Cisco 3002 - VPN Hardware Client Uživatelská příručka

170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comCisco Systems, Inc.Corporate HeadquartersTel:800 553-NETS (6387)408 526-4000Fax: 40

10 General10-2VPN 3002 Hardware Client User GuideConfiguration | System | General | IdentificationThis screen lets you configure system identification

Configuration | System | General | Time and Date10-3VPN 3002 Hardware Client User GuideConfiguration | System | General | Time and DateThis screen let

11 - 1VPN 3002 Hardware Client User GuideCHAPTER11Policy ManagementThe VPN 3002 works in either of two modes: Client mode or Network Extension mode. P

11 Policy Management11- 2VPN 3002 Hardware Client User GuideVPN 3000 Series Concentrator settings required for PATFor the VPN 3002 to use PAT, these

Configuration | Policy Management11 - 3VPN 3002 Hardware Client User Guide5 If you want the VPN 3002 to be able to reach devices on other networks tha

Configuration | Policy Management | Traffic Management | PATThe Configuration | Policy Management | Traffic Management | PAT screen displays.Figure 11

Configuration | Policy Management | Traffic Management | PAT | Enable11 - 5VPN 3002 Hardware Client User GuideApply / CancelTo enable or disable PAT,

12-1VPN 3002 Hardware Client User GuideCHAPTER12AdministrationAdministering the VPN 3002 involves activities that keep the system operational and secu

xiVPN 3002 Hardware Client User GuidePrefaceAbout this manualThe VPN 3002 Hardware Client User Guide provides guidelines for configuring the Cisco VPN

12 Administration12-2VPN 3002 Hardware Client User GuideFigure 12-1: Administration screen Administration | Software UpdateThis section of the Manage

Administration | Software Update12-3VPN 3002 Hardware Client User GuideFigure 12-2: Administration | Software Update screen Current Software Revision

12 Administration12-4VPN 3002 Hardware Client User GuideSoftware Update ProgressThis window shows the progress of the software upload. It refreshes th

Administration | System Reboot12-5VPN 3002 Hardware Client User GuideAdministration | System RebootThis screen lets you reboot or shutdown (halt) the

12 Administration12-6VPN 3002 Hardware Client User GuideShutdown without automatic reboot = Shut down the VPN 3002; that is, bring the system to a hal

Administration | Ping12-7VPN 3002 Hardware Client User GuideAdministration | PingThis screen lets you use the ICMP ping (Packet Internet Groper) utili

12 Administration12-8VPN 3002 Hardware Client User GuideError (Ping)If the system is unreachable for any reason—host down, ICMP not running on host, r

Administration | Access Rights | Administrators12-9VPN 3002 Hardware Client User GuideAdministration | Access Rights | AdministratorsAdministrators ar

12 Administration12-10VPN 3002 Hardware Client User GuidePasswordEnter or edit the unique password for this administrator. Maximum is 31 characters. T

Administration | File Management12-11VPN 3002 Hardware Client User GuideSession Idle TimeoutEnter the idle timeout period in seconds for administrativ

PrefacexiiVPN 3002 Hardware Client User GuideChapter 7, IP Routing explains how to configure static routes, default gateways, and DHCP parameters and

12 Administration12-12VPN 3002 Hardware Client User GuideView FilesView Files lets you view or delete configuration, crash dump, and saved log files.

Administration | File Management | Swap Config Files12-13VPN 3002 Hardware Client User GuideSave Target As..., Save Link As... = Save a copy of the fi

12 Administration12-14VPN 3002 Hardware Client User GuideFigure 12-16: Administration | File Management | Config File Upload screen Local Config File

Administration | Certificate Management12-15VPN 3002 Hardware Client User GuideFile Upload SuccessThe Manager displays this screen to confirm that the

12 Administration12-16VPN 3002 Hardware Client User GuideCAs issue root certificates (also known as trusted or signing certificates). They may also is

Administration | Certificate Management | Enrollment12-17VPN 3002 Hardware Client User Guidea Install the root certificate on the VPN 3002 first.b The

12 Administration12-18VPN 3002 Hardware Client User GuideFigure 12-21: Administration | Certificate Management | Enrollment screen Common Name (CN)En

Administration | Certificate Management | Enrollment12-19VPN 3002 Hardware Client User GuideLocality (L)Enter the city or town where this VPN3002 is l

12 Administration12-20VPN 3002 Hardware Client User GuideAdministration | Certificate Management | Enrollment | Request GeneratedThe Manager displays

Administration | Certificate Management | Installation12-21VPN 3002 Hardware Client User Guide6 Repeat the previous step for any subordinate certifica

Documentation on VPN software distribution CDsxiiiVPN 3002 Hardware Client User GuideDocumentation on VPN software distribution CDsThe VPN 3000 Concen

12 Administration12-22VPN 3002 Hardware Client User GuideSSL Server (import with Private Key) = SSL certificate imported along with a private key from

Administration | Certificate Management | Certificates12-23VPN 3002 Hardware Client User GuideAdministration | Certificate Management | CertificatesTh

12 Administration12-24VPN 3002 Hardware Client User GuideExpirationThe expiration date of the certificate. Format is MM/DD/YYYY.Actions/View/DeleteTo

Administration | Certificate Management | Certificates | View12-25VPN 3002 Hardware Client User GuideIssuerThe CA or other entity (jurisdiction) that

12 Administration12-26VPN 3002 Hardware Client User GuidePublic Key TypeThe algorithm and size of the public key that the CA or other issuer used in g

Administration | Certificate Management | Certificates | Delete12-27VPN 3002 Hardware Client User GuideAdministration | Certificate Management | Certi

13-1VPN 3002 Hardware Client User GuideCHAPTER13MonitoringThe VPN 3002 tracks many statistics and the status of many items essential to system adminis

13 Monitoring13-2VPN 3002 Hardware Client User GuideMonitoring | Routing TableThis screen shows the VPN3002 routing table at the time the screen displ

Monitoring | Filterable Event Log13-3VPN 3002 Hardware Client User GuideNext HopFor remote routes, the IP address of the next system in the path to th

PrefacexivVPN 3002 Hardware Client User GuideDocumentation feedbackIf you are reading Cisco product documentation on the World Wide Web, you can submi

13 Monitoring13-4VPN 3002 Hardware Client User GuideFigure 13-3: Monitoring | Filterable Event Log screen Select Filter OptionsYou can select any or

Monitoring | Filterable Event Log13-5VPN 3002 Hardware Client User GuideSeveritiesTo display all events of a single severity level, click the drop-dow

13 Monitoring13-6VPN 3002 Hardware Client User GuideAll four Page buttons are also present at the bottom of the screen.Get Log To download the event l

Monitoring | Filterable Event Log13-7VPN 3002 Hardware Client User GuideAlthough numbering restarts at 1 when the system powers up, it does not overwr

13 Monitoring13-8VPN 3002 Hardware Client User GuideMonitoring | Live Event LogThis screen shows events in the current event log and automatically upd

Monitoring | System Status13-9VPN 3002 Hardware Client User GuideClear DisplayTo clear the event display, click Clear Display. This action does not cl

13 Monitoring13-10VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date and time indicate when the scre

Monitoring | System Status13-11VPN 3002 Hardware Client User GuideTunnel Established to:The IP address of the VPN 3000 Concentrator to which this VPN

13 Monitoring13-12VPN 3002 Hardware Client User GuideFront PanelThe front panel image is an inactive link.Back PanelThe back panel image includes acti

Monitoring | System Status | Private/Public Interface13-13VPN 3002 Hardware Client User GuidePublic interfaceIP AddressThe IP address configured on th

Other referencesxvVPN 3002 Hardware Client User Guidehttp://www.cisco.com/tacP3 and P4 level problems are defined as follows:• P3—Your network perform

13 Monitoring13-14VPN 3002 Hardware Client User GuideRx BroadcastThe number of broadcast packets that were received by this interface since the VPN 30

Monitoring | Statistics | IPSec13-15VPN 3002 Hardware Client User GuideMonitoring | Statistics | IPSecThis screen shows statistics for IPSec activity—

13 Monitoring13-16VPN 3002 Hardware Client User GuideActive TunnelsThe number of currently active IKE control tunnels.Total TunnelsThe cumulative tota

Monitoring | Statistics | IPSec13-17VPN 3002 Hardware Client User GuideReceived Phase-2 ExchangesThe cumulative total of IPSec Phase-2 exchanges recei

13 Monitoring13-18VPN 3002 Hardware Client User GuideFailed Initiated TunnelsThe cumulative total of IKE tunnels that this VPN 3002 initiated and that

Monitoring | Statistics | IPSec13-19VPN 3002 Hardware Client User GuideReceived BytesThe cumulative total of bytes (octets) received by all currently

13 Monitoring13-20VPN 3002 Hardware Client User GuideOutbound AuthenticationsThe cumulative total of outbound individual packet authentications perfor

Monitoring | Statistics | HTTP13-21VPN 3002 Hardware Client User GuideMonitoring | Statistics | HTTPThis screen shows statistics for HTTP activity on

13 Monitoring13-22VPN 3002 Hardware Client User GuideMax ConnectionsThe maximum number of HTTP connections that have been simultaneously active on the

Monitoring | Statistics | DNS13-23VPN 3002 Hardware Client User GuideTelnet SessionsThis table shows statistics for active Telnet sessions on the VPN

Documentation conventionsWe use these typographic conventions in this manual:Data formatsAs you configure and manage the system, enter data in these f

13 Monitoring13-24VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date and time indicate when the scre

Monitoring | Statistics | SSL13-25VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date and time indica

13 Monitoring13-26VPN 3002 Hardware Client User GuideMonitoring | Statistics | DHCPThis screen shows statistics for DHCP (Dynamic Host Configuration P

Monitoring | Statistics | SSH13-27VPN 3002 Hardware Client User GuideMonitoring | Statistics | SSHThis screen shows statistics for SSH (Secure Shell)

13 Monitoring13-28VPN 3002 Hardware Client User GuideMonitoring | Statistics | MIB-IIThis section of the Manager lets you view statistics that are rec

Monitoring | Statistics | MIB-II | Interfaces13-29VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date

13 Monitoring13-30VPN 3002 Hardware Client User GuideBroadcast InThe number of broadcast packets that were received by this interface. Broadcast packe

Monitoring | Statistics | MIB-II | TCP/UDP13-31VPN 3002 Hardware Client User GuideTCP Segments RetransmittedThe total number of segments retransmitted

13 Monitoring13-32VPN 3002 Hardware Client User GuideUDP Datagrams ReceivedThe total number of UDP datagrams received. Datagram is the official UDP na

Monitoring | Statistics | MIB-II | IP13-33VPN 3002 Hardware Client User GuideRefreshTo update the screen and its data, click Refresh. The date and tim

Data formatsxviiVPN 3002 Hardware Client User GuideFilenamesFilenames on the VPN 3002 follow the DOS 8.3 naming convention: a maximum of eight charact

13 Monitoring13-34VPN 3002 Hardware Client User GuideOutbound Packets with No RouteThe number of outbound IP data packets discarded because no route c

Monitoring | Statistics | MIB-II | ICMP13-35VPN 3002 Hardware Client User GuideMonitoring | Statistics | MIB-II | ICMPThis screen shows statistics in

13 Monitoring13-36VPN 3002 Hardware Client User GuideTime Exceeded Received / TransmittedThe number of ICMP Time Exceeded messages received / sent. Ti

Monitoring | Statistics | MIB-II | ARP Table13-37VPN 3002 Hardware Client User GuideAddress Mask Requests Received / TransmittedThe number of ICMP Add

13 Monitoring13-38VPN 3002 Hardware Client User GuideInterfaceThe VPN 3002 network interface on which this mapping applies: Private Interface.Public I

Monitoring | Statistics | MIB-II | Ethernet13-39VPN 3002 Hardware Client User GuideMonitoring | Statistics | MIB-II | EthernetThis screen shows statis

13 Monitoring13-40VPN 3002 Hardware Client User GuideSQE Test ErrorsThe number of times that the SQE (Signal Quality Error) Test Error message was gen

Monitoring | Statistics | MIB-II | SNMP13-41VPN 3002 Hardware Client User GuideSpeed (Mbps)This interface’s nominal bandwidth in megabits per second.D

13 Monitoring13-42VPN 3002 Hardware Client User GuideBad Community StringThe total number of SNMP messages received that used an SNMP community string

14-1VPN 3002 Hardware Client User GuideCHAPTER14Using the Command Line InterfaceThe VPN 3002 Hardware Client Command Line Interface (CLI) is a menu- a

14 Using the Command Line Interface14-2VPN 3002 Hardware Client User GuideTelnet or Telnet/SSL accessTo access the CLI via a Telnet or Telnet/SSL clie

Using the CLI14-3VPN 3002 Hardware Client User GuideUsing the CLI This section explains how to:• Choose menu items.• Enter values for parameters and o

14 Using the Command Line Interface14-4VPN 3002 Hardware Client User GuideNavigating quickly through the CLI There are two ways to move quickly throug

Using the CLI14-5VPN 3002 Hardware Client User Guide> Which Administrator to ModifyAdmin ->As a shortcut, you can just enter 2.4.1.1 at the Main

14 Using the Command Line Interface14-6VPN 3002 Hardware Client User GuideGetting Help Information To display a brief help message, enter 5 at the mai

CLI menu reference14-7VPN 3002 Hardware Client User GuideStopping the CLI To stop the CLI, navigate to the main menu and enter 6 for Exit at the promp

14 Using the Command Line Interface14-8VPN 3002 Hardware Client User GuideMain menu1) Configuration2) Administration3) Monitoring4) Save changes to Co

CLI menu reference14-9VPN 3002 Hardware Client User Guide1.2 Configuration > System Management1) Servers (DNS)2) Tunneling Protocols (IPSec)3) IP R

14 Using the Command Line Interface14-10VPN 3002 Hardware Client User Guide1.2.5 Configuration > System Management > Event Configuration1) Gener

CLI menu reference14-11VPN 3002 Hardware Client User Guide2.2 Administration > System Reboot1) Cancel Scheduled Reboot/Shutdown2) Schedule Reboot3)

1-1VPN 3002 Hardware Client User GuideCHAPTER1Using the VPN 3002 Hardware Client ManagerThe VPN 3002 Hardware Client Manager is an HTML-based interfac

14 Using the Command Line Interface14-12VPN 3002 Hardware Client User Guide2.4.1 Administration > Access Rights > AdministratorsAdmin -> 1

CLI menu reference14-13VPN 3002 Hardware Client User Guide2.5.5 Administration > File Management > Swap Configuration FileEvery time the active

14 Using the Command Line Interface14-14VPN 3002 Hardware Client User Guide2.6.4 Administration > Certificate Management > Identity Certificates

CLI menu reference14-15VPN 3002 Hardware Client User Guide3.1 Monitoring > Routing TableRouting Table..’q’ to Quit, ’<SPACE>’ to Continue -&g

14 Using the Command Line Interface14-16VPN 3002 Hardware Client User Guide3.4 Monitoring > General Statistics1) Protocol Statistics2) Server Stati

APPENDIXA-1VPN 3002 Hardware Client Getting StartedAErrors and troubleshootingThis appendix describes files for troubleshooting the VPN 3002, LED indi

A Errors and troubleshootingA-2VPN 3002 Hardware Client Getting Startedbuffers, timers, etc., which help Cisco support engineers diagnose the problem.

Errors on the systemA-3VPN 3002 Hardware Client Getting StartedErrors on the systemIf you have configured the VPN 3002, and you are unable to connect

A Errors and troubleshootingA-4VPN 3002 Hardware Client Getting StartedSettings on the VPN 3000 Series ConcentratorIf your VPN 3002 experiences connec

VPN 3002 Hardware Client Manager errorsA-5VPN 3002 Hardware Client Getting StartedVPN 3002 Hardware Client Manager errorsThese errors may occur while

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMM

1 Using the VPN 3002 Hardware Client Manager1-2VPN 3002 Hardware Client User Guide• Internet Explorer 4.0:– On the View menu, select Internet Options.

A Errors and troubleshootingA-6VPN 3002 Hardware Client Getting StartedInvalid Login or Session TimeoutThe Manager displays the Invalid Login or Sessi

VPN 3002 Hardware Client Manager errorsA-7VPN 3002 Hardware Client Getting StartedError / An error has occurred while attempting to perform...The Mana

A Errors and troubleshootingA-8VPN 3002 Hardware Client Getting StartedNot Found/An error has occurred while attempting to access...The Manager displa

VPN 3002 Hardware Client Manager errorsA-9VPN 3002 Hardware Client Getting StartedMicrosoft Internet Explorer Script Error: No such interface supporte

A Errors and troubleshootingA-10VPN 3002 Hardware Client Getting StartedCommand Line Interface errorsThese errors may occur while using the menu-based

BCopyrights, licenses, and noticesSoftware License Agreement of Cisco Systems, Inc.CISCO SYSTEMS, INC. IS WILLING TO LICENSE TO YOU THE SOFTWARE CONTA

4. You may permanently transfer the Software and accompanying written materials (including the most recent update and all prior versions) only in conj

16. This Agreement is governed by the laws of the State of Massachusetts.17. If you have any questions concerning this Agreement or wish to contact Ci

DHCP clientCopyright © 1995, 1996, 1997 The Internet Software Consortium.All rights reserved.Redistribution and use in source and binary forms, with o

Portions Copyright © 1993 by Digital Equipment Corporation.Permission to use, copy, modify, and distribute this software for any purpose with or witho

Recommended PC monitor / display settings1-3VPN 3002 Hardware Client User GuideRecommended PC monitor / display settingsFor best ease of use, we recom

NRL grants permission for redistribution and use in source and binary forms, with or without modification, of the software and documentation created a

Outline style table of contents in JavaScript OUTLINE STYLE TABLE OF CONTENTS in JAVASCRIPT, Version 3.0by Danny Goodman ([email protected])Analyzed a

Client SNMPCopyright © 1996, 1997 by Westhawk Ltd. (www.westhawk.co.uk)Permission to use, copy, modify, and distribute this software for any purpose a

- Feb 1991 [email protected] number of conversation slotsallow zero or one slotsseparate routinesstatus displayTelnet serverCopyrig

INDEXIndex-1VPN 3002 Hardware Client User GuideIndexAabout this manual xiaccess rights section, administration 12-8access settings, general, for admin

IndexIndex-2VPN 3002 Hardware Client User Guideconventionsdocumentation xvitypographic xvicookies, requirements 1-2copyrights and licenses B-1crash, s

IndexIndex-3VPN 3002 Hardware Client User Guidedata xvihostnames xviIP addresses xviMAC addresses xviport numbers xviisubnet masks xvitext strings xvi

IndexIndex-4VPN 3002 Hardware Client User Guideleft frame (table of contents) 1-22main frame 1-22mouse pointer and tips 1-20status bar 1-19title bar 1

IndexIndex-5VPN 3002 Hardware Client User Guideversion info 12-3, 13-10speed, configuring Ethernet interface 3-6SSHconfiguring internal server 8-12hos

1 Using the VPN 3002 Hardware Client Manager1-4VPN 3002 Hardware Client User GuideHTTPS is often confused with a similar protocol, S-HTTP (Secure HTTP

IndexIndex-6VPN 3002 Hardware Client User Guideusing the VPN Concentrator Manager 1-1Vviewing SSL certificateswith Internet Explorer 1-8with Netscape

Installing the SSL certificate in your browser1-5VPN 3002 Hardware Client User GuideYou need to install the SSL certificate from a given VPN 3002 only

1 Using the VPN 3002 Hardware Client Manager1-6VPN 3002 Hardware Client User GuideFigure 1-5: Internet Explorer Certificate Manager Import Wizard dia

Installing the SSL certificate in your browser1-7VPN 3002 Hardware Client User GuideFigure 1-7: Internet Explorer Certificate Manager Import Wizard d

1 Using the VPN 3002 Hardware Client Manager1-8VPN 3002 Hardware Client User GuideFigure 1-10: Internet Explorer Security Alert dialog box 11 Click O

Installing the SSL certificate in your browser1-9VPN 3002 Hardware Client User GuideFigure 1-12: Internet Explorer 4.0 Certificate Properties screen

1 Using the VPN 3002 Hardware Client Manager1-10VPN 3002 Hardware Client User GuideReinstallationYou need to install the SSL certificate from a given

Installing the SSL certificate in your browser1-11VPN 3002 Hardware Client User GuideFigure 1-16: Netscape New Certificate Authority screen 2 2 Click

iiiVPN 3002 Hardware Client User GuideCONTENTSTable of contentsTable of contentsPrefaceAbout this manual . . . . . . . . . . . . . . . . . . . . . .

1 Using the VPN 3002 Hardware Client Manager1-12VPN 3002 Hardware Client User GuideFigure 1-18: Netscape New Certificate Authority screen 4 4 You mus

Installing the SSL certificate in your browser1-13VPN 3002 Hardware Client User GuideFigure 1-20: Netscape New Certificate Authority screen 6 6 In th

1 Using the VPN 3002 Hardware Client Manager1-14VPN 3002 Hardware Client User GuideFigure 1-22: VPN 3002 Hardware Client Manager login screen using H

Installing the SSL certificate in your browser1-15VPN 3002 Hardware Client User GuideFigure 1-23: Netscape Security Info window Click View Certificat

1 Using the VPN 3002 Hardware Client Manager1-16VPN 3002 Hardware Client User GuideFigure 1-25: Netscape Certificates Signers list Select a certifica

Logging in the VPN 3002 Hardware Client Manager1-17VPN 3002 Hardware Client User GuideFigure 1-26: VPN Hardware Client Manager HTTPS login screenLogg

1 Using the VPN 3002 Hardware Client Manager1-18VPN 3002 Hardware Client User GuideFigure 1-27: Manager Main Welcome screen From here you can navigat

Understanding the VPN 3002 Hardware Client Manager window1-19VPN 3002 Hardware Client User GuideUnderstanding the VPN 3002 Hardware Client Manager win

1 Using the VPN 3002 Hardware Client Manager1-20VPN 3002 Hardware Client User GuideMouse pointer and tipsAs you move the mouse pointer over an active

Understanding the VPN 3002 Hardware Client Manager window1-21VPN 3002 Hardware Client User [email protected] this link to open your configured e

Contents—Table of contentsivVPN 3002 Hardware Client User Guide5ServersConfiguration | System | Servers . . . . . . . . . . . . . . . . . . . . . .

1 Using the VPN 3002 Hardware Client Manager1-22VPN 3002 Hardware Client User Guideconfiguration automatically when you reach the Done screen, and the

Navigating the VPN 3002 Hardware Client Manager1-23VPN 3002 Hardware Client User Guide– System: parameters for system-wide functions such as server ac

2-1VPN 3002 Hardware Client User GuideCHAPTER2ConfigurationConfiguring the VPN 3002 means setting all the parameters that govern its use and functiona

3-1VPN 3002 Hardware Client User GuideCHAPTER3InterfacesThis section of the VPN 3002 Hardware Client Manager applies functions that are interface-spec

3 Interfaces3-2VPN 3002 Hardware Client User GuideFigure 3-1: VPN 3002-8E Configuration | Interfaces screenTo configure a module, either click the ap

Configuration | Interfaces | Private3-3VPN 3002 Hardware Client User GuideIP AddressThe IP address configured on this interface.Subnet MaskThe subnet

3 Interfaces3-4VPN 3002 Hardware Client User GuideIf the interface is configured but disabled (offline), the appropriate Ethernet Link Status LED blin

Configuration | Interfaces | Public3-5VPN 3002 Hardware Client User GuideApply / CancelTo apply your settings to the system and include them in the ac

Contents—Table of contentsvVPN 3002 Hardware Client User GuideConfiguration | System | Events | Syslog Servers | Add or Modify . . . . . . . . . . .

3 Interfaces3-6VPN 3002 Hardware Client User GuideIP AddressEnter the IP address for this interface, using dotted decimal notation (e.g., 192.168.12.3

4-1VPN 3002 Hardware Client User GuideCHAPTER4System ConfigurationSystem configuration means configuring parameters for system-wide functions in the V

5-1VPN 3002 Hardware Client User GuideCHAPTER5ServersConfiguring servers means identifying them to the VPN 3002 so it can communicate with them correc

5 Servers5-2VPN 3002 Hardware Client User GuideFigure 5-2: Configuration | System | Servers | DNS screen EnabledTo use DNS functions, check Enabled (

Configuration | System | Servers | DNS5-3VPN 3002 Hardware Client User GuideTimeout PeriodEnter the initial time in seconds to wait for a response to

6-1VPN 3002 Hardware Client User GuideCHAPTER6TunnelingTunneling is the heart of virtual private networking. The tunnels make it possible to use a pub

6 Tunneling6-2VPN 3002 Hardware Client User GuideConfiguration | System | Tunneling ProtocolsThis section lets you configure the IPSec tunneling proto

Configuration | System | Tunneling Protocols | IPSec6-3VPN 3002 Hardware Client User Guide• Mode Configuration (also known as ISAKMP Configuration Met

Contents—Table of contentsviVPN 3002 Hardware Client User GuideMonitoring | Filterable Event Log . . . . . . . . . . . . . . . . . . . . . . . . . .

VerifyIn the Group Verify field, re-enter the group password to verify it. The field displays only asterisks.UserYou must also enter a username and pa

7-1VPN 3002 Hardware Client User GuideCHAPTER7IP RoutingThe VPN 3002 itself includes an IP routing subsystem with static routing, default gateways, an

7 IP Routing7-2VPN 3002 Hardware Client User GuideConfiguration | System | IP Routing | Static RoutesThis section of the Manager lets you configure st

Configuration | System | IP Routing | Static Routes | Add or Modify7-3VPN 3002 Hardware Client User GuideConfiguration | System | IP Routing | Static

7 IP Routing7-4VPN 3002 Hardware Client User GuideDestinationClick a radio button to select the outbound destination for these packets. You can select

Configuration | System | IP Routing | DHCP7-5VPN 3002 Hardware Client User GuideDefault GatewayEnter the IP address of the default gateway or router.

7 IP Routing7-6VPN 3002 Hardware Client User GuideFigure 7-5: Configuration | System | IP Routing | DHCP screen EnabledCheck the box to enable the DH

Configuration | System | IP Routing | DHCP Options7-7VPN 3002 Hardware Client User GuideConfiguration | System | IP Routing | DHCP OptionsThis section

7 IP Routing7-8VPN 3002 Hardware Client User GuideConfiguration | System | IP Routing | DHCP Options | Add or ModifyThese screens let you Add a new DH

8-1VPN 3002 Hardware Client User GuideCHAPTER8Management ProtocolsThe VPN 3002 Hardware Client includes various built-in servers, using various protoc

Index

8 Management Protocols8-2VPN 3002 Hardware Client User GuideConfiguration | System | Management Protocols | HTTP/HTTPSThis screen lets you configure a

Configuration | System | Management Protocols | HTTP/HTTPS8-3VPN 3002 Hardware Client User GuideEnable HTTPSCheck the box to enable the HTTPS server.

8 Management Protocols8-4VPN 3002 Hardware Client User GuideConfiguration | System | Management Protocols | TelnetThis screen lets you configure and e

Configuration | System | Management Protocols | SNMP8-5VPN 3002 Hardware Client User GuideMaximum ConnectionsEnter the maximum number of concurrent, c

8 Management Protocols8-6VPN 3002 Hardware Client User GuideFigure 8-6: Configuration | System | Management Protocols | SNMP screen EnableCheck the b

Configuration | System | Management Protocols | SNMP Communities8-7VPN 3002 Hardware Client User GuideFigure 8-7: Configuration | System | Management

8 Management Protocols8-8VPN 3002 Hardware Client User GuideAdd / Modify / DeleteTo configure and add a new community string, click Add. The Manager o

Configuration | System | Management Protocols | SSL8-9VPN 3002 Hardware Client User GuideCommunity StringEnter the SNMP community string. Maximum 31 c

8 Management Protocols8-10VPN 3002 Hardware Client User Guide Note: To ensure the security of your connection to the Manager, if you click Apply on th

Configuration | System | Management Protocols | SSL8-11VPN 3002 Hardware Client User GuideRC4-40/MD5 Export = RC4 encryption with a 128-bit key—40 bit

Contents—Table of contentsviiiVPN 3002 Hardware Client User Guide

8 Management Protocols8-12VPN 3002 Hardware Client User Guide768-bit RSA Key = This key size provides normal security and is the default selection. It

Configuration | System | Management Protocols | SSH8-13VPN 3002 Hardware Client User GuideFigure 8-14: Configuration | System | Management Protocols

8 Management Protocols8-14VPN 3002 Hardware Client User GuideEncryption ProtocolsCheck the boxes for the encryption algorithms that the VPN 3002 SSH s

9-1VPN 3002 Hardware Client User GuideCHAPTER9EventsAn event is any significant occurrence within or affecting the VPN 3002 such as an alarm, trap, er

9 Events9-2VPN 3002 Hardware Client User GuideDNSDNS subsystemDNSDBGDNS debugging*DNSDECODEDNS decoding*EVENTEvent subsystem*EVENTDBGEvent subsystem d

Event class9-3VPN 3002 Hardware Client User GuideLBSSFLoad Balancing/Secure Session Failover subsystem*MIB2TRAPMIB-II trap subsystem: SNMP MIB-II trap

9 Events9-4VPN 3002 Hardware Client User Guide Note: The Cisco-specific event classes provide information that is meaningful only to Cisco engineering

Event log9-5VPN 3002 Hardware Client User Guide Note: The Debug (7–9) and Packet Decode (10–13) severity levels are intended for use by Cisco engineer

9 Events9-6VPN 3002 Hardware Client User GuideConfiguration | System | EventsThis section of the Manager lets you configure how the VPN 3002 handles e

Configuration | System | Events | General9-7VPN 3002 Hardware Client User GuideSeverity to LogClick the drop-down menu button and select the range of

ContentsixVPN 3002 Hardware Client User GuideTablesTable 9-1: VPN 3002 event classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9 Events9-8VPN 3002 Hardware Client User GuideApply / CancelTo include your settings for default event handling in the active configuration, click App

Configuration | System | Events | Classes | Add or Modify9-9VPN 3002 Hardware Client User GuideAdd / Modify / DeleteTo configure and add a new event c

9 Events9-10VPN 3002 Hardware Client User GuideAll subsequent parameters on this screen apply to this event class only.EnableCheck this box to enable

Configuration | System | Events | Trap Destinations9-11VPN 3002 Hardware Client User GuideAdd or Apply / CancelTo add this event class to the list of

9 Events9-12VPN 3002 Hardware Client User GuideAdd / Modify / DeleteTo configure a new SNMP trap destination, click Add. See Configuration | System |

Configuration | System | Events | Syslog Servers9-13VPN 3002 Hardware Client User GuideCommunityEnter the community string to use in identifying traps

9 Events9-14VPN 3002 Hardware Client User GuideFigure 9-7: Configuration | System | Events | Syslog Servers screen Syslog ServersThe Syslog Servers l

Configuration | System | Events | Syslog Servers | Add or Modify9-15VPN 3002 Hardware Client User GuideConfiguration | System | Events | Syslog Server

9 Events9-16VPN 3002 Hardware Client User GuideCRON = Clock daemon.Local 0 through Local 7 (default) = User defined.Add or Apply / CancelTo add this s

10-1VPN 3002 Hardware Client User GuideCHAPTER10GeneralGeneral configuration parameters include VPN 3002 environment items: system identification, tim