|
Table Of Contents
Release Notes for Management Center for VPN Routers 1.3 on Windows 2000 and Solaris
System Requirements for Router MC 1.3
Additional Information for Working with Router MC
Additional Troubleshooting Information
Known Problems in Router MC 1.3
Problems in Other VMS Applications that Affect Router MC
Resolved Problems in Router MC 1.3
Obtaining Technical Assistance
Obtaining Additional Publications and Information
Release Notes for Management Center for VPN Routers 1.3 on Windows 2000 and Solaris
These release notes are for use with Management Center for VPN Routers (Router MC) 1.3.
These release notes contain the following sections:
• System Requirements for Router MC 1.3
• Additional Information for Working with Router MC
• Additional Troubleshooting Information
• Known Problems in Router MC 1.3
• Problems in Other VMS Applications that Affect Router MC
• Resolved Problems in Router MC 1.3
• Obtaining Technical Assistance
• Obtaining Additional Publications and Information
System Requirements for Router MC 1.3
Router MC is a component of the VPN/Security Management Solution (VMS). VMS integrates CiscoWorks, VPN Monitor, CiscoWorks Common Services, and other individual applications.
The system requirements for Router MC are the same as the requirements for the VPN/Security Management Solution. See the Quick Start Guide for the VPN/Security Management Solution 2.2 for a list of server and client system requirements. This guide can be found at the following location on Cisco.com:
Products & Services > Network Management CiscoWorks > CiscoWorks VPN/Security Management Solution > Technical Documentation > Quick Start.New Features
Router MC 1.3 contains the following new features and changes since Router MC 1.2.1:
•GRE configuration for devices with dynamic IP addresses.
•Dial backup configuration for primary link failover.
•Filtering by protocol and port when creating a tunnel policy.
•Additional firewall configuration features:
–Support for authentication proxy in firewall configuration.
–URL filtering for HTTP traffic using N2H2 or Websense.
–Additional predefined services for CBAC inspection, including Skinny, SIP, RTSP, and ICMP.
–ICMP qualifier messages for the ICMP protocol that can be selected as a service when creating an access rule.
–Enhanced access rule definition that includes the option to have Router MC create an additional ACL to permit inspected traffic from a specific source and destination.
–ACL logging—logging of all filtered traffic that matches the access rule to an external Syslog server.
•Router MC now keeps existing security-related CLI commands that were not configured using Router MC on the devices, instead of removing them and creating new Router MC specific commands. This enables you to add devices to an existing network and manage them with Router MC, without affecting the policies that are already defined in your network. This is now the default behavior of Router MC, however, you can set the application to remove existing policies and replace them with Router MC generated CLI commands, if required.
•Support for preshared key management only. Router MC can be set up to manage only preshared keys on your devices, and no other policies.
•The default working mode is now Workflow Disabled mode. In this mode, there is no need to create an activity before making configuration changes or to create a job before deploying policies to your devices.
•Router MC now provides hot-linked taskflow diagrams that lead you through all the steps required for VPN or firewall configuration, from importing your devices through deployment. By clicking each icon in the taskflow diagram, you can move directly to the relevant page in the application to perform the required task.
•Router MC provides the following default policies on the Global level:
–Failover and routing: IKE Keepalive.
–Preshared key: Auto-generated key, main mode address.
–Tunnel policy: Transform set with 3DES and SHA, ACL permitting all traffic tunnels all traffic between the internal networks and inside interfaces on the peers, in both directions.
–IKE policy: 3DES, SHA.
•Router MC now enables the configuration of global lifetime settings for the crypto IPSec security association (SA).
•Support for 1711/1712 devices with inside VLAN interfaces.
Product Documentation
Table 1 describes the documentation that is available for Router MC 1.3.
Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the Router MC documentation on Cisco.com for the most updated documentation.
Table 1 Product Documentation
Document Title Available FormatsRelease Notes for Router MC 1.3
•PDF on the Router MC download page on Cisco.com.
•On Cisco.com:
–Log into Cisco.com.
–Select Products & Services > Network Management CiscoWorks > CiscoWorks Management Center for VPN Routers > Technical Documentation > Release Notes .
Installing Management Center for VPN Routers 1.3 on Windows 2000 and Solaris
•PDF in the Router MC software package that can be downloaded from Cisco.com.
•On Cisco.com:
–Log into Cisco.com.
–Select Products & Services > Network Management CiscoWorks > CiscoWorks Management Center for VPN Routers > Technical Documentation > Installation Guides .
•Printed document available by order (part number DOC-7816158=).1
Using Management Center for VPN Routers 1.3
•PDF in the Router MC software package that can be downloaded from Cisco.com.
•On Cisco.com:
–Log into Cisco.com.
–Select Products & Services > Network Management CiscoWorks > CiscoWorks Management Center for VPN Routers > Technical Documentation > User Guides .
•Printed document available by order (part number DOC-7816157=). 1
Supported Devices and Software for Management Center for VPN Routers 1.3
•On Cisco.com:
–Log into Cisco.com.
–Select Products & Services > Network Management CiscoWorks > CiscoWorks Management Center for VPN Routers > Technical Documentation > Device Support Tables .
Context-sensitive online help
•Click Help in any page in Router MC for context-sensitive help.
•Select Router Management Center from the navigation tree in the CiscoWorks desktop, then click Help.
1 See Obtaining Documentation.
Additional Information for Working with Router MC
Please be aware of the following issues when working with Router MC:
•Internal error on login if processes have not yet started up—On first login to Router MC after installation, it takes a few minutes for all the required processes to start up. If some of the processes are not yet up and running when you try to log in, an error message is displayed. Please wait a few minutes, then log in again.
•Target folders for backup, deploy or rollback must be located under the CiscoWorks Common Services installation folder—On Solaris, an error occurs if you try to back up, deploy, or roll back to a folder that is not in the CiscoWorks Common Services installation folder.
Backup and deployment on Solaris can be done only in locations that are under the CiscoWorks Common Services installation folder, such as, /opt/CSCOpx. If you want to back up or deploy to a different location, you must use the ROOT user to change the permissions of the new location, enabling full UNIX permissions for backup or deploy.
•Auto Update Server (AUS) patch supports IOS 12.3 and later versions—The AUS CNS Event Gateway enables Router MC to manage Cisco IOS devices with dynamically assigned IP addresses. The current AUS version 1.1 does not support Cisco IOS Release 12.3 devices. An AUS patch is now available that supports Cisco IOS devices running 12.3 and later versions. If you require this patch, please contact Cisco technical support.
•Refresh pages to update information, or clear browser cache—If the information displayed on a Router MC page does not seem updated, or if information seems to be missing, try refreshing the page. For example, refresh the Device Hierarchy page if the device hierarchy is not displayed. If this does not work, try clearing your browser's cache and then refreshing the page.
•No support for multiple application windows—Router MC does not support multiple open application windows. Router MC is launched in a single browser window. This window is reused if you open another instance of Router MC. Therefore, please do not try to open more than one Router MC application window simultaneously (either from the CiscoWorks desktop, or by any other means).
•ios-mdc = Router MC—"ios-mdc" in filenames, messages, or log files refers to Router MC.
•Router MC does not support Japanese characters. It supports only English characters. If Router MC is installed on a Japanese operating system, Japanese characters cannot be used to create activities or define policies, etc.
Additional Troubleshooting Information
Following is additional troubleshooting information that is not documented in the troubleshooting section of the Router MC online help or user guide.
Problem—Deployment fails. Reason stated as device timeout.
Explanation—If you used beginning and ending commands in Router MC 1.2.1 and then you upgraded to Router MC 1.3, there might be blank lines in the CLI configuration that cause the deployment to fail.
Recommended Action—Check the incremental Telnet configuration for the devices to which you want to deploy, under Configuration > View Configs. If there are blank lines in the CLI, go to Configuration > Config Additions > Beginning and Ending Commands and click Apply. Then, deploy to the devices again.
Note If you use beginning and ending commands in Router MC 1.3, this problem will not occur because Router MC now removes any blank lines in the generated CLI.
Known Problems in Router MC 1.3
Table 2 describes the significant severity level 3 and 4 problems known to exist in this release. It does not contain a full list of known problems.
Note To obtain more information about known problems, access the Cisco Software Bug Toolkit at http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl. (You will be prompted to log into Cisco.com.)
Problems in Other VMS Applications that Affect Router MC
Table 3 describes some problems in Common Services and other VMS applications that directly affect the functioning of Router MC.
Resolved Problems in Router MC 1.3
Table 4 shows the problems that appeared in the release notes for Router MC 1.2.1 that have since been resolved.
Obtaining Documentation
Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated regularly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual or quarterly subscription.
Registered Cisco.com users can order a single Documentation CD-ROM (product number DOC-CONDOCCD=) through the Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.html
All users can order monthly or quarterly subscriptions through the online Subscription Store:
http://www.cisco.com/go/subscription
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:
http://www.cisco.com/en/US/partner/ordering/index.shtml
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click Feedback at the top of the page.
You can e-mail your comments to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com, which includes the Cisco Technical Assistance Center (TAC) website, as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from the Cisco TAC website. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC website, including TAC tools and utilities.
Cisco.com
Cisco.com offers a suite of interactive, networked services that let you access Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com provides a broad range of features and services to help you with these tasks:
•Streamline business processes and improve productivity
•Resolve technical issues with online support
•Download and test software packages
•Order Cisco learning materials and merchandise
•Register for online skill assessment, training, and certification programs
To obtain customized information and service, you can self-register on Cisco.com at this URL:
http://tools.cisco.com/RPF/register/register.do
Technical Assistance Center
The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available: the Cisco TAC website and the Cisco TAC Escalation Center. The type of support that you choose depends on the priority of the problem and the conditions stated in service contracts, when applicable.
We categorize Cisco TAC inquiries according to urgency:
•Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration. There is little or no impact to your business operations.
•Priority level 3 (P3)—Operational performance of the network is impaired, but most business operations remain functional. You and Cisco are willing to commit resources during normal business hours to restore service to satisfactory levels.
•Priority level 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively impacted by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
•Priority level 1 (P1)—An existing network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Cisco TAC Website
The Cisco TAC website provides online documents and tools to help troubleshoot and resolve technical issues with Cisco products and technologies. To access the Cisco TAC website, go to this URL:
All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC website. Some services on the Cisco TAC website require a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:
http://tools.cisco.com/RPF/register/register.do
If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC website, you can open a case online at this URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, we recommend that you open P3 and P4 cases online so that you can fully describe the situation and attach any necessary files.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://www.cisco.com/en/US/products/products_catalog_links_launch.html
•Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for new and experienced users: Internetworking Terms and Acronyms Dictionary, Internetworking Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:
•Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:
http://www.cisco.com/go/packet
•iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html
•Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:
http://www.cisco.com/en/US/learning/le31/learning_recommended_training_list.html
This document is to be used in conjunction with the documents listed in the "Product Documentation" section.
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Posted: Thu Jan 27 13:02:41 PST 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.