cc/td/doc/product/vpn/vpn3000/4_0
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Using the VPN Concentrator Manager for
Quick Configuration

Logging in to the VPN Concentrator Manager
Starting Quick Configuration
Configuring IP Interfaces
Configuring System Information
Configuring Tunneling Protocols and Options
Configuring Address Assignment
Configuring Authentication
Configuring the Internal Server User Database
Configuring the IPSec Group
Changing Admin Password
Finishing Quick Configuration
Saving the Active Configuration
What Next?
Using Other VPN Concentrator Manager Functions
Understanding the VPN Concentrator Manager Window

Using the VPN Concentrator Manager for
Quick Configuration


This chapter tells you how to complete quick configuration of the system using the VPN Concentrator Manager.

Quick configuration supplies the minimal parameters needed to make the VPN Concentrator operational, while the Main menu lets you configure all the features of the VPN 3000 Concentrator. For example, a configured remote user with a PC and modem can use Microsoft PPTP (point-to-point tunneling protocol) and a local ISP to connect securely—in a VPN tunnel through the Internet—with resources on a private, internal corporate network.

The VPN Concentrator Manager is an HTML-based configuration, administration, and monitoring system built into the VPN Concentrator. To use it, you need only to connect to the VPN Concentrator using a PC and browser on the same private network with the VPN Concentrator.

Before beginning the procedures in this section, you should have completed Steps 1 through 12 under Using the Console. As you proceed, refer to the data you recorded in the table of Quick Configuration Parameters.

The figures that follow show only the main frame of the Manager window. To use features in the other frames, see Understanding the VPN Concentrator Manager Window.


Note   You can go through the steps of quick configuration only once, unless you reboot the system with the Reboot ignoring the configuration file option.

Logging in to the VPN Concentrator Manager

To access and log in to the VPN Concentrator Manager, follow these steps:


Step 1   Start the browser. See Browser Requirements. We recommend Microsoft Internet Explorer for best results. Maximize the browser window for easiest reading.

Step 2   With the browser, connect to the IP address of the VPN Concentrator on your private network (the address you entered in Step 7 under Using the Console). You can just enter the IP address (for example, 10.10.4.6) in the Address or Location field. The browser displays the login screen.


Figure 3-1   VPN Concentrator Manager Login Screen


Step 3   Log in. Entries are case-sensitive, so type them exactly as shown. With Microsoft Internet Explorer, you can press the Tab key to move from field to field; with other browsers, you might have to change fields with the mouse. If you make a mistake, click Clear and start over.

    a. Click in the Login field and type admin. (Do not press Enter.)

    b. Click in the Password field and type admin. (The field shows *****.)

    c. Click Login.



Starting Quick Configuration

The VPN Concentrator Manager displays the initial configuration screen (see Figure 3-2 ).


Figure 3-2   VPN Concentrator Manager Initial Configuration Screen


To start quick configuration, click the highlighted link that says click here to start Quick Configuration.


Note   This screen appears only once—and you can go through the steps of quick configuration only once—unless you reboot the system with the Reboot ignoring the configuration file option. You cannot return to this screen if you click the highlighted link that says click here to go to the Main Menu.

Text entries are case-sensitive; for example, admin and ADMIN are different passwords.

After you make an entry in a field, do not press Enter. Just move the cursor from field to field. With Microsoft Internet Explorer, you can press Tab to move from field to field; other browsers may work differently.

On any screen where it appears, click Back to return to the previous screen.

Configuration entries take effect as soon as you click Apply or Continue, and they constitute the active or running configuration. To save the active configuration and make it the boot configuration, click the Save Needed icon on the Manager toolbar in the top frame of the browser window. To remind you to save your settings, the icon changes from Save to Save Needed as soon as the active configuration differs from the boot configuration.

If you make a mistake and see an Error screen with the message, "An error has occurred while attempting to perform the operation," and you return to the screen where you were working, carefully check all your previous entries on that screen. The Manager attempts to retain valid entries, but invalid entries are lost. See "Troubleshooting and System Errors" for more details.


Caution   Do not use the browser navigation toolbar buttons Back, Forward, or Refresh / Reload with the VPN Concentrator Manager unless instructed to do so. To protect access security, clicking Refresh / Reload automatically logs out the Manager session. Clicking Back or Forward might display stale Manager screens with incorrect data or settings. To prevent mistakes while using the VPN Concentrator Manager, we recommend that you hide the browser navigation toolbar.

Configuring IP Interfaces

The Manager displays the Configuration | Quick | IP Interfaces screen appropriate to the model you are configuring.


Figure 3-3   Configuration | Quick | IP Interfaces Screen Model 3005


Models 3015 through 3080


This screen lets you configure the VPN Concentrator Ethernet interfaces.

Model 3005 comes with two Ethernet interfaces. Models 3015-3080 come with three Ethernet interfaces.

For the VPN Concentrator to become fully operational, you must configure the two interfaces you physically connected to your network under Connecting Network Cables.

The screen displays the current configuration settings. You entered the IP address and subnet mask for Ethernet 1 in Step 7 and Step 8 under Using the Console. We assume that is the interface you are using to connect to the device and configure it.


Caution   If you modify any parameters of the interface that you are currently using to connect to the VPN Concentrator, you will break the connection, and you will have to restart the Manager and quick configuration from the login screen.


Step 1   To enter or modify parameters for an interface, click on the interface and continue, using the directions in the following section.

If you are not modifying an interface, click Continue to proceed, and skip to Configuring Tunneling Protocols and Options.



Modifying Ethernet Interface Configuration Parameters

When you click on an Ethernet interface, the Manager displays the Configuration | Quick | IP Interfaces | Ethernet 1 2 3 screen for the interface you selected (see Figure 3-4 ).


Figure 3-4   Configuration | Quick | IP Interfaces | Ethernet 1 2 3 Screen


The screen displays the current parameters, if any, for an Ethernet interface. If you are modifying Ethernet 1, the Manager also displays a caution message. To configure parameters for an Ethernet interface, follow these steps:


Step 1   Choose one of the following options:

Step 2   To make this interface a public interface, check the Public Interface check box. A public interface is an interface to a public network, such as the Internet. You should designate only one VPN Concentrator interface as a public interface.

Step 3   The MAC Address is the unique hardware MAC (Medium Access Control) address for this interface, in 6-byte hexadecimal notation. The screen shows this address only after you first configure an interface, and you cannot change it.

Step 4   In the Filter field, click the drop-down menu button and select the filter that applies to this interface. The filter rules govern the handling of data packets through this interface—whether to forward or drop, according to configured criteria. You can customize filters under regular system configuration on the Configuration | Policy Management | Traffic Management screens. Cisco supplies the following default filters with the VPN Concentrator:

Step 5   In the Speed field, click the drop-down menu button and select the interface speed:

Step 6   In the Duplex field, click the drop-down menu button and select one of the following interface transmission modes:

Step 7   The MTU value you entered via the CLI displays in the MTU field. You do not need to edit it.

Step 8   Click Apply to apply your choices to the interface. Click Cancel to discard your choices.

The Manager returns to the Configuration | Quick | IP Interfaces screen. If you have entered new parameters for an interface, the screen displays your entries.

Step 9   If you want to modify another Ethernet interface, click on the interface and continue.

If you do not want to modify another interface, click Continue to proceed, and skip to Configuring System Information.



Configuring System Information

The Manager displays the Configuration | Quick | System Info screen.


Figure 3-5   Configuration | Quick | System Info Screen


To configure basic information that identifies your VPN Concentrator on the network, refer to the data you recorded in Table 2-2 as you follow these steps:


Step 1   In the System Name field, enter a name (such as VPN01) for the VPN Concentrator. This name must uniquely identify this device on your network.

The system name you entered earlier appears in the System Name field. If no system name appears, enter a name (such as VPN01) for the VPN Concentrator. This name must uniquely identify this device on your network.

Step 2   You previously set the time and date on the VPN Concentrator under Using the Console, but you can change them here if you want. The screen shows the current date and time on the device. The values shown in the New Time fields are the time on the browser PC, but any entries you make apply to the VPN Concentrator.

In the appropriate fields, make any changes. The fields are, in order: Hour : Minute : Second   Month / Day / Year   Time Zone. Click the drop-down menu buttons to select Month and Time Zone. The time zone selections are offsets in hours relative to Greenwich Mean Time (GMT), which is the basis for Internet time synchronization. Enter the Year as a four-digit number.

To Enable DST Support, check the box. During DST (Daylight-Saving Time), clocks are set one hour ahead of standard time. Enabling DST support means that the VPN Concentrator automatically adjusts the time zone for DST or standard time. If your system is in a time zone that uses DST, you must enable DST support.

Step 3   In the DNS Server field, enter the IP address of your local DNS (Domain Name System) server, using dotted decimal notation (for example, 10.10.0.11).

Specifying a DNS server lets you enter Internet hostnames (for example, mail01) rather than IP addresses for servers as you configure and manage the VPN Concentrator. While hostnames are easier to remember, using IP addresses avoids problems that might arise with the DNS server offline, congested, or similarly indisposed.

Step 4   In the Domain field, enter the registered domain in which the VPN Concentrator is located (for example, cisco.com), sometimes called the domain name suffix or subdomain.

Step 5   In the Default Gateway field, enter the IP address or hostname of the system to which the VPN Concentrator should route packets that are not explicitly routed. In other words, if the VPN Concentrator has no IP routing parameters (such as RIP, OSPF, or static routes) that specify where to send packets, it will send them to this gateway. (When you first start the VPN Concentrator, it has no IP routing configuration parameters.) This address must not be the same as the IP address configured on any VPN Concentrator interface. To specify no default gateway, leave the field at 0.0.0.0, which means the VPN Concentrator drops unrouted packets.

You can configure IP routing with regular system configuration. For RIP and interface-specific OSPF, see the Configuration | Interfaces screens. For global OSPF and static routes, see the Configuration | System | IP Routing screens. See the VPN 3000 Series Concentrator Reference Volume I: Configuration for more information.

Step 6   Click Continue to proceed.



Configuring Tunneling Protocols and Options

The Manager displays the Configuration | Quick | Protocols screen.


Figure 3-6   Configuration | Quick | Protocols Screen


You must enable at least one of these protocols for the device to function as a VPN device. PPTP and L2TP are popular with Microsoft Windows-based clients, and the VPN 3000 Client uses IPSec. To enable, disable, and configure virtual private network tunneling protocols and encryption options on the VPN Concentrator, follow these steps:


Step 1   Check PPTP to enable Point-to-Point Tunneling Protocol. (This box is checked by default.)

Step 2   If you enable PPTP, click one of the radio buttons to select the encryption option:

Step 3   Check L2TP to enable Layer 2 Tunneling Protocol. (This box is checked by default.)

Step 4   If you enable L2TP, click one of the radio buttons to select the encryption option:

Step 5   Check IPSec to enable remote-access user connections using Internet Protocol Security protocol. (This box is checked by default.) This option supports only remote-access IPSec connections from the VPN 3000 Client or a similar protocol-compliant client. To configure IPSec LAN-to-LAN connections, see Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN under regular system configuration.

Step 6   Click Continue to proceed.



If you enable none of the protocols, skip to the section on Changing Admin Password.

If you enable at least one protocol, continue to the next section.

Configuring Address Assignment

The Manager displays the Configuration | Quick | Address Assignment screen. This screen appears only when you enable at least one tunneling protocol.


Figure 3-7   Configuration | Quick | Address Assignment Screen


You can select prioritized methods for assigning IP addresses to clients as a tunnel is established. The methods are tried in the order listed. You must select at least one method. You can select any and all methods. There are no default methods.

To select a method, follow these steps.


Step 1   Check Client Specified to enable this method, which lets the client specify its own IP address. Do not check only this box if you use IPSec, since IPSec does not allow client-specified IP addresses.

Step 2   Check Per User to enable this method, which assigns IP addresses on a per-user basis. If you use an authentication server that has IP addresses configured, we recommend using this method. You configure an authentication server on the next screen.

Step 3   Check DHCP (Dynamic Host Configuration Protocol) to enable this method, which uses a DHCP server to assign IP addresses.

Step 4   If you enable DHCP, enter the DHCP server hostname or IP address in the Specify Server field. (If you configured a DNS server, you can enter a hostname in this field; otherwise, enter an IP address.)

Step 5   Check Configured Pool to enable this method, which uses the VPN Concentrator to assign IP addresses from an internally configured pool.

Step 6   If you enable Configured Pool, enter the starting and ending IP addresses available in the initial pool, in the Range Start and Range End fields. Enter these addresses in dotted decimal notation; for example, 10.10.147.77.

Step 7   Click Continue to proceed.



Configuring Authentication

The Manager displays the Configuration | Quick | Authentication screen. This screen appears only when you enable at least one tunneling protocol.


Figure 3-8   Configuration | Quick | Authentication Screen, Internal Server


You can choose how to authenticate users. You can select the VPN Concentrator internal server or one of three external server types. You must select one server type. You can configure additional authentication servers on the Configuration | System | Servers | Authentication screen using regular system configuration.

Click the drop-down menu button and select the Server Type. The screen and its configurable fields change depending on the Server Type. Choose one of the following:

Before you configure an external server here, be sure that the external server you reference is itself properly configured and that you know how to access it (IP address or hostname, TCP/UDP port, secret/password, and so forth). The VPN Concentrator functions as the client of these servers.

Find your selected Server Type in the following sections and follow the configuration instructions there.

Internal Server Server Type

The VPN Concentrator internal authentication server lets you enter a maximum of 100 groups and users (combined) in its database, which is adequate for a small user base. For larger numbers of users, we recommend using a RADIUS authentication server. See the Configuration | User Management screens under regular System Configuration.

The internal server has no configurable parameters.

Click Continue to proceed.

Skip to the section Configuring the Internal Server User Database.

RADIUS Server Type

External RADIUS servers can return group and user authentication parameters that match those on the VPN Concentrator; other authentication servers do not. The VPN 3000 software CD-ROM includes a link that customers with CCO logins can use to access an evaluation copy of the CiscoSecure ACS RADIUS authentication server. The VPN 3000 software CD-ROM also has current VPN 3000 VSA registry files that let customers load new supported attributes on their ACS server, and provides instructions for using them.


Figure 3-9   Configuration | Quick | Authentication Screen, RADIUS Server


We suggest you accept the default values. To configure these parameters for a RADIUS (Remote Authentication Dial-In User Service) authentication server, follow these steps:


Step 1   In the Authentication Server field, enter the hostname or IP address of the external RADIUS server. Maximum 32 characters. (If you configured a DNS server, you can enter a hostname in this field; otherwise, enter an IP address.)

Step 2   In the Server Port field, enter the UDP port number by which you access the server. Enter 0 to have the system supply the default port number, 1645.

Step 3   In the Timeout field, enter the time in seconds to wait after sending a query to the server and receiving no response, before trying again. Minimum is 1 second, default is 4 seconds, maximum is 30 seconds.

Step 4   In the Retries field, enter the number of times to retry sending a query to the server after the timeout period. If there is still no response after this number of retries, the VPN Concentrator declares this server inoperative. Minimum is 0, default is 2, maximum is 10 retries.

Step 5   In the Server Secret field, enter the RADIUS server secret (also called the shared secret); for example, C8z077f. The maximum is 64 characters. The field shows only asterisks.

Step 6   In the Verify field, re-enter the RADIUS server secret to verify it. The field shows only asterisks.

Step 7   Click Continue to proceed.



If you selected the IPSec tunneling protocol, skip to the section Configuring the IPSec Group. Otherwise, skip to the section Changing Admin Password.

NT Domain Server Type

Configure these parameters for an external Windows NT Domain authentication server. We suggest you accept the default values. (See Figure 3-10.)


Figure 3-10   Configuration | Quick | Authentication Screen, NT Domain Server


To configure the parameters for the NT authentication server, follow these steps:


Step 1   In the Authentication Server Address field, enter the IP address of the NT Domain authentication server; for example, 192.168.12.34. Use dotted decimal notation.

Step 2   In the Server Port field, enter the TCP port number by which you access the server. Enter 0 (the default) to have the system supply the default port number, 139.

Step 3   In the Timeout field, enter the time in seconds to wait after sending a query to the server and receiving no response, before trying again. The minimum is 1 second, default is 4 seconds, maximum is 30 seconds.

Step 4   In the Retries field, enter the number of times to retry sending a query to the server after the timeout period. If there is still no response after this number of retries, the VPN Concentrator declares this server inoperative. The minimum is 0, default is 2, maximum is 10 retries.

Step 5   In the Domain Controller Name field, enter the NT Primary Domain Controller hostname for this server; for example, PDC01.The maximum is 16 characters. You must enter this name, and it must be the correct hostname for the server whose IP address you entered in Authentication Server Address above; if it is incorrect, authentication will fail.

Step 6   Click Continue to proceed.



If you selected the IPSec tunneling protocol, skip to the section Configuring the IPSec Group. Otherwise, skip to the section Changing Admin Password.

SDI Server Type

Configure these parameters for an external SDI (RSA Security Inc. SecurID) authentication server. We suggest you accept the defaults.


Figure 3-11   Configuration | Quick | Authentication Screen, SDI Server


To configure the parameters for the SDI authentication server, follow these steps:


Step 1   In the Authentication Server field, enter the hostname or IP address of the external SDI server. The maximum is 32 characters. (If you configured a DNS server, you can enter a hostname in this field; otherwise, enter an IP address.)

Step 2   In the Server Port field, enter the UDP port number by which you access the server. Enter 0 (the default) to have the system supply the default port number, 5500.

Step 3   In the Timeout field, enter the time in seconds to wait after sending a query to the server and receiving no response, before trying again. The minimum is 1 second, default is 4 seconds, maximum is 30 seconds.

Step 4   In the Retries field, enter the number of times to retry sending a query to the server after the timeout period. If there is still no response after this number of retries, the VPN Concentrator declares this server inoperative. The minimum is 0, default is 2, maximum is 10 retries.

Step 5   Click Continue to proceed.



If you selected the IPSec tunneling protocol, skip to the section Configuring the IPSec Group. Otherwise, skip to the section Changing Admin Password.

Kerberos/Active Directory Server Type

Configure these parameters for an external Windows/Active Directory server or a UNIX/Lynx Kerberos server.


Figure 3-12   Configuration | Quick | Authentication Screen, Kerberos/Active Directory Server


To configure the parameters for the Kerberos/Active Directory server, follow these steps:


Step 1   In the Authentication Server field, enter the hostname or IP address of the external Kerberos/Active Directory authentication server.

Step 2   In the Server Port field, enter the TCP port number by which you access the server. Enter 0 (the default) to have the system supply the default port number, 88.

Step 3   In the Timeout field, enter the time in seconds to wait, after sending a query to the server and receiving no response, before trying again. The minimum time is 1 second. The default time is 4 seconds. The maximum time is 30 seconds.

Step 4   In the Retries field, enter the number of times to retry sending a query to the server after the timeout period. If there is still no response after this number of retries, the VPN Concentrator declares this server inoperative and uses the next Kerberos/Active Directory authentication server in the list. The minimum number of retries is 0. The default number of retries is 2. The maximum number of retries is 10.

Step 5   In the Realm field, enter the realm name for this server, for example: USDOMAIN.ACME.COM. You must enter this name, and it must be the correct realm name for the server for which you entered the IP address in Authentication Server. If it is incorrect, authentication will fail.

The following types of servers require that you enter the realm name in all uppercase letters: Windows 2000, Windows XP, and Windows .NET. For these types of servers, if the letters are not uppercase, authentication will fail.



If you selected the IPSec tunneling protocol, skip to the section Configuring the IPSec Group. Otherwise, skip to the section Changing Admin Password.

Configuring the Internal Server User Database

The Manager displays the Configuration | Quick | User Database screen. This screen displays only when you select the internal authentication server.


Figure 3-13   Configuration | Quick | User Database Screen


This screen lets you add and remove users in the internal authentication server database. When you first do quick configuration, the Current Users list is empty. To use the internal server, you must add at least one user to the database. As you add or remove users, the system updates and refreshes the screen with the appropriate entries in the Current Users list.

You can change user parameters on the regular Configuration | User Management | Users screens, but on this quick configuration screen, you can only add and remove users. Follow these steps to add or remove a user:


Step 1   Under User to Add:

    a. Type a unique name in the User Name field. Maximum is 32 characters, case-sensitive. To be authenticated, the user must log in from the client using this name.

    b. Move to the Password field and type the password. The password must be at least 8 characters long; maximum is 32 characters, case-sensitive. The field shows only asterisks. To be authenticated, the user must log in from the client using this password. Each user name / password combination must be unique.

    c. Move to the Verify field and retype the password. The field shows only asterisks.

    d. If you selected per-user address assignment:

Step 2   Click << Add.

Step 3   Repeat Steps 1 and 2 for each user. The screen refreshes each time you add a user.

Step 4   To remove a user, select the user in the Current Users list and click Remove >>. The screen refreshes each time you remove a user. There is no confirmation or undo; to reinstate a user, enter the data in Step 1.

Step 5   When you have finished entering users, click Continue to proceed.



If you selected the IPSec tunneling protocol, proceed to the section "Configuring the IPSec Group" below. Otherwise, skip to the section Changing Admin Password.

Configuring the IPSec Group

The Manager displays the Configuration | Quick | IPSec Group screen. This screen appears only when you select the IPSec tunneling protocol, and you must configure these parameters to complete quick configuration.

The remote-access IPSec client connects to the VPN Concentrator using this group name and password, which are automatically configured on the internal authentication server. This is the IPSec group that creates the tunnel. Users then log in, and are authenticated, through their usernames and passwords. (See Figure 3-14.)


Figure 3-14   Configuration | Quick | IPSec Group Screen



Step 1   In the Group Name field, enter a unique name for this group. The maximum field length is 32 characters. Entries are case-sensitive.

Step 2   In the Password field, enter a unique password for this group. The minimum field length is 4 characters. The maximum length is 32 characters. Entries are case-sensitive. The field displays only asterisks.

Step 3   In the Verify field, reenter the group password to verify it. The field displays only asterisks.

Step 4   Click Continue to proceed. You must configure these parameters before you can proceed.



Changing Admin Password

The Manager displays the Configuration | Quick | Admin Password screen.


Figure 3-15   Configuration | Quick | Admin Password Screen


This screen lets you change the password for the admin administrator user. For ease of use during startup, the default admin password supplied with the VPN Concentrator is also admin. Since the admin user has full access to all management and administration functions on the device, we strongly recommend you change this password to improve device security. You can further configure all administrator users on the regular Administration | Access Rights | Administrators Manager screen.

To change the password for the admin administrator user, follow these steps:


Step 1   In the Password field, enter a new password. For maximum security, the password should be at least 8 characters long, a mixture of upper- and lower-case alphabetic and numeric characters, and not easily guessed; for example, W8j9Haq3. (The field shows only asterisks.)

Step 2   In the Verify field, re-enter the new password to verify it.

Step 3   Click Continue to proceed.



Finishing Quick Configuration

The Manager displays the Configuration | Quick | Done screen.


Figure 3-16   Configuration | Quick | Done Screen


You have finished quick configuration, and your entries constitute the active or running configuration. The VPN Concentrator now has enough information, and it is operational. For example, a configured remote user with a PC and modem can use Microsoft PPTP and a local ISP to connect securely—in a VPN tunnel through the Internet—with resources on a private, internal corporate network.

We strongly recommend that you save the active configuration before you proceed.

Saving the Active Configuration

As you make configuration entries, they take effect immediately and are included in the active, or running, configuration. However, if you reboot the VPN Concentrator without saving the active configuration, any configuration changes are lost.

To remind you to save your settings, the Save icon on the Manager toolbar at the top of the Manager screen changes to Save Needed as soon as the active configuration differs from the boot configuration. Click either icon to save the active configuration as the boot configuration. A pop-up window displays a status message.


Figure 3-17   Save Configuration Window


Click OK to close the window. Should you need to restart the VPN Concentrator, it will then boot with your configured parameters.

We strongly recommend that, as you configure the VPN Concentrator, you make it a habit to click Save Needed whenever you finish setting parameters on a Manager screen.

What Next?

Now that the VPN Concentrator is operational, you can proceed to the following functions:

Using Other VPN Concentrator Manager Functions

To use other VPN Concentrator Manager functions, listed below, click the topic in the left frame of the Manager window or on the Manager toolbar in the top frame of the Manager window.

For details on the frames, functions, and icons in the Manager window, see the following section, "Understanding the VPN Concentrator Manager Window".

For details on the VPN Concentrator hardware, all the functions available in the VPN Concentrator Manager, or using the CLI, see the VPN 3000 Concentrator Series User Guide.

Understanding the VPN Concentrator Manager Window

The VPN Concentrator Manager window on your browser consists of three frames—top, left, and main—and it provides helpful messages and tips as you move the mouse pointer over window items. The title bar and status bar also provide useful information.


Figure 3-18   VPN Concentrator Manager Window


Title bar

The title bar at the top of the browser window includes the VPN Concentrator device name or IP address in brackets, for example, [10.10.4.6].

Status bar

The status bar at the bottom of the browser window displays Manager activity and explanatory messages for some items.

Mouse pointer and tips

As you move the mouse pointer over an active area, the pointer changes shape and icons change color. A description also appears in the status bar area. If you momentarily rest the pointer on an icon, a descriptive tip appears for that icon.

Top frame
(Manager toolbar)

The Manager toolbar in the top frame provides quick access to Manager features. These include the following icons:


Click on the Main tab to go to the main Manager screen, and to close all subordinate sections and titles in the left frame.


Click on the Help tab to open context-sensitive online help. Help opens in a separate browser window that yo can move or resize as you want. Close the help window when you are finished.


Click on the Support tab to open a Manager screen with links to Cisco support and documentation resources.


Click on the Logout tab to log out of the Manager and return to the login screen.

Logged in: [username]

The administrator username you used to log in to this Manager session.


Click on the Configuration tab to go to the main Configuration screen, to open the first level of subordinate Configuration pages in the left frame if they are not already open, and to close any open Administration or Monitoring pages in the left frame.


Click on the Administration tab to go to the main Administration screen, to open the first level of subordinate Administration pages in the left frame if they are not already open, and to close any open Configuration or Monitoring pages in the left frame.


Click on the Monitoring tab to go to the main Monitoring screen, to open the first level of subordinate Monitoring pages in the left frame if they are not already open, and to close any open Configuration or Administration pages in the left frame.

Save

Click on the Save icon to save the active configuration and make it the boot configuration. In this state, the reminder indicates that the active configuration is the same as the boot configuration, but you can save it anyway. When you change the configuration, the reminder changes to Save Needed.

Save Needed

This reminder indicates that yo have changed the active configuration. Click on the Save Needed icon to save the active configuration and make it the boot configuration. As you make configuration entries, they take effect immediately and are included in the active, or running, configuration. However, if you reboot the VPN Concentrator without saving the active configuration, and configuration changes are lost. Clicking on this reminder saves the active configuration as the boot configuration and restores the Save reminder.

Refresh

Click on the Refresh icon to refresh (update) the screen contents on screens where it appears (mostly in the Monitoring section). The date and time above this reminder indicate when the screen was last updated.

Reset

Click on the Reset icon to reset, or start anew, the screen contents on screens where it appears (mostly in the Monitoring section).

Restore

Click on the Restore icon to restore the screen contents to their status prior to when you last clicked the Reset icon.


Click on the Cisco Systems logo to open a browser and go to the Cisco.com web site, www.cisco.com

Left frame
(Table of Contents)

On Manager screens, the left frame provides a table of contents. The table of contents uses the familiar Windows Explorer metaphor of collapsed and expanded entries.

Main section titles (Configuration, Administration, Monitoring

Click on a title to open subordinate sections and titles, and to go to that Manager screen in the main frame.

Closed or collapsed

Click on the closed/collapsed icon to open subordinate sections and titles. Clicking on this icon does not change the screen in the main frame.

Open or expanded

Click on the open/expanded icon to close subordinate sections and titles. Clicking on this icon does not change the screen in the main frame.

Main frame
(Manager screen)

The main frame displays the current VPN Concentrator Manager screen.

Many screens include a bullet list of links and descriptions of subordinate sections and titles. you can click on a link to go to that Manager screen, and open subordinate sections and titles in the table of contents.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Fri Apr 18 16:51:28 PDT 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.