|
Updating VPN Client software in an environment with a large number of devices in different locations can be a formidable task. For this reason, the VPN 3000 Concentrator includes a client update feature that simplifies the software update process. This feature works differently for VPN software clients and VPN 3002 Hardware Clients.
The client update feature lets administrators at a central location automatically notify VPN Client users when it is time to update the VPN Client software.
When you enable client update, upon connection the central-site VPN Concentrator sends an IKE packet that contains an encrypted message that notifies VPN Client users about acceptable versions of executable system software. The message includes a location that contains the new version of software for the VPN Client to download. The administrator for that VPN Client can then retrieve the new software version, and update the VPN Client software.
You configure parameters that specify the acceptable versions of software and their locations. Updates are supported per group. This means that all members of a group can obtain the same updates from the same server at approximately the same time.
The client update feature lets administrators at a central location automatically update software/firmware for VPN 3002 Hardware Clients deployed in diverse locations.
When you enable client update, upon connection the central-site VPN Concentrator sends an IKE packet that contains an encrypted message that notifies VPN 3002 hardware clients about acceptable versions of executable system software and their locations. If the VPN 3002 is not running an acceptable version, its software is automatically updated via TFTP.
To use client update, you need to have a TFTP server that can handle the volume and frequency of updates that your network requires. We recommend that you locate this server inside your network. The client update facility sends notify messages to VPN 3002s in batches of 10 at 5-minutes intervals.
You configure parameters that specify the acceptable versions of software and their locations. Updates are supported per group. This means that all members of a group can obtain the same updates from the same server at approximately the same time.
The VPN 3002 logs event messages at the start of the update. When the update completes, the Hardware Client reboots automatically.
This section of the VPN 3000 Concentrator Manager lets you configure the client update feature.
This screen lets you disable or enable client update.
Uncheck or check the Enable check box to disable or enable client update (by default, client update is enabled).
To apply your change to client update, click Apply. This action includes your entry in the active configuration. The Manager returns to the Configuration | System | Client Update screen.
To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
To discard your entries, click Cancel. The Manager returns to the Configuration | System |Client Update screen, and the settings are unchanged.
This screen lets you add, modify, or delete client update entries.
The update entry list shows the configured client update entries. Each entry shows the platform and acceptable software/firmware versions. If no updates have been configured, the list shows --Empty--.
To configure and add a new client update entry, click Add. The Manager opens the Configuration | System | Client Update | Entries | Add screen.
To modify parameters for a client update entry that has been configured, select the entry from the list and click Modify. The Manager opens the Configuration | System | Client Update | Modify screen.
To remove a client update entry that has been configured, select the entry from the list and click Delete.
Note There is no confirmation or undo. |
The Manager refreshes the screen and shows the remaining entries in the list.
To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
These screens let you configure and change client update parameters.
Enter the client type you want to update.
Note The VPN Concentrator sends a separate notification message for each entry in a Client Update list. Therefore your client update entries must not overlap. For example, the value Windows includes all Windows platforms, and the value WinNT includes Windows NT 4.0, Windows 2000 and Windows XP platforms. So you would not include both the values Windows and WinNT. |
Enter the URL for the software/firmware image. This URL must point to a file appropriate for this client.
http://10.10.99.70/vpnclient-win-3.5.Rel-k9.exe
The directory is optional. You need the port number only if you use ports other than 80 for http or 443 for https.
tftp://10.10.99.70/vpn3002-3.5.Rel-k9.bin
Enter a comma-separated list of software or firmware images appropriate for this client. The following caveats apply:
If the client is already running a software version on the list, it does not need a software update. If the client is not running a software version on the list, an update is in order.
To add this client update entry to the list of configured update entries, click Add. Or, to apply your changes, click Apply. Both actions include your entry in the active configuration. The Manager returns to the Configuration | System | Client Update screen. Any new entry appears at the bottom of the Update Entries list.
To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
To discard your entries, click Cancel. The Manager returns to the Configuration | System | Client Update screen, and the Update Entries list is unchanged.
Tip For more information about VPN Client updates, specifically the VPN Client Launch button, refer to the VPN Client Administrator Guide. |
Posted: Fri Apr 18 18:02:37 PDT 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.