|
This chapter tells you how to prepare for, unpack, install, and power up the VPN Concentrator, and how to begin quick configuration.
Before you begin, ensure that you have the requisite skill set and that your physical environment and software preferences are properly set, as described in the following sections.
We assume you are an experienced system administrator or network administrator with appropriate education and training, who knows how to install, configure, and manage internetworking systems. However, virtual private networks and VPN devices may be new to you. You should be familiar with Windows system configuration and management and with Microsoft Internet Explorer or Netscape Navigator browsers.
The VPN Concentrator requires a normal computing-equipment environment.
The VPN Concentrator requires a console by which you enter initial configuration parameters. You can also completely configure and manage the VPN Concentrator via the CLI from the console or a Telnet client. However, for easiest use, we strongly recommend using the VPN Concentrator Manager, which is HTML-based, from a PC and browser.
The PC must be able to run the recommended browser. The console can be the same PC that runs the browser.
The VPN Concentrator Manager requires one of the following browsers:
For best results, we recommend Internet Explorer. Whatever browser and version you use, install the latest patches and service packs for it.
Be sure JavaScript and Cookies are enabled in the browser. Check these settings.
Do not use the browser navigation toolbar buttons Back, Forward, or Refresh / Reload with the VPN Concentrator Manager unless instructed to do so. To protect access security, clicking Refresh / Reload automatically logs out the Manager session. Clicking Back or Forward may display stale Manager screens with incorrect data or settings.
We recommend that you hide the browser navigation toolbar to prevent mistakes while using the VPN Concentrator Manager.
For best legibility and ease of use, we recommend setting your monitor or display as follows:
The VPN Concentrator ships with these items. Carefully unpack your device and check your contents against the list in Table 2-1 . Save the packing material in case you need to repack the unit.
Table 2-1 VPN Concentrator Packing List
Check | Quantity | Item |
---|---|---|
Rack-mounting kitsone for model 3005; one for models 3015-3080 |
||
RS-232 straight-through serial console cable with DB-9 female connectors on both ends |
||
You can install the VPN Concentrator in a standard 19-inch equipment rack, or just place it on a table or shelf.
Attach the rack-mounting brackets with 10-32 screws in the holes on the front left and right sides. Be sure to orient the brackets as shown in Figure 2-1.
Mount the VPN Concentrator in the rack as shown in Figure 2-2. Use screws or fasteners appropriate for your equipment rack.
To place the VPN Concentrator on a table or shelf, locate the four indentations on the bottom of the chassis. Peel the removable tape off each rubber foot, and place one foot in each indentation. (See Figure 2-3.)
Some models of the VPN Concentrator use screws to attach the rubber feet. If the rubber feet have screws, attach them to the bottom of the chassis in the holes at each corner. (SeeFigure 2-4.)
Warning Be sure the console/PC is turned off before you connect cables to it. Do not connect power cables to the VPN Concentrator until instructed. |
Connect the RS-232 straight-through serial cable between the Console port on the back of the VPN Concentrator and the COM1 or serial port on the console/PC. See Figure 2-5.
If you are using a PC with a browser to manage the VPN Concentrator, be sure the PC is connected to the same private LAN as the VPN Concentrator.
Connect network patch cables between the Ethernet interface jacks on the back of the VPN Concentrator and your network patch panel or device. See Figure 2-5.
The interfaces are (left to right):
VPN Concentrator interface to your private network (internal LAN) |
||
VPN Concentrator interface to an additional LAN |
To make the VPN Concentrator operational, you must connect at least two interfaces, usually Ethernet 1 and Ethernet 2.
Warning Be sure the VPN Concentrator power switch is OFF (O depressed) before you connect a power cable. The power switch is on the power module, on the back of the VPN Concentrator. |
Connect the power cable(s) between the VPN Concentrator and an appropriate power outlet. Be sure the power outlet provides a reliable earth ground. See Figure 2-6.
Power up the devices in this sequence:
Step 2 Start a terminal emulator (e.g., HyperTerminal) on the console/PC. Configure a connection to COM1, with port settings of:
Set the emulator for VT100 emulation, or let it auto-detect the emulation type.
Step 3 Power up the VPN Concentrator by pressing ON ( I ) on the power switch on the back.
The LED(s) on the front panel will blink and change color as the system executes diagnostics. Watch for these LEDs (if present) on the VPN Concentrator front panel to stabilize and display:
Ignore any other LEDs on the front panel.
Step 4 Watch for the following LEDs on the back of the device to display:
If LEDs that should be green are amber, red, or off, please see Appendix A, "Troubleshooting and System Errors." Ignore any other LEDs on the back.
Step 5 The console displays initialization and boot messages such as:
You are now ready to begin quick configuration; that is, accepting default values when possible and configuring minimal parameters to make the VPN 3000 Concentrator operational.
Quick configuration consists of the following steps:
Step 2 Configure the VPN Concentrator Ethernet 1 interface to your private network, from the console.
At this point you can use a browser to complete Quick Configuration with the VPN Concentrator Manager (see "Using the VPN Concentrator Manager for Quick Configuration"). While you can continue with the console instead (see "Using the Command-Line Interface for Quick Configuration"), we recommend using a browser.
Step 3 Configure the other Ethernet interfaces that are connected to a public network or an additional external network.
Step 4 Enter system identification information: system name, date, time, DNS, domain name, and default gateway.
Step 5 Specify tunneling protocols and encryption options.
Step 6 Specify methods for assigning IP addresses to clients as a tunnel is established.
Step 7 Choose and identify the user authentication server: the internal server, RADIUS, NT Domain, or SDI.
Step 8 If using the internal authentication server, populate the internal user database.
Step 9 If using IPSec tunneling protocol, assign a name and password to the IPSec tunnel group.
Step 10 Change the admin password for security.
Step 11 Save the configuration file. When you complete this step, quick configuration is done.
Although you can choose to accept the default values, where applicable, for many of the quick configuration parameters, you can instead specify particular values for one or more of these parameters. Table 2-2 lists the parameters you need for quick configuration and provides space for you to record the values you enter. Write those values here now to save time as you enter data.
Table 2-2 Quick Configuration Parameters
You must use the console for the first part of quick configurationsetting the system time and date, and configuring the private Ethernet interface, as described in the following steps. Then you can use the HTML-based VPN Concentrator Manager from a browser to complete quick configuration. Refer to the data you recorded in Table 2-2 .
Step 2 At the cursor, enter the default login name: admin. At the password prompt, enter the default password: admin.
Step 3 The system displays the opening message and prompts you to set the time on the VPN Concentrator. The correct time is very important, so that logging and accounting entries are accurate, and so that the system can create a valid security certificate. The time in brackets is the current device time.
At the cursor, enter the correct device time in the format HH:MM:SS, using 24-hour notation. For example, enter 4:24 p.m. as 16:24:00.
Step 4 The system prompts you to set the date. The number in brackets is the current device date.
At the cursor, enter the correct date in the format MM/DD/YYYY. Use four digits to enter the year. For example, enter June 12, 2001 as 06/12/2001.
Step 5 The system prompts you to set the time zone. The time zone selections are offsets in hours relative to GMT (Greenwich Mean Time), which is the basis for Internet time synchronization. The number in brackets is the current time zone offset.
At the cursor, enter the time zone offset in the format +/-NN. For example, enter -5 for U.S. Eastern Standard Time.
Step 6 The system prompts you with a menu to enable DST (Daylight-Saving Time) support. During DST, clocks are set one hour ahead of standard time. Enabling DST support means that the VPN Concentrator automatically adjusts the time zone for DST or standard time. If your system is in a time zone that uses DST, you must enable DST support.
At the cursor, enter 2 to disable DST support, or enter 1 to enable DST support.
Step 7 The system prompts you to enter an IP address for Ethernet 1, which is the VPN Concentrator interface to your private network (internal LAN). Be sure no other device is using this address on your private network. You must enter this address to continue quick configuration.
At the cursor, enter the IP address using dotted decimal notation; for example, 10.10.4.6.
Step 8 The system initializes its network subsystems, which takes a few seconds. It then prompts you for the subnet mask for the Ethernet 1 (Private) interface. The entry in brackets is the standard subnet mask for the IP address you just entered. For example, an IP address of 10.10.4.6 is a Class A address, and the standard subnet mask is 255.0.0.0.
At the cursor, enter the subnet mask appropriate for your private network addressing scheme, using dotted decimal notation; for example, 255.255.0.0. To accept the default, press Enter.
Step 9 The system prompts you with a menu to set the speed for the Ethernet 1 interface. You can let the VPN Concentrator automatically detect and set the appropriate speed (the default), or you can set fixed speeds of 10 or 100 Mbps (for 10BASE-T or 100BASE-T networks). If you accept the default, be sure that the port on the active network device (hub, switch, or router) to which you connect this interface is also set to automatically negotiate the speed. Otherwise, select the appropriate fixed speed.
At the cursor, enter the menu number for your selection; for example, 1. To accept the default (3), press Enter.
Step 10 The system prompts you with a menu to set the transmission mode for the Ethernet 1 interface. You can let the VPN Concentrator automatically detect and set the appropriate mode (the default), or you can configure the interface for full duplex (transmission in both directions at the same time) or half duplex (transmission in only one direction at a time). If you accept the default, be sure that the port on the active network device (hub, switch, or router) to which you connect this interface is also set to automatically negotiate the transmission mode. Otherwise, select the appropriate fixed mode.
At the cursor, enter the menu number for your selection; for example, 2. To accept the default (1), press Enter.
Step 11 The system prompts you to enter a value for the maximum transmission unit (packet size) for this interface. Either accept the default value, 1500 bytes or specify a value in the range 68 to 1500. The standard MTU for Ethernet is 1500 bytes.
Step 12 The system now has enough information so that you can exit the CLI and continue configuring with a browser. the system displays one of the following menus, depending on the model of the Concentrator being configured:
Model 3005 menu Model 3015-3080 menuFirst, we recommend that you save your entries to the configuration file. At the cursor, enter the number for Save changes to Config file. The system redisplays the same menu.
Step 13 We assume you chose Exit. The system displays:
Continue quick configuration with the VPN Concentrator Manager in Chapter 3.
Posted: Fri Apr 18 16:51:35 PDT 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.