Cisco VPN 3000 User's Guide Page 176
- Page / 502
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
9 Management Protocols
9-12
VPN 3000 Concentrator Series User Guide
Encryption Protocols
Check the boxes for the encryption algorithms that the VPN Concentrator SSL server can negotiate with
a client and use for session encryption. All are checked by default. You must check at least one algorithm
to enable SSL. Unchecking all algorithms disables SSL.
The algorithms are negotiated in the order shown. You cannot change the order, but you can enable or
disable selected algorithms.
RC4-128/MD5 = RC4 encryption with a 128-bit key and the MD5 hash function. This option is
available in most SSL clients.
3DES-168/SHA = Triple-DES encryption with a 168-bit key and the SHA-1 hash function. This is the
strongest (most secure) option.
DES-56/SHA = DES encryption with a 56-bit key and the SHA-1 hash function.
RC4-40/MD5 Export = RC4 encryption with a 128-bit key—40 bits of which are private—and the MD5
hash function. This option is available in the export (non-U.S.) versions of many SSL clients.
DES-40/SHA Export = DES encryption with a 56-bit key—40 bits of which are private—and the
SHA-1 hash function. This option is available in the export (non-U.S.) versions of many SSL
clients.
Client Authentication
This parameter applies to HTTPS only; it is ignored for Telnet/SSL.
Check the box to enable SSL client authentication. The box is not checked by default. In the most
common SSL connection, the client authenticates the server, not vice-versa. Client authentication
requires personal certificates installed in the browser, and trusted certificates installed in the server.
Specifically, the VPN Concentrator must have a root CA certificate installed; and a certificate signed by
one of the VPN Concentrator’s trusted CAs must be installed in the Web browser. See
Administration |
Certificate Management
.
SSL Version
Click the drop-down menu button and select the SSL version to use. SSL Version 3 has more security
options than Version 2, and TLS (Transport Layer Security) Version 1 has more security options than
SSL Version 3. Some clients that send an SSL Version 2 “Hello” (initial negotiation), can actually use a
more secure version during the session. Telnet/SSL clients usually can use only SSL Version 2.
Choices are:
Negotiate SSL V2/V3 = The server tries to use SSL Version 3 but accepts Version 2 if the client can’t
use Version 3. This is the default selection. This selection works with most browsers and Telnet/SSL
clients.
SSL V3 with SSL V2 Hello = The server insists on SSL Version 3 but accepts an initial Version 2
“Hello.”
SSL V3 Only = The server insists on SSL Version 3 only.
SSL V2 Only = The server insists on SSL Version 2 only. This selection works with most Telnet/SSL
clients.
TLS V1 Only = The server insists on TLS Version 1 only. At present, only Microsoft Internet Explorer
5.0 supports this option.
- VPN 3000 Concentrator Series 1
- User Guide 1
- CONTENTS 3
- 2 Configuration 4
- 3 Interfaces 4
- 4 System Configuration 6
- 5Servers 6
- 6 Address Management 7
- 8IP Routing 9
- 9 Management Protocols 10
- 10 Events 11
- 11 General 13
- 12 User Management 13
- 13 Policy Management 15
- 14 Administration 18
- 15 Monitoring 21
- A Errors and troubleshooting 33
- About this manual 37
- Additional Documentation 38
- Documentation Conventions 39
- Data Formats 40
- Browser requirements 43
- Navigation toolbar 44
- Install SSL Certificate link 46
- Install Certificate 47
- Next to continue 48
- Security Alert screen 50
- Reinstallation 52
- First-time installation 52
- Title bar 61
- Status bar 61
- Mouse pointer and tips 62
- Top frame (Manager toolbar) 62
- Support 63
- Save Needed 63
- Save reminder 63
- Main frame (Manager screen) 64
- Configuration 70
- Power Supplies 73
- Alarm Thresholds 74
- MAC Address 77
- RIP Parameters tab 78
- OSPF Parameters tab 79
- Select T1/E1 83
- Port A B as T1 or E1 84
- IP Parameters tab 85
- Inbound RIP 87
- Outbound RIP 87
- WAN Parameters tab 91
- PPP Multilink Parameters tab 93
- System Configuration 95
- Authentication Servers 99
- Server Type = RADIUS 100
- Server Type = NT Domain 101
- Server Type = SDI 102
- Authentication Server 103
- Server Port 103
- Add or Apply / Cancel 103
- Server Type = Internal Server 104
- Yes / No 105
- User Name 105
- Password 105
- OK / Cancel 105
- 5 Servers 106
- Go to main menu 107
- Accounting Servers 108
- Add / Modify / Delete / Move 108
- Accounting Server 109
- Server Secret 110
- Primary DNS Server 111
- Secondary DNS Server 111
- Tertiary DNS Server 111
- Timeout Period 112
- Timeout Retries 112
- Apply / Cancel 112
- DHCP Servers 113
- DHCP Server 114
- Sync Frequency 115
- NTP Hosts 116
- Add / Modify / Delete 116
- NTP Host 117
- Address Management 119
- Use Client Address 120
- Use DHCP 120
- Use Address Pools 121
- IP Pool Entry 121
- Add or Modify 122
- Tunneling Protocols 125
- 7 Tunneling Protocols 126
- Maximum Tunnel Idle Time 127
- Hello Interval 131
- IPSec LAN-to-LAN 132
- LAN-to-LAN Connection 133
- Interface 136
- Digital Certificate 137
- Preshared Key 137
- Authentication 137
- Encryption 137
- IKE Proposal 138
- Network Autodiscovery 138
- Local Network 138
- Remote Network 139
- List Name 141
- Network List 141
- IPSec LAN-to-LAN 142
- IKE Proposals 143
- Proposal Name 147
- Authentication Mode 147
- Authentication Algorithm 148
- Encryption Algorithm 148
- Diffie-Hellman Group 148
- Lifetime Measurement 148
- Data Lifetime 149
- Time Lifetime 149
- IP Routing 151
- 8 IP Routing 152
- Network Address 154
- Subnet Mask 154
- Destination 154
- Default Gateway 155
- Tunnel Default Gateway 156
- Override Default Gateway 156
- Router ID 157
- Autonomous System 157
- OSPF Area 158
- Area Summary 159
- External LSA Import 160
- Lease Timeout 161
- Listen Port 161
- Group ID 163
- 2 (Public) 164
- 3 (External) 164
- Management Protocols 165
- Maximum Connections 166
- Enable HTTP 167
- Enable HTTPS 168
- HTTP Port 168
- HTTPS Port 168
- Maximum Sessions 168
- Enable Telnet 170
- Enable Telnet/SSL 170
- Telnet Port 170
- Telnet/SSL Port 171
- SNMP Communities 172
- Community Strings 173
- Community String 174
- Apply on this 175
- Encryption Protocols 176
- Client Authentication 176
- SSL Version 176
- Event class 179
- Event severity level 182
- Event log 183
- Save Log on Wrap 184
- Save Log Format 185
- FTP Saved Log on Wrap 185
- Email Source Address 185
- Syslog Format 185
- Severity to Log 185
- Severity to Console 186
- Severity to Syslog 186
- Severity to Email 186
- Severity to Trap 186
- FTP Server 187
- FTP Directory 187
- FTP Username 187
- FTP Password 187
- Configured Event Classes 188
- Class Name 190
- Trap Destinations 192
- Syslog Servers 195
- Syslog Server 195
- Facility 196
- SMTP Servers 197
- SMTP Server 198
- Email Recipients 199
- System Name 204
- Location 204
- Current Time 205
- New Time 205
- Enable DST Support 205
- User Management 207
- Using the tabs 209
- General Parameters tab 210
- IPSec Parameters tab 213
- Mode Configuration 215
- Mode Configuration Parameters 215
- Default Domain Name 217
- IPSec through NAT 217
- IPSec through NAT UDP Port 217
- PPTP/L2TP Parameters tab 218
- PPTP Encryption 219
- Current Groups 222
- (Internal) 224
- Group Name 225
- Value / Inherit? 226
- Access Hours 227
- Simultaneous Logins 227
- Minimum Password Length 227
- Idle Timeout 227
- Primary WINS 229
- Secondary WINS 229
- SEP Card Assignment 229
- Split Tunneling Network List 233
- Current Users 240
- Identity Parameters tab 241
- Policy Management 251
- Current Access Hours 253
- Network Lists 256
- Generate Local List 258
- Filter Rules 259
- Add / Modify / Copy / Delete 261
- Rules 262
- Copy screen 263
- Rule Name 264
- Direction 264
- Protocol or Other 264
- TCP Connection 265
- Source Address 265
- Destination Address 266
- TCP/UDP Source Port 266
- Port or Range 267
- TCP/UDP Destination Port 268
- ICMP Packet Type 268
- Rules 269
- Security Associations 269
- IPSec SAs 271
- Inheritance 273
- IPSec Parameters 274
- Encapsulation Mode 274
- Perfect Forward Secrecy 275
- IKE Parameters 276
- IKE Peer 276
- Negotiation Mode 276
- Filter List 280
- Add Filter 280
- Assign Rules to Filter 280
- Modify Filter 280
- Copy Filter 281
- Delete Filter 281
- Filter Name 282
- Default Action 282
- Source Routing 283
- Fragments 283
- Description 283
- Current Rules in Filter 285
- Available Rules 285
- << Add 285
- << Insert Above 285
- >> Remove 285
- Move Up / Move Down 286
- Assign SA to Rule 286
- Add SA to Rule on Filter: 287
- Change SA on Rule in Filter: 288
- NAT 290
- NAT 290
- NAT Rules 291
- NAT 292
- Private Address 293
- Administration 295
- Administration 297
- IPSec/LAN-to-LAN 298
- Session Summary table 298
- LAN-to-LAN Sessions table 299
- Remote Access Sessions table 300
- Management Sessions table 300
- IP Address 301
- Configuration locked by 301
- Back to Sessions 306
- Current Software Revision 308
- Browse 309
- Software Update Progress 309
- Software Update Success 310
- Software Update Error 310
- System LED blinks 311
- SAVELOG.TXT when it reboots 311
- Configuration 312
- When to Reboot/Shutdown 312
- Administration 313
- Error (Ping) 314
- Refresh Period 314
- Group Number 316
- Username 316
- Properties / Modify 316
- Modify Properties 317
- Access Rights 318
- Apply / Default / Cancel 319
- Manager Workstations 320
- Access Group 322
- Session Idle Timeout 322
- Session Limit 323
- Encrypt Config File 323
- Total, Used, Free KB 324
- Filename 324
- Size (bytes) 324
- Date/Time 324
- View (Save) 325
- Concentrator File 327
- TFTP Server 327
- TFTP Server File 327
- Success (TFTP) 328
- Error (TFTP) 328
- Common Name (CN) 331
- Organizational Unit (OU) 331
- Organization (O) 331
- Request Generated 333
- Certificate Type 335
- Certificate Password 335
- Local File / Browse 336
- Certificate Authorities 336
- Identity Certificates 336
- Subject / Issuer 337
- Expiration 337
- Actions / View / CRL / Delete 337
- Serial Number 339
- Signing Algorithm 339
- Public Key Type 339
- Certificate Usage 339
- Certificate 341
- Enable CRL Checking 341
- Monitoring 345
- Monitor 346
- Monitor 348
- Select Filter Options 349
- Clear Log 351
- Event log format 351
- Monitor 353
- Fan 1, Fan 2 355
- CPU, Cage 355
- CPU Utilization 355
- Active Sessions 355
- Throughput 355
- Unknown = not configured 357
- T1/E1 Statistics 358
- Synchronous Statistics 360
- Power Supply A, B 363
- Monitor 364
- [LED selector button] 369
- Monitor 370
- Monitor 374
- Total Sessions 380
- Protocol 380
- Sessions 381
- Bar Graph 381
- Percentage 381
- Monitor 382
- Login Time 387
- Total Bytes 387
- Duration 389
- Avg. Throughput (bytes/sec) 390
- Monitor 391
- Monitor 392
- PPTP Sessions table 393
- Monitor 395
- Rx Packets Control / Data 397
- Rx Discards Control / Data 397
- Tx Octets Control / Data 397
- Tx Packets Control / Data 397
- L2TP Sessions 397
- Monitor 399
- IKE (Phase 1) Statistics 400
- Received Notifies above 401
- IPSec (Phase 2) Statistics 403
- Monitor 405
- Monitor 406
- Monitor 407
- Attempted Sessions 408
- Successful Sessions 408
- Telnet Sessions 408
- Monitor 409
- Server IP Address:Port 410
- Requests 410
- Retransmissions 410
- Bad Authenticators 413
- Pending Requests 413
- Timeouts 413
- Unknown Type 413
- Monitor 415
- VRID Errors 416
- Virtual Routers 416
- Monitor 418
- Monitor 419
- Monitor 421
- TCP Segments Received 424
- TCP Segments Transmitted 424
- TCP Segments Retransmitted 424
- TCP Timeout Min 424
- -1 means there 425
- UDP Errored Datagrams 426
- UDP No Port 426
- Packets Received (Total) 426
- 0.0.0.0) and 427
- Global Route Changes 429
- Global Queries 429
- Interfaces 429
- Neighbors 433
- External LSAs 435
- Total Received / Transmitted 436
- Errors Received / Transmitted 436
- Physical Address 439
- Mapping Type 439
- Action / Delete 439
- Alignment Errors 440
- FCS Errors 440
- Carrier Sense Errors 440
- Multiple Collisions number 441
- Single Collisions number 441
- Speed (Mbps) 442
- Requests Received 442
- Bad Version 442
- Bad Community String 443
- Parsing Errors 443
- Silent Drops 443
- Proxy Drops 443
- Accessing the CLI 445
- Starting the CLI 446
- Using the CLI 447
- Specifying configured items 448
- Using shortcut numbers 449
- Getting Help Information 450
- Stopping the CLI 451
- CLI menu reference 452
- 2 Administration 458
- 3 Monitoring 462
- 3.2 Monitoring > Event Log 463
- 3.4 Monitoring > Sessions 464
- End of Chapter 466
- Errors and troubleshooting 467
- Configuration files 468
- Command Line Interface errors 474
- LED indicators 475
- VPN Concentrator LEDs (rear) 477
- (Model 3015–3080 only) 477
- WAN Interface Module LEDs 478
- LpBk switch. LpBk is a 479
- Ownership of the Software 481
- Grant of License 481
- Limited Warranty 482
- Other licenses 483
- DHCP client 484
- DNS Resolver (client) 484
- RSA software 487
- SecureID 487
- Server SNMP 487
- Client SNMP 487
- SSL Plus 488
- Telnet server 488
- Regulatory Agency Notices 489
- Affidavit (Appendix A) 491
- End of Appendix 492
- Numerics 493
- CRSHDUMP.TXT file A-1 494
Related products and manuals for Networking Cisco VPN 3000
Networking Cisco EF3116 User Manual
(8 pages)
(8 pages)
Networking Cisco 826 User Manual
(8 pages)
(8 pages)
Networking Cisco 1861 User Manual
(13 pages)
(13 pages)
Networking Cisco TES301 User Manual
(52 pages)
(52 pages)
Networking Cisco MGBSX1 User Manual
(16 pages)
(16 pages)
Networking Cisco PA-2FE-TX Specifications
(60 pages)
(60 pages)
Networking Cisco 880 Series User Manual
(18 pages)
(18 pages)
Networking Cisco EPC3825 User Manual
(8 pages)
(8 pages)
Networking Cisco DPC3008 User's Guide
(44 pages)
(44 pages)
(4 pages)
Networking Cisco 1600R Installation Guide
(88 pages)
(88 pages)
Networking Cisco WebSTAR DPX2100 User Manual
(23 pages)
(23 pages)
Networking Cisco SPA3102 User Manual
(24 pages)
(24 pages)
Networking Cisco OL-6900-01 Specifications
(134 pages)
(134 pages)
© 2020, manymanuals.com. All rights reserved. | 0.406 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals