|
access hours, configuring 15-3
add 15-4
modify 15-4
accounting record attributes, RADIUS 5-16
configuring 5-16
modify 5-18
access hours 15-4
address pool 6-6
email recipient of events 10-32
event class 10-17
filter (traffic management) 15-39
filter rule (traffic management) 15-15
IPSec LAN-to-LAN connection 7-14
NAT rule 15-54
network list 15-9
NTP host 5-29
OSPF area 8-12
security association (traffic management) 15-29
security association to rule on filter 15-45
SMTP server for events 10-29
SNMP community 9-13
SNMP event destination 10-22
static route for IP routing 8-5
syslog server to receive events 10-25
user on internal server (user management) 14-107
address management, configuring 6-2
configuring 6-5
add 6-6
modify 6-6
alarm thresholds, power, configuring 3-6
Are You There (AYT) firewall policy 14-24, 14-28, 14-63, 14-67
assignment of IP addresses, configuring 6-3
assign rules to filter (traffic management) 15-42
changing group delimiter 11-6
global 11-6
order of checking 14-2
configuring 5-2
internal 5-11
modify 5-5
NT Domain 5-7
RADIUS 5-5
internal 14-1
autodiscovery, network 7-11, 7-20
automatic software update, See client update 12-1
automatic switchover (redundancy) 8-18
bandwidth aggregation 15-65
bandwidth policing 15-64, 15-66
bandwidth reservation 15-64
burst size 15-66
configuring 15-66
enabling on interface 3-20, 15-63, 15-66
in LAN-to-LAN configuration 15-66, 15-67
overview of 15-64
policing rate 15-66
assigning to group 14-103, 15-66
assigning to interface 3-21, 15-66
assigning to LAN-to-LAN 7-20, 15-66
specifying the link rate 3-20, 15-66
configuring 15-63
banner for IPSec clients, configuring 14-17, 14-58
base group, configuring (user management) 14-4
base group global preshared secret 14-14
bibliography xiii
installing SSL certificate 1-5
navigation toolbar, do not use with Manager 1-3
Netscape Navigator, problems with 1-3
requirements 1-2
See management protocols 9-1
burst size 15-66
Central Protection Policy (CPP) 14-24, 14-28, 14-63, 14-67, 15-15
certificate group matching 15-71
defining rules 15-71
fields 15-74
policy 15-77
configuring 15-71
assigning to groups 15-74
deleting 15-72
enabling 15-74
reordering 15-72
change security association on rule 15-47
Cisco Secure ACS RADIUS server 14-1
IPSec support 14-8, 14-50, 14-113
route advertisement 8-22
supports Mode Configuration 14-15, 14-56
and split tunneling 14-24, 14-63
Are You There (AYT) policy 14-24, 14-28, 14-63, 14-67
Central Protection Policy (CPP) 14-24, 14-28, 14-63, 14-67, 15-15
configuring rules for firewall filters 14-24, 14-63, 15-15, 15-17, 15-19, 15-22
supported products 14-26, 14-65
vendor and product codes 14-27, 14-66
Zone Labs Integrity Server 14-24, 14-28, 14-63, 14-67
client update 12-1
enabling 12-3
image files 12-2
MPPC 14-37, 14-39, 14-76, 14-78
configuration section of Manager 2-1
connecting to VPN Concentrator
using HTTP 1-4
using HTTPS 1-20
documentation xii
typographic xii
filter (traffic management) 15-39
filter rule (traffic management) 15-15
IKE proposal 7-30
network list 15-9
crash, system, saves log file 10-8
formats xv
date and time, configuring 11-3
Daylight-Saving Time, enabling 11-4
event handling, configuring 10-7
table 15-12
using 15-11
table 15-37
using 15-36
gateways, configuring for IP routing 8-7
IKE proposals, table 7-27
security associations, table 15-26, 15-27
tunnel gateway, configuring 8-7
filter rule (traffic management) 15-23
group (user management) 14-42
internal authentication server 5-12
security association (traffic management) 15-35
user on internal server (user management) 14-106
functions within the VPN Concentrator, configuring 8-14
servers, configuring 5-22
modify 5-24
in IPSec LAN-to-LAN 7-17
display settings 1-3
configuring for group 14-49
servers, configuring 5-20
additional xii
conventions xii
email recipients of events, configuring 10-30
add 10-32
See also interfaces
configuring for special handling 10-15
add 10-17
modify 10-17
table 10-1
event log 10-5
capacity 10-5
deleting from flash memory 10-7
file size 10-8
save 10-7
saved at system reboot 10-8
saved if system crashes 10-8
saving in flash memory 10-7
configuring default handling 10-7
configuring handling 10-6
configuring special handling 10-15
section of Manager 10-1
event severity levels, table 10-4
event trap destinations, configuring 10-20
Extended Authentication, IPSec 14-13, 14-55
filter 15-1
add (traffic management) 15-39
add security association to rule on 15-45
assign rules to (traffic management) 15-42
configuring (traffic management) 15-36
configuring on base group 14-7
configuring on group 14-48
Ethernet 3-12
configuring on user 14-112
copy (traffic management) 15-39
table 15-37
using 15-36
modify (traffic management) 15-39
filter rules 15-1
add (traffic management) 15-15
configuring 15-11
copy (traffic management) 15-15
table 15-12
using 15-11
delete (traffic management) 15-23
modify (traffic management) 15-15
firewall 15-15
firewall, client 14-63
See client firewall 14-63
firewall, client, See client firewall 14-24
saving log files in 10-7
data xv
configuring internal server 9-2
using to save log files 10-8, 10-13
gateways, default 8-7
general parameters, configuring 11-1
global authentication parameters 11-6
groups, configuring, user management 14-41
delete 14-42
modify external 14-80
modify internal 14-43
adding to routing table 8-22
configuring internal server 9-4
using with Manager 1-4
configuring internal server 9-4
connecting using 1-20
login screen 1-20
active 7-28
add 7-30
configuring 7-26
copy 7-30
modify 7-30
copy 7-30
default, table 7-27
inactive 7-28
in IPSec LAN-to-LAN 7-18
in security association 15-24
modify 7-30
See security associations
inheritance, of group and user parameters 1-3
with Internet Explorer 1-6
with Netscape 1-13
Install SSL Certificate (screen) 1-5
configuring 3-2
Ethernet, configuring 3-9
OSPF 3-17
RIP 3-15
speed 3-12
transmission mode 3-12
Ethernet 3-12
section of Manager 3-1
status 3-4
internal authentication server
configuring 5-11
deleting 5-12
maximum groups and users 14-1
Internet Explorer, requirements 1-2
configuring assignment of 6-3
IPComp data compression 14-14, 14-56
configuring 8-2
section of Manager 8-1
banner for clients 14-17, 14-58
Cisco VPN Client 7-9, 14-8, 14-50, 14-113, 15-24
configuring 7-9
user (internal server) 14-113, 14-114
discussion 7-9
fragmentation policy 3-13, 7-19
Mode Configuration 14-15, 14-56
rules 15-6
See security associations
automatic parameters 7-15, 7-25, 15-18
configuring 7-11
add connection 7-14
no public interfaces screen 7-13
parameters for redundant systems 8-18
Done (screen) 7-25
rules that apply IPSec 15-18
using network lists 7-16, 7-20, 7-23
IPSec NAT-T 7-19
IPSec over TCP 7-34
base group 14-17
JavaScript, requirements 1-2
keepalives, See IKE keepalives 14-54
user (internal server) 14-113, 14-116
configuring system-wide parameters 7-6
base group 14-8
group (internal) 14-50
user (internal server) 14-113
default security association to use 14-10, 14-52, 14-115
do not use Mode Configuration 14-15, 14-56
IKE proposal required 7-28
no IPSec user authentication 14-13, 14-55
Windows 2000 client support 7-1, 14-8, 14-50, 14-113
See IPSec LAN-to-LAN
load balancing 13-1
configuring 13-4
cluster 13-5
device 13-6
preliminary steps 13-2
device priority 13-6
defaults 13-6
virtual cluster 13-1
virtual cluster master 13-1
local LAN access for VPN client 14-21, 14-60
See event log
logging in the VPN Concentrator Manager 1-21
factory default (Manager) 1-21
password, factory default (Manager) 1-21
screen 1-4
HTTPS 1-20
Internet Explorer 1-10
Netscape 1-17
management protocols, configuring 9-1
Manager table of contents 1-23
system
object 11-2
Mode Configuration, IPSec 14-15, 14-56
and split tunneling 14-15, 14-56
Cisco VPN Client supports 14-15, 14-56
access hours 15-4
accounting server 5-18
address pool 6-6
authentication server 5-5
DHCP server 5-24
event class 10-17
filter (traffic management) 15-39
filter rule (traffic management) 15-15
group (external) (user management) 14-80
group (internal) (user management) 14-43
IKE proposal 7-30
NAT rule 15-54
network list 15-9
NTP host 5-29
OSPF area 8-12
security association (traffic management) 15-29
SMTP server for events 10-29
SNMP community 9-13
SNMP event trap destination 10-22
static route, for IP routing 8-5
syslog server to receive events 10-25
user on internal server (user management) 14-107
monitor / display settings 1-3
movianVPN client support 7-18, 7-32, 14-10, 14-52, 14-115, 15-31, 15-34
MPPC data compression 14-37, 14-39, 14-76, 14-78
MTU 3-12
configuring 15-49
enable 15-50
no public interfaces screen 15-53
NAT rules, configuring 15-51
add 15-54
modify 15-54
NAT-T (NAT Traversal) 7-19, 7-35
NAT transparency 7-34
the VPN Concentrator Manager 1-23
problems with 1-3
requirements 1-2
network autodiscovery 7-11, 7-20
network lists 15-1
configuring 15-7
add 15-9
automatic generation 15-10
copy 15-9
modify 15-9
IPSec LAN-to-LAN 7-16, 7-20, 7-23
See NTP 5-26
IPSec LAN-to-LAN 7-13
NAT 15-53
NT Domain, configuring authentication server 5-7
NTP, configuring 5-26
hosts (servers) 5-28
add 5-29
modify 5-29
synchronization 5-27
organization of the VPN Concentrator Manager 1-22
on Ethernet interface 3-17
system-wide parameters 8-9
with reverse route injection 8-21
OSPF areas, configuring 8-11
add 8-12
modify 8-12
factory default (Manager) 1-21
policing rate 15-66
configuring 15-2
section of Manager 15-1
power thresholds, configuring 3-6
user (internal server) 14-113, 14-116
configuring system-wide parameters 7-3
pre-shared secret 14-14
product codes for client firewalls 14-27, 14-66
accounting, configuring 5-16
accounting record attributes 5-16
Cisco Secure ACS RADIUS server 14-1
Class attribute format to authenticate group name 14-41
configuring, authentication server 5-5
saves log file 10-8
configuring, system 8-18
references (bibliography) xiii
browser 1-2
Internet Explorer 1-2
JavaScript 1-2
Netscape Navigator 1-2
configuring on Ethernet interface 3-15
with network autodiscovery 7-20
with reverse route injection 8-21
routes, adding to routing table
network autodiscovery 7-20
RRI See reverse route injection
rules 15-1
add security association to, on filter 15-45
assign to filter (traffic management) 15-42
change security association on 15-47
filter, configuring 15-11
rules, NAT, configuring 15-51
add 15-54
modify 15-54
SAs See security associations
SAVELOG.TXT
file 10-8
login 1-4
login, using HTTPS 1-20
SecurID, configuring authentication server 5-9, 14-88
security associations 15-1
add to rule on filter 15-45
change on rule 15-47
configuring 15-24
add 15-29
delete 15-35
modify 15-29
IKE proposals in 15-24
negotiation phases 15-24
servers, configuring system access to 5-1
maximum permitted 11-5
changing 11-5
SMTP servers, configuring for events 10-27
add 10-29
modify 10-29
configuring internal server 9-10
event trap destinations, configuring 10-20
add 10-22
modify 10-22
traps, configuring "well-known" 10-12
SNMP communities, configuring 9-12
add 9-13
modify 9-13
software update, automatic 12-1
enabling 12-3
image files 12-2
speed, configuring Ethernet interface 3-12
requires Mode Configuration 14-15, 14-56
split tunneling network list 14-22, 14-61
configuring internal server 9-18
host key 9-18
server key 9-18
server key regeneration 9-19
session key 9-18
client authentication 9-16
configuring internal server 9-14
SSL certificate 9-14
installing in browser 1-5
installing with Internet Explorer 1-6
installing with Netscape 1-13
viewing with Internet Explorer 1-11
viewing with Netscape 1-18
VPN Concentrator 1-5
static routes, configuring for IP routing 8-3
add 8-5
modify 8-5
strip realm 14-8
switchover, automatic (redundancy) 8-18
syslog servers, configuring for events 10-24
add 10-25
modify 10-25
system configuration section of Manager 4-1
system identification, configuring 11-2
table of contents, Manager 1-23
configuring internal server 9-8
configuring internal server 9-8
shareware client 9-8
and automatic software update 12-1
configuring internal server 9-6
The 8-21
time and date, configuring 11-3
time zone, configuring 11-3
traffic management, configuring 15-6
transmission mode, configuring Ethernet interface 3-12
"well-known" 10-12
destination systems 10-20, 10-22
general events 10-12
specific events 10-19
consult event log 10-5
tunnel default gateway, configuring 8-7
configuring 7-2
section of Manager 7-1
typographic conventions xii
See base group 14-4
configuring 14-3
section of Manager 14-1
users, configuring on internal server (user management) 14-105
add 14-107
delete 14-106
modify 14-107
vendor codes for client firewalls 14-27, 14-66
with Internet Explorer 1-11
with Netscape 1-18
virtual cluster 13-1
configuration 13-5
IP address 13-1
master 13-1
route advertisement 8-22
software update 12-1
logging in 1-21
navigating 1-23
organization of 1-22
sidebar (figure) 1-23
configuring 8-18
welcome text for IPSec clients, configuring 14-17, 14-58
wildcard masks 7-21, 7-24, 15-10, 15-19
and Mode Configuration 14-15, 14-56
configure transport mode 15-31
L2TP over IPSec support 7-1, 14-8, 14-50, 14-113
PPTP support 14-8, 14-50, 14-113
WINS, configuring for group 14-49
wireless support See movianVPN client support 7-32
configuring as system management protocol 9-20
Zone Labs Integrity Server 14-24, 14-28, 14-63, 14-67
Posted: Fri Apr 18 17:56:55 PDT 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.