the VPN 3002 first.b The

Page 31

12 Administration12-18VPN 3002 Hardware Client User GuideFigure 12-21: Administration | Certificate Management | Enrollment screen Common Name (CN)En

Page 32

Administration | Certificate Management | Enrollment12-19VPN 3002 Hardware Client User GuideLocality (L)Enter the city or town where this VPN3002 is l

Page 33

12 Administration12-20VPN 3002 Hardware Client User GuideAdministration | Certificate Management | Enrollment | Request GeneratedThe Manager displays

Page 34

Administration | Certificate Management | Installation12-21VPN 3002 Hardware Client User Guide6 Repeat the previous step for any subordinate certifica

Page 35

Documentation on VPN software distribution CDsxiiiVPN 3002 Hardware Client User GuideDocumentation on VPN software distribution CDsThe VPN 3000 Concen

Page 36

12 Administration12-22VPN 3002 Hardware Client User GuideSSL Server (import with Private Key) = SSL certificate imported along with a private key from

Page 37 - Status bar

Administration | Certificate Management | Certificates12-23VPN 3002 Hardware Client User GuideAdministration | Certificate Management | CertificatesTh

Page 38 - Top frame (Manager toolbar)

12 Administration12-24VPN 3002 Hardware Client User GuideExpirationThe expiration date of the certificate. Format is MM/DD/YYYY.Actions/View/DeleteTo

Page 39 - Save Needed

Administration | Certificate Management | Certificates | View12-25VPN 3002 Hardware Client User GuideIssuerThe CA or other entity (jurisdiction) that

Page 40 - Main frame (Manager screen)

12 Administration12-26VPN 3002 Hardware Client User GuidePublic Key TypeThe algorithm and size of the public key that the CA or other issuer used in g

Page 41

Administration | Certificate Management | Certificates | Delete12-27VPN 3002 Hardware Client User GuideAdministration | Certificate Management | Certi

Page 43

13-1VPN 3002 Hardware Client User GuideCHAPTER13MonitoringThe VPN 3002 tracks many statistics and the status of many items essential to system adminis

Page 44

13 Monitoring13-2VPN 3002 Hardware Client User GuideMonitoring | Routing TableThis screen shows the VPN3002 routing table at the time the screen displ

Page 45 - Interfaces

Monitoring | Filterable Event Log13-3VPN 3002 Hardware Client User GuideNext HopFor remote routes, the IP address of the next system in the path to th

Page 46

PrefacexivVPN 3002 Hardware Client User GuideDocumentation feedbackIf you are reading Cisco product documentation on the World Wide Web, you can submi

Page 47 - Subnet Mask

13 Monitoring13-4VPN 3002 Hardware Client User GuideFigure 13-3: Monitoring | Filterable Event Log screen Select Filter OptionsYou can select any or

Page 48 - MAC Address

Monitoring | Filterable Event Log13-5VPN 3002 Hardware Client User GuideSeveritiesTo display all events of a single severity level, click the drop-dow

Page 49 - DHCP Client

13 Monitoring13-6VPN 3002 Hardware Client User GuideAll four Page buttons are also present at the bottom of the screen.Get Log To download the event l

Page 50 - 3 Interfaces

Monitoring | Filterable Event Log13-7VPN 3002 Hardware Client User GuideAlthough numbering restarts at 1 when the system powers up, it does not overwr

Page 51 - System Configuration

13 Monitoring13-8VPN 3002 Hardware Client User GuideMonitoring | Live Event LogThis screen shows events in the current event log and automatically upd

Page 52

Monitoring | System Status13-9VPN 3002 Hardware Client User GuideClear DisplayTo clear the event display, click Clear Display. This action does not cl

Page 53

13 Monitoring13-10VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date and time indicate when the scre

Page 54 - Tertiary DNS Server

Monitoring | System Status13-11VPN 3002 Hardware Client User GuideTunnel Established to:The IP address of the VPN 3000 Concentrator to which this VPN

Page 55 - Timeout Retries

13 Monitoring13-12VPN 3002 Hardware Client User GuideFront PanelThe front panel image is an inactive link.Back PanelThe back panel image includes acti

Page 56

Monitoring | System Status | Private/Public Interface13-13VPN 3002 Hardware Client User GuidePublic interfaceIP AddressThe IP address configured on th

Page 57 - Tunneling

Other referencesxvVPN 3002 Hardware Client User Guidehttp://www.cisco.com/tacP3 and P4 level problems are defined as follows:• P3—Your network perform

Page 58

13 Monitoring13-14VPN 3002 Hardware Client User GuideRx BroadcastThe number of broadcast packets that were received by this interface since the VPN 30

Page 59 - Use Certificate

Monitoring | Statistics | IPSec13-15VPN 3002 Hardware Client User GuideMonitoring | Statistics | IPSecThis screen shows statistics for IPSec activity—

Page 60

13 Monitoring13-16VPN 3002 Hardware Client User GuideActive TunnelsThe number of currently active IKE control tunnels.Total TunnelsThe cumulative tota

Page 61 - IP Routing

Monitoring | Statistics | IPSec13-17VPN 3002 Hardware Client User GuideReceived Phase-2 ExchangesThe cumulative total of IPSec Phase-2 exchanges recei

Page 62 - Add / Modify / Delete

13 Monitoring13-18VPN 3002 Hardware Client User GuideFailed Initiated TunnelsThe cumulative total of IKE tunnels that this VPN 3002 initiated and that

Page 63 - Add or Modify

Monitoring | Statistics | IPSec13-19VPN 3002 Hardware Client User GuideReceived BytesThe cumulative total of bytes (octets) received by all currently

Page 64 - Add or Apply / Cancel

13 Monitoring13-20VPN 3002 Hardware Client User GuideOutbound AuthenticationsThe cumulative total of outbound individual packet authentications perfor

Page 65 - Default Gateway

Monitoring | Statistics | HTTP13-21VPN 3002 Hardware Client User GuideMonitoring | Statistics | HTTPThis screen shows statistics for HTTP activity on

Page 66 - Address Pool Start/End

13 Monitoring13-22VPN 3002 Hardware Client User GuideMax ConnectionsThe maximum number of HTTP connections that have been simultaneously active on the

Page 67 - DHCP Option

Monitoring | Statistics | DNS13-23VPN 3002 Hardware Client User GuideTelnet SessionsThis table shows statistics for active Telnet sessions on the VPN

Page 68

Documentation conventionsWe use these typographic conventions in this manual:Data formatsAs you configure and manage the system, enter data in these f

Page 69 - Management Protocols

13 Monitoring13-24VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date and time indicate when the scre

Page 70 - Enable HTTP

Monitoring | Statistics | SSL13-25VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date and time indica

Page 71

13 Monitoring13-26VPN 3002 Hardware Client User GuideMonitoring | Statistics | DHCPThis screen shows statistics for DHCP (Dynamic Host Configuration P

Page 72 - Telnet/SSL Port

Monitoring | Statistics | SSH13-27VPN 3002 Hardware Client User GuideMonitoring | Statistics | SSHThis screen shows statistics for SSH (Secure Shell)

Page 73 - Maximum Connections

13 Monitoring13-28VPN 3002 Hardware Client User GuideMonitoring | Statistics | MIB-IIThis section of the Manager lets you view statistics that are rec

Page 74 - Maximum Queued Requests

Monitoring | Statistics | MIB-II | Interfaces13-29VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date

Page 75 - SNMP Communities

13 Monitoring13-30VPN 3002 Hardware Client User GuideBroadcast InThe number of broadcast packets that were received by this interface. Broadcast packe

Page 76 - Communities

Monitoring | Statistics | MIB-II | TCP/UDP13-31VPN 3002 Hardware Client User GuideTCP Segments RetransmittedThe total number of segments retransmitted

Page 77 - Community String

13 Monitoring13-32VPN 3002 Hardware Client User GuideUDP Datagrams ReceivedThe total number of UDP datagrams received. Datagram is the official UDP na

Page 78 - Encryption Protocols

Monitoring | Statistics | MIB-II | IP13-33VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date and tim

Page 79 - SSL Version

Data formatsxviiVPN 3002 Hardware Client User GuideFilenamesFilenames on the VPN 3002 follow the DOS 8.3 naming convention: a maximum of eight charact

Page 80

13 Monitoring13-34VPN 3002 Hardware Client User GuideOutbound Packets with No RouteThe number of outbound IP data packets discarded because no route c

Page 81 - Key Regeneration Period

Monitoring | Statistics | MIB-II | ICMP13-35VPN 3002 Hardware Client User GuideMonitoring | Statistics | MIB-II | ICMPThis screen shows statistics in

Page 82

13 Monitoring13-36VPN 3002 Hardware Client User GuideTime Exceeded Received / TransmittedThe number of ICMP Time Exceeded messages received / sent. Ti

Page 83 - Event class

Monitoring | Statistics | MIB-II | ARP Table13-37VPN 3002 Hardware Client User GuideAddress Mask Requests Received / TransmittedThe number of ICMP Add

Page 84

13 Monitoring13-38VPN 3002 Hardware Client User GuideInterfaceThe VPN 3002 network interface on which this mapping applies: Private Interface.Public I

Page 85 - (*Cisco-specific event class)

Monitoring | Statistics | MIB-II | Ethernet13-39VPN 3002 Hardware Client User GuideMonitoring | Statistics | MIB-II | EthernetThis screen shows statis

Page 86 - Event severity level

13 Monitoring13-40VPN 3002 Hardware Client User GuideSQE Test ErrorsThe number of times that the SQE (Signal Quality Error) Test Error message was gen

Page 87 - Event log

Monitoring | Statistics | MIB-II | SNMP13-41VPN 3002 Hardware Client User GuideSpeed (Mbps)This interface’s nominal bandwidth in megabits per second.D

Page 88 - Syslog Format

13 Monitoring13-42VPN 3002 Hardware Client User GuideBad Community StringThe total number of SNMP messages received that used an SNMP community string

Page 89 - Severity to Trap

14-1VPN 3002 Hardware Client User GuideCHAPTER14Using the Command Line InterfaceThe VPN 3002 Hardware Client Command Line Interface (CLI) is a menu- a

Page 91 - Class Name

14 Using the Command Line Interface14-2VPN 3002 Hardware Client User GuideTelnet or Telnet/SSL accessTo access the CLI via a Telnet or Telnet/SSL clie

Page 92

Using the CLI14-3VPN 3002 Hardware Client User GuideUsing the CLI This section explains how to:• Choose menu items.• Enter values for parameters and o

Page 93 - Trap Destinations

14 Using the Command Line Interface14-4VPN 3002 Hardware Client User GuideNavigating quickly through the CLI There are two ways to move quickly throug

Page 94

Using the CLI14-5VPN 3002 Hardware Client User Guide> Which Administrator to ModifyAdmin ->As a shortcut, you can just enter 2.4.1.1 at the Main

Page 95 - Community

14 Using the Command Line Interface14-6VPN 3002 Hardware Client User GuideGetting Help Information To display a brief help message, enter 5 at the mai

Page 96 - Syslog Servers

CLI menu reference14-7VPN 3002 Hardware Client User GuideStopping the CLI To stop the CLI, navigate to the main menu and enter 6 for Exit at the promp

Page 97 - Facility

14 Using the Command Line Interface14-8VPN 3002 Hardware Client User GuideMain menu1) Configuration2) Administration3) Monitoring4) Save changes to Co

Page 98

CLI menu reference14-9VPN 3002 Hardware Client User Guide1.2 Configuration > System Management1) Servers (DNS)2) Tunneling Protocols (IPSec)3) IP R

Page 99

14 Using the Command Line Interface14-10VPN 3002 Hardware Client User Guide1.2.5 Configuration > System Management > Event Configuration1) Gener

Page 100 - Apply / Cancel

CLI menu reference14-11VPN 3002 Hardware Client User Guide2.2 Administration > System Reboot1) Cancel Scheduled Reboot/Shutdown2) Schedule Reboot3)

Page 101 - Enable DST Support

1-1VPN 3002 Hardware Client User GuideCHAPTER1Using the VPN 3002 Hardware Client ManagerThe VPN 3002 Hardware Client Manager is an HTML-based interfac

Page 102

14 Using the Command Line Interface14-12VPN 3002 Hardware Client User Guide2.4.1 Administration > Access Rights > AdministratorsAdmin -> 1

Page 103 - Policy Management

CLI menu reference14-13VPN 3002 Hardware Client User Guide2.5.5 Administration > File Management > Swap Configuration FileEvery time the active

Page 104 - Network Extension mode

14 Using the Command Line Interface14-14VPN 3002 Hardware Client User Guide2.6.4 Administration > Certificate Management > Identity Certificates

Page 105 - Traffic Management

CLI menu reference14-15VPN 3002 Hardware Client User Guide3.1 Monitoring > Routing TableRouting Table..’q’ to Quit, ’<SPACE>’ to Continue -&g

Page 106 - PAT

14 Using the Command Line Interface14-16VPN 3002 Hardware Client User Guide3.4 Monitoring > General Statistics1) Protocol Statistics2) Server Stati

Page 107

APPENDIXA-1VPN 3002 Hardware Client Getting StartedAErrors and troubleshootingThis appendix describes files for troubleshooting the VPN 3002, LED indi

Page 108

A Errors and troubleshootingA-2VPN 3002 Hardware Client Getting Startedbuffers, timers, etc., which help Cisco support engineers diagnose the problem.

Page 109 - Administration

Errors on the systemA-3VPN 3002 Hardware Client Getting StartedErrors on the systemIf you have configured the VPN 3002, and you are unable to connect

Page 110 - 12 Administration

A Errors and troubleshootingA-4VPN 3002 Hardware Client Getting StartedSettings on the VPN 3000 Series ConcentratorIf your VPN 3002 experiences connec

Page 111 - Upload / Cancel

VPN 3002 Hardware Client Manager errorsA-5VPN 3002 Hardware Client Getting StartedVPN 3002 Hardware Client Manager errorsThese errors may occur while

Page 112 - Software Update Error

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMM

Page 113

1 Using the VPN 3002 Hardware Client Manager1-2VPN 3002 Hardware Client User Guide• Internet Explorer 4.0:– On the View menu, select Internet Options.

Page 114 - When to Reboot/Shutdown

A Errors and troubleshootingA-6VPN 3002 Hardware Client Getting StartedInvalid Login or Session TimeoutThe Manager displays the Invalid Login or Sessi

Page 115 - Administration

VPN 3002 Hardware Client Manager errorsA-7VPN 3002 Hardware Client Getting StartedError / An error has occurred while attempting to perform...The Mana

Page 116 - Error (Ping)

A Errors and troubleshootingA-8VPN 3002 Hardware Client Getting StartedNot Found/An error has occurred while attempting to access...The Manager displa

Page 117 - Administrator

VPN 3002 Hardware Client Manager errorsA-9VPN 3002 Hardware Client Getting StartedMicrosoft Internet Explorer Script Error: No such interface supporte

Page 118 - Password

A Errors and troubleshootingA-10VPN 3002 Hardware Client Getting StartedCommand Line Interface errorsThese errors may occur while using the menu-based

Page 119 - Encrypt Config File

BCopyrights, licenses, and noticesSoftware License Agreement of Cisco Systems, Inc.CISCO SYSTEMS, INC. IS WILLING TO LICENSE TO YOU THE SOFTWARE CONTA

Page 120 - Config File Upload

4. You may permanently transfer the Software and accompanying written materials (including the most recent update and all prior versions) only in conj

Page 121 - OK / Cancel

16. This Agreement is governed by the laws of the State of Massachusetts.17. If you have any questions concerning this Agreement or wish to contact Ci

Page 122 - File Upload Progress

DHCP clientCopyright © 1995, 1996, 1997 The Internet Software Consortium.All rights reserved.Redistribution and use in source and binary forms, with o

Page 123 - File Upload Error

Portions Copyright © 1993 by Digital Equipment Corporation.Permission to use, copy, modify, and distribute this software for any purpose with or witho

Page 124

Recommended PC monitor / display settings1-3VPN 3002 Hardware Client User GuideRecommended PC monitor / display settingsFor best ease of use, we recom

Page 125 - Common Name (CN)

NRL grants permission for redistribution and use in source and binary forms, with or without modification, of the software and documentation created a

Page 126 - Organization (O)

Outline style table of contents in JavaScript OUTLINE STYLE TABLE OF CONTENTS in JAVASCRIPT, Version 3.0by Danny Goodman ([email protected])Analyzed a

Page 127

Client SNMPCopyright © 1996, 1997 by Westhawk Ltd. (www.westhawk.co.uk)Permission to use, copy, modify, and distribute this software for any purpose a

Page 128 - Request Generated

- Feb 1991 [email protected] number of conversation slotsallow zero or one slotsseparate routinesstatus displayTelnet serverCopyrig

Page 130 - Certificate Text

INDEXIndex-1VPN 3002 Hardware Client User GuideIndexAabout this manual xiaccess rights section, administration 12-8access settings, general, for admin

Page 131 - Subject / Issuer

IndexIndex-2VPN 3002 Hardware Client User Guideconventionsdocumentation xvitypographic xvicookies, requirements 1-2copyrights and licenses B-1crash, s

Page 132 - Actions/View/Delete

IndexIndex-3VPN 3002 Hardware Client User Guidedata xvihostnames xviIP addresses xviMAC addresses xviport numbers xviisubnet masks xvitext strings xvi

Page 133 - Signing Algorithm

IndexIndex-4VPN 3002 Hardware Client User Guideleft frame (table of contents) 1-22main frame 1-22mouse pointer and tips 1-20status bar 1-19title bar 1

Page 134

IndexIndex-5VPN 3002 Hardware Client User Guideversion info 12-3, 13-10speed, configuring Ethernet interface 3-6SSHconfiguring internal server 8-12hos

Page 135 - Yes / No

1 Using the VPN 3002 Hardware Client Manager1-4VPN 3002 Hardware Client User GuideHTTPS is often confused with a similar protocol, S-HTTP (Secure HTTP

Page 136

IndexIndex-6VPN 3002 Hardware Client User Guideusing the VPN Concentrator Manager 1-1Vviewing SSL certificateswith Internet Explorer 1-8with Netscape

Page 137 - Monitoring

Installing the SSL certificate in your browser1-5VPN 3002 Hardware Client User GuideYou need to install the SSL certificate from a given VPN 3002 only

Page 138 - Monitoring

1 Using the VPN 3002 Hardware Client Manager1-6VPN 3002 Hardware Client User GuideFigure 1-5: Internet Explorer Certificate Manager Import Wizard dia

Page 139 - Protocol

Installing the SSL certificate in your browser1-7VPN 3002 Hardware Client User GuideFigure 1-7: Internet Explorer Certificate Manager Import Wizard d

Page 140 - Select Filter Options

1 Using the VPN 3002 Hardware Client Manager1-8VPN 3002 Hardware Client User GuideFigure 1-10: Internet Explorer Security Alert dialog box 11 Click O

Page 141 - Last Page

Installing the SSL certificate in your browser1-9VPN 3002 Hardware Client User GuideFigure 1-12: Internet Explorer 4.0 Certificate Properties screen

Page 142 - Event log format

1 Using the VPN 3002 Hardware Client Manager1-10VPN 3002 Hardware Client User GuideReinstallationYou need to install the SSL certificate from a given

Page 143

Installing the SSL certificate in your browser1-11VPN 3002 Hardware Client User GuideFigure 1-16: Netscape New Certificate Authority screen 2 2 Click

Page 144 - Monitoring

iiiVPN 3002 Hardware Client User GuideCONTENTSTable of contentsTable of contentsPrefaceAbout this manual . . . . . . . . . . . . . . . . . . . . . .

Page 145 - Monitoring

1 Using the VPN 3002 Hardware Client Manager1-12VPN 3002 Hardware Client User GuideFigure 1-18: Netscape New Certificate Authority screen 4 4 You mus

Page 146 - 13 Monitoring

Installing the SSL certificate in your browser1-13VPN 3002 Hardware Client User GuideFigure 1-20: Netscape New Certificate Authority screen 6 6 In th

Page 147 - Security Associations:

1 Using the VPN 3002 Hardware Client Manager1-14VPN 3002 Hardware Client User GuideFigure 1-22: VPN 3002 Hardware Client Manager login screen using H

Page 148 - Back Panel

Installing the SSL certificate in your browser1-15VPN 3002 Hardware Client User GuideFigure 1-23: Netscape Security Info window Click View Certificat

Page 149

1 Using the VPN 3002 Hardware Client Manager1-16VPN 3002 Hardware Client User GuideFigure 1-25: Netscape Certificates Signers list Select a certifica

Page 150 - Monitoring

Logging in the VPN 3002 Hardware Client Manager1-17VPN 3002 Hardware Client User GuideFigure 1-26: VPN Hardware Client Manager HTTPS login screenLogg

Page 151 - IKE (Phase 1) Statistics

1 Using the VPN 3002 Hardware Client Manager1-18VPN 3002 Hardware Client User GuideFigure 1-27: Manager Main Welcome screen From here you can navigat

Page 152

Understanding the VPN 3002 Hardware Client Manager window1-19VPN 3002 Hardware Client User GuideUnderstanding the VPN 3002 Hardware Client Manager win

Page 153

1 Using the VPN 3002 Hardware Client Manager1-20VPN 3002 Hardware Client User GuideMouse pointer and tipsAs you move the mouse pointer over an active

Page 154 - IPSec (Phase 2) Statistics

Understanding the VPN 3002 Hardware Client Manager window1-21VPN 3002 Hardware Client User [email protected] this link to open your configured e

Page 155

Contents—Table of contentsivVPN 3002 Hardware Client User Guide5ServersConfiguration | System | Servers . . . . . . . . . . . . . . . . . . . . . .

Page 156

1 Using the VPN 3002 Hardware Client Manager1-22VPN 3002 Hardware Client User Guideconfiguration automatically when you reach the Done screen, and the

Page 157

Navigating the VPN 3002 Hardware Client Manager1-23VPN 3002 Hardware Client User Guide– System: parameters for system-wide functions such as server ac

Page 159 - Monitoring

2-1VPN 3002 Hardware Client User GuideCHAPTER2ConfigurationConfiguring the VPN 3002 means setting all the parameters that govern its use and functiona

Page 161

3-1VPN 3002 Hardware Client User GuideCHAPTER3InterfacesThis section of the VPN 3002 Hardware Client Manager applies functions that are interface-spec

Page 162

3 Interfaces3-2VPN 3002 Hardware Client User GuideFigure 3-1: VPN 3002-8E Configuration | Interfaces screenTo configure a module, either click the ap

Page 163 - Monitoring

Configuration | Interfaces | Private3-3VPN 3002 Hardware Client User GuideIP AddressThe IP address configured on this interface.Subnet MaskThe subnet

Page 164

3 Interfaces3-4VPN 3002 Hardware Client User GuideIf the interface is configured but disabled (offline), the appropriate Ethernet Link Status LED blin

Page 165

Configuration | Interfaces | Public3-5VPN 3002 Hardware Client User GuideApply / CancelTo apply your settings to the system and include them in the ac

Page 166 - TCP Segments Transmitted

Contents—Table of contentsvVPN 3002 Hardware Client User GuideConfiguration | System | Events | Syslog Servers | Add or Modify . . . . . . . . . . .

Page 167 - -1 means there

3 Interfaces3-6VPN 3002 Hardware Client User GuideIP AddressEnter the IP address for this interface, using dotted decimal notation (e.g., 192.168.12.3

Page 168 - UDP No Port

4-1VPN 3002 Hardware Client User GuideCHAPTER4System ConfigurationSystem configuration means configuring parameters for system-wide functions in the V

Page 170

5-1VPN 3002 Hardware Client User GuideCHAPTER5ServersConfiguring servers means identifying them to the VPN 3002 so it can communicate with them correc

Page 171 - Errors Received / Transmitted

5 Servers5-2VPN 3002 Hardware Client User GuideFigure 5-2: Configuration | System | Servers | DNS screen EnabledTo use DNS functions, check Enabled (

Page 172

Configuration | System | Servers | DNS5-3VPN 3002 Hardware Client User GuideTimeout PeriodEnter the initial time in seconds to wait for a response to

Page 174 - Action / Delete

6-1VPN 3002 Hardware Client User GuideCHAPTER6TunnelingTunneling is the heart of virtual private networking. The tunnels make it possible to use a pub

Page 175 - Carrier Sense Errors

6 Tunneling6-2VPN 3002 Hardware Client User GuideConfiguration | System | Tunneling ProtocolsThis section lets you configure the IPSec tunneling proto

Page 176

Configuration | System | Tunneling Protocols | IPSec6-3VPN 3002 Hardware Client User Guide• Mode Configuration (also known as ISAKMP Configuration Met

Page 177 - Bad Version

Contents—Table of contentsviVPN 3002 Hardware Client User GuideMonitoring | Filterable Event Log . . . . . . . . . . . . . . . . . . . . . . . . . .

Page 178 - Proxy Drops

VerifyIn the Group Verify field, re-enter the group password to verify it. The field displays only asterisks.UserYou must also enter a username and pa

Page 179 - Accessing the CLI

7-1VPN 3002 Hardware Client User GuideCHAPTER7IP RoutingThe VPN 3002 itself includes an IP routing subsystem with static routing, default gateways, an

Page 180 - Starting the CLI

7 IP Routing7-2VPN 3002 Hardware Client User GuideConfiguration | System | IP Routing | Static RoutesThis section of the Manager lets you configure st

Page 181 - Using the CLI

Configuration | System | IP Routing | Static Routes | Add or Modify7-3VPN 3002 Hardware Client User GuideConfiguration | System | IP Routing | Static

Page 182 - Using shortcut numbers

7 IP Routing7-4VPN 3002 Hardware Client User GuideDestinationClick a radio button to select the outbound destination for these packets. You can select

Page 183 - Using Back and Home

Configuration | System | IP Routing | DHCP7-5VPN 3002 Hardware Client User GuideDefault GatewayEnter the IP address of the default gateway or router.

Page 184 - Getting Help Information

7 IP Routing7-6VPN 3002 Hardware Client User GuideFigure 7-5: Configuration | System | IP Routing | DHCP screen EnabledCheck the box to enable the DH

Page 185 - CLI menu reference

Configuration | System | IP Routing | DHCP Options7-7VPN 3002 Hardware Client User GuideConfiguration | System | IP Routing | DHCP OptionsThis section

Page 186 - 1 Configuration

7 IP Routing7-8VPN 3002 Hardware Client User GuideConfiguration | System | IP Routing | DHCP Options | Add or ModifyThese screens let you Add a new DH

Page 187

8-1VPN 3002 Hardware Client User GuideCHAPTER8Management ProtocolsThe VPN 3002 Hardware Client includes various built-in servers, using various protoc

Page 189 - 2.3 Ping

8 Management Protocols8-2VPN 3002 Hardware Client User GuideConfiguration | System | Management Protocols | HTTP/HTTPSThis screen lets you configure a

Page 190

Configuration | System | Management Protocols | HTTP/HTTPS8-3VPN 3002 Hardware Client User GuideEnable HTTPSCheck the box to enable the HTTPS server.

Page 191

8 Management Protocols8-4VPN 3002 Hardware Client User GuideConfiguration | System | Management Protocols | TelnetThis screen lets you configure and e

Page 192 - 3 Monitoring

Configuration | System | Management Protocols | SNMP8-5VPN 3002 Hardware Client User GuideMaximum ConnectionsEnter the maximum number of concurrent, c

Page 193 - 3.2 Monitoring > Event Log

8 Management Protocols8-6VPN 3002 Hardware Client User GuideFigure 8-6: Configuration | System | Management Protocols | SNMP screen EnableCheck the b

Page 194

Configuration | System | Management Protocols | SNMP Communities8-7VPN 3002 Hardware Client User GuideFigure 8-7: Configuration | System | Management

Page 195 - Errors and troubleshooting

8 Management Protocols8-8VPN 3002 Hardware Client User GuideAdd / Modify / DeleteTo configure and add a new community string, click Add. The Manager o

Page 196 - LED indicators

Configuration | System | Management Protocols | SSL8-9VPN 3002 Hardware Client User GuideCommunity StringEnter the SNMP community string. Maximum 31 c

Page 197 - Errors on the system

8 Management Protocols8-10VPN 3002 Hardware Client User Guide Note: To ensure the security of your connection to the Manager, if you click Apply on th

Page 198 - A Errors and troubleshooting

Configuration | System | Management Protocols | SSL8-11VPN 3002 Hardware Client User GuideRC4-40/MD5 Export = RC4 encryption with a 128-bit key—40 bit

Page 199

Contents—Table of contentsviiiVPN 3002 Hardware Client User Guide

Page 200

8 Management Protocols8-12VPN 3002 Hardware Client User Guide768-bit RSA Key = This key size provides normal security and is the default selection. It

Page 201

Configuration | System | Management Protocols | SSH8-13VPN 3002 Hardware Client User GuideFigure 8-14: Configuration | System | Management Protocols

Page 202

8 Management Protocols8-14VPN 3002 Hardware Client User GuideEncryption ProtocolsCheck the boxes for the encryption algorithms that the VPN 3002 SSH s

Page 203

9-1VPN 3002 Hardware Client User GuideCHAPTER9EventsAn event is any significant occurrence within or affecting the VPN 3002 such as an alarm, trap, er

Page 204 - Command Line Interface errors

9 Events9-2VPN 3002 Hardware Client User GuideDNSDNS subsystemDNSDBGDNS debugging*DNSDECODEDNS decoding*EVENTEvent subsystem*EVENTDBGEvent subsystem d

Page 205 - Grant of License

Event class9-3VPN 3002 Hardware Client User GuideLBSSFLoad Balancing/Secure Session Failover subsystem*MIB2TRAPMIB-II trap subsystem: SNMP MIB-II trap

Page 206 - Limited Warranty

9 Events9-4VPN 3002 Hardware Client User Guide Note: The Cisco-specific event classes provide information that is meaningful only to Cisco engineering

Page 207 - Other licenses

Event log9-5VPN 3002 Hardware Client User Guide Note: The Debug (7–9) and Packet Decode (10–13) severity levels are intended for use by Cisco engineer

Page 208 - DNS Resolver (client)

9 Events9-6VPN 3002 Hardware Client User GuideConfiguration | System | EventsThis section of the Manager lets you configure how the VPN 3002 handles e

Page 209

Configuration | System | Events | General9-7VPN 3002 Hardware Client User GuideSeverity to LogClick the drop-down menu button and select the range of

Page 210 - MPPC-C v4

ContentsixVPN 3002 Hardware Client User GuideTablesTable 9-1: VPN 3002 event classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Page 211 - Server SNMP

9 Events9-8VPN 3002 Hardware Client User GuideApply / CancelTo include your settings for default event handling in the active configuration, click App

Page 212 - SSL Plus

Configuration | System | Events | Classes | Add or Modify9-9VPN 3002 Hardware Client User GuideAdd / Modify / DeleteTo configure and add a new event c

Page 213 - Telnet server

9 Events9-10VPN 3002 Hardware Client User GuideAll subsequent parameters on this screen apply to this event class only.EnableCheck this box to enable

Page 214

Configuration | System | Events | Trap Destinations9-11VPN 3002 Hardware Client User GuideAdd or Apply / CancelTo add this event class to the list of

Page 215

9 Events9-12VPN 3002 Hardware Client User GuideAdd / Modify / DeleteTo configure a new SNMP trap destination, click Add. See Configuration | System |

Page 216 - CRSHDUMP.TXT file A-1

Configuration | System | Events | Syslog Servers9-13VPN 3002 Hardware Client User GuideCommunityEnter the community string to use in identifying traps

Page 217

9 Events9-14VPN 3002 Hardware Client User GuideFigure 9-7: Configuration | System | Events | Syslog Servers screen Syslog ServersThe Syslog Servers l

Page 218

Configuration | System | Events | Syslog Servers | Add or Modify9-15VPN 3002 Hardware Client User GuideConfiguration | System | Events | Syslog Server

Page 219

9 Events9-16VPN 3002 Hardware Client User GuideCRON = Clock daemon.Local 0 through Local 7 (default) = User defined.Add or Apply / CancelTo add this s

Page 220

10-1VPN 3002 Hardware Client User GuideCHAPTER10GeneralGeneral configuration parameters include VPN 3002 environment items: system identification, tim

Comments to this Manuals

No comments