Index

Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
X
Z

Index

A

access hours, configuring 15-3

add 15-4

modify 15-4

accounting record attributes, RADIUS 5-16

accounting servers

configuring 5-16

modify 5-18

add

access hours 15-4

address pool 6-6

email recipient of events 10-32

event class 10-17

filter (traffic management) 15-39

filter rule (traffic management) 15-15

IPSec LAN-to-LAN connection 7-14

NAT rule 15-54

network list 15-9

NTP host 5-29

OSPF area 8-12

security association (traffic management) 15-29

security association to rule on filter 15-45

SMTP server for events 10-29

SNMP community 9-13

SNMP event destination 10-22

static route for IP routing 8-5

syslog server to receive events 10-25

user on internal server (user management) 14-107

address management, configuring 6-2

address pools

configuring 6-5

add 6-6

modify 6-6

alarm thresholds, power, configuring 3-6

Are You There (AYT) firewall policy 14-24, 14-28, 14-63, 14-67

assignment of IP addresses, configuring 6-3

assign rules to filter (traffic management) 15-42

authentication parameters

changing group delimiter 11-6

global 11-6

order of checking 14-2

authentication servers

configuring 5-2

internal 5-11

modify 5-5

NT Domain 5-7

RADIUS 5-5

SecurID 5-9, 14-88

internal 14-1

testing 5-13, 14-91

autodiscovery, network 7-11, 7-20

automatic software update, See client update 12-1

automatic switchover (redundancy) 8-18

B

bandwidth management

bandwidth aggregation 15-65

bandwidth policing 15-64, 15-66

bandwidth reservation 15-64

burst size 15-66

configuring 15-66

enabling on interface 3-20, 15-63, 15-66

in LAN-to-LAN configuration 15-66, 15-67

overview of 15-64

policing rate 15-66

policy

assigning to group 14-103, 15-66

assigning to interface 3-21, 15-66

assigning to LAN-to-LAN 7-20, 15-66

specifying the link rate 3-20, 15-66

bandwidth policies

configuring 15-63

banner for IPSec clients, configuring 14-17, 14-58

base group, configuring (user management) 14-4

base group global preshared secret 14-14

bibliography xiii

browser

installing SSL certificate 1-5

navigation toolbar, do not use with Manager 1-3

Netscape Navigator, problems with 1-3

requirements 1-2

built-in servers, configuring

See management protocols 9-1

burst size 15-66

C

Central Protection Policy (CPP) 14-24, 14-28, 14-63, 14-67, 15-15

certificate group matching 15-71

defining rules 15-71

fields 15-74

policy 15-77

configuring 15-71

rules

adding 15-72, 15-74

assigning to groups 15-74

deleting 15-72

enabling 15-74

modifying 15-72, 15-74

reordering 15-72

change security association on rule 15-47

Cisco Secure ACS RADIUS server 14-1

Cisco VPN Client

IPSec attributes 7-9, 15-24

IPSec support 14-8, 14-50, 14-113

route advertisement 8-22

supports Mode Configuration 14-15, 14-56

client firewall 14-24, 14-63

and split tunneling 14-24, 14-63

Are You There (AYT) policy 14-24, 14-28, 14-63, 14-67

Central Protection Policy (CPP) 14-24, 14-28, 14-63, 14-67, 15-15

configuring rules for firewall filters 14-24, 14-63, 15-15, 15-17, 15-19, 15-22

custom 14-27, 14-66

local 14-24, 14-63

supported products 14-26, 14-65

vendor and product codes 14-27, 14-66

Zone Labs Integrity Server 14-24, 14-28, 14-63, 14-67

client update 12-1

enabling 12-3

image files 12-2

compression

IPComp 14-14, 14-56

MPPC 14-37, 14-39, 14-76, 14-78

configuration section of Manager 2-1

connecting to VPN Concentrator

using HTTP 1-4

using HTTPS 1-20

conventions

documentation xii

typographic xii

copy

filter (traffic management) 15-39

filter rule (traffic management) 15-15

IKE proposal 7-30

network list 15-9

crash, system, saves log file 10-8

D

data

formats xv

date and time, configuring 11-3

Daylight-Saving Time, enabling 11-4

default

event handling, configuring 10-7

filter rules

table 15-12

using 15-11

filters

table 15-37

using 15-36

gateways, configuring for IP routing 8-7

IKE proposals, table 7-27

security associations, table 15-26, 15-27

tunnel gateway, configuring 8-7

delete

filter rule (traffic management) 15-23

group (user management) 14-42

internal authentication server 5-12

security association (traffic management) 15-35

user on internal server (user management) 14-106

DHCP

functions within the VPN Concentrator, configuring 8-14

servers, configuring 5-22

modify 5-24

digital certificates

in IPSec LAN-to-LAN 7-17

display settings 1-3

DNS

configuring for group 14-49

servers, configuring 5-20

documentation

additional xii

conventions xii

E

email recipients of events, configuring 10-30

add 10-32

Ethernet interfaces

F

filter 15-1

add (traffic management) 15-39

add security association to rule on 15-45

assign rules to (traffic management) 15-42

configuring (traffic management) 15-36

configuring on base group 14-7

configuring on group 14-48

configuring on interface

Ethernet 3-12

configuring on user 14-112

copy (traffic management) 15-39

default

table 15-37

using 15-36

modify (traffic management) 15-39

filter rules 15-1

add (traffic management) 15-15

configuring 15-11

copy (traffic management) 15-15

default

table 15-12

using 15-11

delete (traffic management) 15-23

modify (traffic management) 15-15

filters

firewall 15-15

firewall 14-24, 14-63

firewall, client 14-63

See client firewall 14-63

firewall, client, See client firewall 14-24

flash memory

saving log files in 10-7

formats

data xv

fragmentation policy

IPSec 3-13, 7-19

FTP

configuring internal server 9-2

using to save log files 10-8, 10-13

G

gateways, default 8-7

general parameters, configuring 11-1

global authentication parameters 11-6

groups, configuring, user management 14-41

delete 14-42

modify external 14-80

modify internal 14-43

H

hold down routes

adding to routing table 8-22

HTTP

configuring internal server 9-4

using with Manager 1-4

HTTPS

configuring internal server 9-4

connecting using 1-20

I

IKE keepalives 14-12, 14-54

IKE proposals

active 7-28

add 7-30

configuring 7-26

copy 7-30

modify 7-30

copy 7-30

default, table 7-27

inactive 7-28

in IPSec LAN-to-LAN 7-18

in security association 15-24

modify 7-30

IKE security association

See security associations

inheritance, of group and user parameters 1-3

installing SSL certificate

with Internet Explorer 1-6

with Netscape 1-13

Install SSL Certificate (screen) 1-5

interfaces

configuring 3-2

Ethernet, configuring 3-9

OSPF 3-17

RIP 3-15

speed 3-12

transmission mode 3-12

filter

Ethernet 3-12

public 3-11, 7-13, 15-53

section of Manager 3-1

status 3-4

internal authentication server

configuring 5-11

deleting 5-12

maximum groups and users 14-1

Internet Explorer, requirements 1-2

IP addresses

configuring assignment of 6-3

IPComp data compression 14-14, 14-56

IP routing

configuring 8-2

section of Manager 8-1

IPSec

banner for clients 14-17, 14-58

Cisco VPN Client 7-9, 14-8, 14-50, 14-113, 15-24

configuring 7-9

base group 14-8, 14-9

group (internal) 14-50, 14-51

user (internal server) 14-113, 14-114

data compression 14-14, 14-56

discussion 7-9

fragmentation policy 3-13, 7-19

Mode Configuration 14-15, 14-56

rules 15-6

security associations

See security associations

XAuth 14-13, 14-55

IPSec LAN-to-LAN

automatic parameters 7-15, 7-25, 15-18

configuring 7-11

add connection 7-14

no public interfaces screen 7-13

parameters for redundant systems 8-18

Done (screen) 7-25

rules that apply IPSec 15-18

using network lists 7-16, 7-20, 7-23

IPSec NAT-T 7-19

IPSec over TCP 7-34

IPSec through NAT

configuring

base group 14-17

J

JavaScript, requirements 1-2

K

keepalives, See IKE keepalives 14-54

L

L2TP

configuring

base group 14-8, 14-35

group (internal) 14-50, 14-74

user (internal server) 14-113, 14-116

configuring system-wide parameters 7-6

data compression 14-39, 14-78

L2TP over IPSec

configuring

base group 14-8

group (internal) 14-50

user (internal server) 14-113

default security association to use 14-10, 14-52, 14-115

do not use Mode Configuration 14-15, 14-56

IKE proposal required 7-28

no IPSec user authentication 14-13, 14-55

Windows 2000 client support 7-1, 14-8, 14-50, 14-113

LAN-to-LAN

See IPSec LAN-to-LAN

load balancing 13-1

and VRRP 8-18, 13-1

configuring 13-4

cluster 13-5

device 13-6

preliminary steps 13-2

device priority 13-6

defaults 13-6

virtual cluster 13-1

virtual cluster master 13-1

local LAN access for VPN client 14-21, 14-60

log files

See event log

logging in the VPN Concentrator Manager 1-21

name

factory default (Manager) 1-21

password, factory default (Manager) 1-21

screen 1-4

HTTPS 1-20

Internet Explorer 1-10

Netscape 1-17

M

management protocols, configuring 9-1

Manager table of contents 1-23

MIB-II

system object 11-2

Mode Configuration, IPSec 14-15, 14-56

and split tunneling 14-15, 14-56

Cisco VPN Client supports 14-15, 14-56

modify

access hours 15-4

accounting server 5-18

address pool 6-6

authentication server 5-5

DHCP server 5-24

event class 10-17

filter (traffic management) 15-39

filter rule (traffic management) 15-15

group (external) (user management) 14-80

group (internal) (user management) 14-43

IKE proposal 7-30

NAT rule 15-54

network list 15-9

NTP host 5-29

OSPF area 8-12

security association (traffic management) 15-29

SMTP server for events 10-29

SNMP community 9-13

SNMP event trap destination 10-22

static route, for IP routing 8-5

syslog server to receive events 10-25

user on internal server (user management) 14-107

monitor / display settings 1-3

movianVPN client support 7-18, 7-32, 14-10, 14-52, 14-115, 15-31, 15-34

MPPC data compression 14-37, 14-39, 14-76, 14-78

MTU 3-12

N

NAT

configuring 15-49

enable 15-50

no public interfaces screen 15-53

NAT rules, configuring 15-51

add 15-54

modify 15-54

NAT-T (NAT Traversal) 7-19, 7-35

NAT transparency 7-34

navigating

the VPN Concentrator Manager 1-23

Netscape Navigator

problems with 1-3

requirements 1-2

network autodiscovery 7-11, 7-20

network lists 15-1

configuring 15-7

add 15-9

automatic generation 15-10

copy 15-9

modify 15-9

IPSec LAN-to-LAN 7-16, 7-20, 7-23

network time, configuring

See NTP 5-26

No Public Interfaces screen

IPSec LAN-to-LAN 7-13

NAT 15-53

NT Domain, configuring authentication server 5-7

NTP, configuring 5-26

hosts (servers) 5-28

add 5-29

modify 5-29

synchronization 5-27

O

organization of the VPN Concentrator Manager 1-22

OSPF 3-1, 3-2

configuring

on Ethernet interface 3-17

system-wide parameters 8-9

with reverse route injection 8-21

OSPF areas, configuring 8-11

add 8-12

modify 8-12

P

password

factory default (Manager) 1-21

policing rate 15-66

policy management

configuring 15-2

section of Manager 15-1

power thresholds, configuring 3-6

PPTP

configuring

base group 14-8, 14-35

group (internal) 14-50, 14-74

user (internal server) 14-113, 14-116

configuring system-wide parameters 7-3

data compression 14-37, 14-76

pre-shared secret 14-14

product codes for client firewalls 14-27, 14-66

R

RADIUS

accounting, configuring 5-16

accounting record attributes 5-16

Cisco Secure ACS RADIUS server 14-1

Class attribute format to authenticate group name 14-41

configuring, authentication server 5-5

reboot system

saves log file 10-8

redundancy

configuring, system 8-18

references (bibliography) xiii

requirements

browser 1-2

Internet Explorer 1-2

JavaScript 1-2

Netscape Navigator 1-2

reverse route injection 7-20

RIP 3-1, 3-2

configuring on Ethernet interface 3-15

with network autodiscovery 7-20

with reverse route injection 8-21

routes, adding to routing table

network autodiscovery 7-20

reverse route injection 7-20

RRI See reverse route injection

RSA Security 5-9, 14-88

rules 15-1

add security association to, on filter 15-45

assign to filter (traffic management) 15-42

change security association on 15-47

filter, configuring 15-11

rules, NAT, configuring 15-51

add 15-54

modify 15-54

S

SAs See security associations

SAVELOG.TXT file 10-8

screen

SDI 5-9, 14-88

SecurID 5-9, 14-88

SecurID, configuring authentication server 5-9, 14-88

security associations 15-1

add to rule on filter 15-45

change on rule 15-47

configuring 15-24

add 15-29

delete 15-35

modify 15-29

default, table 15-26, 15-27

IKE proposals in 15-24

negotiation phases 15-24

servers, configuring system access to 5-1

sessions

maximum permitted 11-5

changing 11-5

SMTP servers, configuring for events 10-27

add 10-29

modify 10-29

SNMP

configuring internal server 9-10

event trap destinations, configuring 10-20

add 10-22

modify 10-22

traps, configuring "well-known" 10-12

SNMP communities, configuring 9-12

add 9-13

modify 9-13

software update, automatic 12-1

enabling 12-3

image files 12-2

speed, configuring Ethernet interface 3-12

split tunneling 14-21, 14-60

and firewalls 14-24, 14-63

split tunneling, IPSec

requires Mode Configuration 14-15, 14-56

split tunneling network list 14-22, 14-61

SSH

configuring internal server 9-18

host key 9-18

server key 9-18

server key regeneration 9-19

session key 9-18

SSL

client authentication 9-16

configuring internal server 9-14

SSL certificate 9-14

installing in browser 1-5

installing with Internet Explorer 1-6

installing with Netscape 1-13

viewing with Internet Explorer 1-11

viewing with Netscape 1-18

VPN Concentrator 1-5

static routes, configuring for IP routing 8-3

add 8-5

modify 8-5

strip realm 14-8

switchover, automatic (redundancy) 8-18

syslog servers, configuring for events 10-24

add 10-25

modify 10-25

system configuration section of Manager 4-1

system identification, configuring 11-2

T

table of contents, Manager 1-23

Telnet

configuring internal server 9-8

Telnet over SSL

configuring internal server 9-8

shareware client 9-8

TFTP

and automatic software update 12-1

configuring internal server 9-6

The 8-21

time and date, configuring 11-3

time zone, configuring 11-3

traffic management, configuring 15-6

transmission mode, configuring Ethernet interface 3-12

traps, configuring

"well-known" 10-12

destination systems 10-20, 10-22

general events 10-12

specific events 10-19

troubleshooting

consult event log 10-5

tunnel default gateway, configuring 8-7

tunneling protocols

configuring 7-2

section of Manager 7-1

typographic conventions xii

U

user attributes, default

See base group 14-4

user management

configuring 14-3

section of Manager 14-1

users, configuring on internal server (user management) 14-105

add 14-107

delete 14-106

modify 14-107

V

vendor codes for client firewalls 14-27, 14-66

viewing SSL certificates

with Internet Explorer 1-11

with Netscape 1-18

virtual cluster 13-1

configuration 13-5

IP address 13-1

master 13-1

VPN 3002 Hardware Client

route advertisement 8-22

software update 12-1

VPN Concentrator Manager

logging in 1-21

navigating 1-23

organization of 1-22

sidebar (figure) 1-23

VRRP

configuring 8-18

W

welcome text for IPSec clients, configuring 14-17, 14-58

wildcard masks 7-21, 7-24, 15-10, 15-19

Windows 2000 client

and Mode Configuration 14-15, 14-56

configure transport mode 15-31

L2TP over IPSec support 7-1, 14-8, 14-50, 14-113

PPTP support 14-8, 14-50, 14-113

WINS, configuring for group 14-49

wireless support See movianVPN client support 7-32

X

XAuth 14-13, 14-55

XML

configuring as system management protocol 9-20

Z

Zone Labs Integrity Server 14-24, 14-28, 14-63, 14-67

Table of Contents

Index

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

R

S

T

U

V

W

X

Z