Table of Contents

Numerics
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
Q
R
S
T
U
V
W
X

Index

Numerics

3DES-168/SHA SSL encryption algorithm     8-11

3DES-168 SSH encryption algorithm     8-14

A

accessing the CLI     14-1

access rights

administration     12-9

default Monitor administrator (CLI)     14-6

access settings, general, for administrators     12-11

add

event class     9-10

SNMP community     8-8

SNMP event destination     9-13

static route for IP routing     7-3

syslog server to receive events     9-16

Address Resolution Protocol (ARP) mapping table     13-51

administering the VPN 3002     12-1

administrators

access rights     12-9

access settings, general     12-11

configuring     12-9

parameters saved in nonvolatile memory     12-10

password     12-10

predefined     12-10

properties and rights, changing     12-9

session idle timeout     12-11

ARP table     13-51

authentication

client, SSL (HTTPS only)     8-11

using digital certificates     12-16

B

Back and Home CLI choices     14-5

back panel display (monitoring)     13-11

backup configuration file

swapping     12-13

use in troubleshooting     A-2

backup server list     6-4

backup servers

configuring     6-3

DNS and WINS servers     6-4

overview     6-4

Bad IP Address (error)     A-10

bidirectional tunnel endpoint     6-1

bootcode

version and filename     13-9

boot configuration file, swapping     12-13

browser

Back or Forward button displays incorrect screen or incorrect data     A-7

clear cache after software update     12-4

installing SSL certificate     1-3

navigation toolbar, don't use with Manager     1-2

requirements     1-1

built-in servers, configuring See management protocols     8-1

C

CA (Certificate Authority)

definition     12-16

CA certificates

definition     12-16

installing     12-44

cancelling an enrollment request     12-60

certificate

PEM-encoded     12-28

Certificate Authority (CA)

definition     12-16

certificate management     12-16

certificate request

fields     12-20

certificates

See also digital certificates

changing administrator properties and rights     12-9

Cisco.com website     xiv

clear event log     13-5

CLI

accessing     14-1

via console     14-1

via Telnet     14-2

Back and Home choices     14-5

choosing a menu item     14-3

configuration menu     14-7

entering values     14-3

errors     A-10

help command     14-5

main menu     14-2, 14-7

menu reference     14-7

navigating with shortcut numbers     14-4

prompt contains menu context     14-3

saving configuration file     14-6

shortcut numbers     14-4

starting     14-2

stopping     14-6

using     14-1, 14-3

client authentication, SSL (HTTPS only)     8-11

client mode

definition     11-1

effect on backup server connection     6-5

See also PAT mode

Command Line Interface

See CLI

concentrator settings

required for Network Extension mode     11-3

required for PAT     11-2

CONFIG.BAK file

See backup configuration file

use in troubleshooting     A-2

configuration

quick     2-1

system     4-1

VPN 3002 Hardware Client Manager     2-1

configuration files

automatic backup with file upload     12-14

changes with software update     12-2

handling at reboot or shutdown     12-6

handling during file upload     12-14

managing and viewing     12-12

saving with CLI     14-6

swap     12-13

useful for troubleshooting     A-2

configuration menu, CLI     14-7

configuring

administrative access to the VPN 3002     12-9

backup servers     6-3

default gateways for IP routing     7-4

interfaces     3-1

private interface     3-4

public interface     3-6

remote server     6-3

static routes for IP routing     7-2

VPN Concentrator with CLI     14-1

connecting to VPN Concentrator

using HTTP     1-2

using HTTPS     1-16

console, accessing CLI via     14-1

conventions

documentation     xv

typographic     xv

crash

dump file     A-1

crash, system

saves log file     A-1

CRSHDUMP.TXT file     A-1

D

data formats     xiii

data initiation

VPN 3002 and central-site concentrator     11-5

date and time, configuring     10-3

Daylight-Saving Time (DST), enabling     10-3

default

event handling, configuring     9-5

gateways, configuring for IP routing     7-4

Monitor administrator access rights (CLI)     14-6

delete

digital certificate     12-30, 12-57

enrollment request     12-61

DES-40/SHA Export SSL encryption algorithm     8-11

DES-56/SHA SSL encryption algorithm     8-11

DES-56 SSH encryption algorithm     8-14

DHCP     7-9

configuring parameters on VPN 3002     7-6

statistics     13-30

digital certificates

CA     12-16

definition     12-16

deleting     12-30, 12-57

enabling on the VPN 3002     12-29

enrolling     12-16, 12-22, 12-24, 12-37

expiration     12-17

fields     12-51

generating SSL     12-33

identity     12-16, 12-32

installing     12-16, 12-22, 12-24, 12-45

automatically via SCEP     12-17

manually     12-19

IPSec LAN-to-LAN     6-6

managing     12-16

PKCS-10 request     12-40

renewal     12-54

root     12-16

saving in Flash memory     12-16

SCEP-enabled     12-17

SSL     1-3, 12-16

troubleshooting     12-17

viewing and managing on VPN 3002     12-31

viewing details     12-50

X.509     12-16

disabling the public interface     3-6

display/PC monitor, recommended settings     1-2

DNS

backup server, configuring     6-4

servers, configuring     5-1

statistics     13-27

documentation

additional     xi

cautions     xii

conventions     xv

notes     xii

obtaining     xiii

Domain Name Servers See DNS

downloading

backup server list from a VPN Concentrator     6-5

event log to PC     13-5

Dynamic Host Configuration Protocol See DHCP

E

encryption algorithms

SSH     8-14

SSL     8-11

enrolling

certificates     12-37

digital certificates     12-16

identity certificates     12-20

identity certificate via SCEP     12-41

enrollment request

cancelling     12-60

creating     12-37

deleting     12-61

PKCS-10     12-24, 12-40

removing according to status     12-35

status table     12-35

time limit     12-17

viewing details     12-58

entering values with CLI     14-3

erasing the event log     13-5

error

an error has occurred ...     A-7

bad IP address     A-10

CLI     A-10

insufficient authorization     A-8

invalid login     A-5

Manager unexpectedly logs out     A-6

message displays     A-7

no such interface supported (IE)     A-9

not allowed     A-8

not found     A-9

out of range value     A-10

passwords do not match     A-10

session timeout     A-5

VPN 3002 Hardware Client Manager     A-5

Ethernet

interface

status and statistics     13-11

MIB-II statistics     13-53

event

class     9-1

configuring     9-5

configuring default handling     9-5

configuring for special handling

modify     9-10

configuring special handling     9-8

add     9-10

definition     9-1

severity level     9-3

trap destinations, configuring     9-12

event log

clear (erase)     13-5

definition     9-4

download to PC     13-5

format     9-6, 13-5

get     13-5

live     13-6

monitoring     13-3, 13-6

save     13-5

saved on system crash or reboot     A-1

saved on system failure or reboot     9-4

stored in nonvolatile memory     13-3

view     13-5

viewing     13-6

exiting from CLI     14-6

F

file management on VPN 3002     12-12

file upload to VPN 3002     12-2, 12-14

stopping     12-3, 12-14

filterable event log, monitoring     13-3

flash memory

corrupting     12-2, 12-5

managing files     12-12

temporary files in     12-14

format

data     xiii

event log     13-5

syslog     9-6

front panel display (monitoring)     13-11

G

gateways, default     7-4

general (default) event handling     9-5

general parameters, configuring     10-1

generating SSL server certificate     12-33

get event log     13-5

H

halting the VPN 3002     12-5

help, CLI     14-5

Home and Back CLI choices     14-5

host key

SSH     8-13

HTTP

configuring internal server     8-2

enabling     8-2

port number     8-3

statistics     13-22

using with Manager     1-2

HTTPS

configuring internal server     8-2

connecting using     1-16

definition     1-3

enabling     8-3

enabling on public interface for XML support     8-16

login screen     1-17

port number     8-3

I

ICMP

MIB-II statistics     13-48

PING     12-7

identification, configuring     10-2

identifying servers to the VPN 3002     5-1

identity certificates

definition     12-16

enrolling     12-20, 12-37

installed on the VPN 3002     12-32

installing     12-20

maximum allowed     12-16

idle timeout

administrator sessions     12-11

live event log overrides     13-6

IEEE standard 802.3, Ethernet networks     13-53

image, software

filenames     12-3

indicators, LED     A-2

individual user authentication

login screen     1-19

installing

CA certificates     12-44

automatic method (using SCEP)     12-17

manual method     12-19

digital certificates     12-16

enrolled certificates     12-45

identity certificates     12-20

identity certificates, automatic method     12-22, 12-24

SSL certificate

with Internet Explorer     1-4

with Netscape     1-9

Install SSL Certificate (screen)     1-4

interactive hardware client authentication

login screen     1-19

interfaces

configuring     3-1

Ethernet, configuring

transmission mode     3-5, 3-8

MIB-II statistics     13-40

private, configuring     3-4

public, configuring     3-6

public and private, definition     3-1

status     3-3

Internet Explorer, requirements     1-1

Invalid Login or Session Timeout (error)     A-5

IP MIB-II statistics     13-45

IP routing

configuring     7-1

IPSec

attributes configurable on the central-site concentrator     6-2

configuring     6-2

statistics     13-16

IPSec over TCP     6-5

requirements     6-6

ITU (International Telecommunication Union) standards     12-50

J

JavaScript, requirements     1-2

L

lease period, DHCP     7-6

LED indicators

table     A-2

live event log     13-6

Netscape requirements     13-6

log file

live event log     13-6

saving on system reboot     12-5

See also event log

logging in to the VPN Concentrator Manager     1-17

login

name, factory default (Manager)     1-17

password, factory default (Manager)     1-17

screen     1-3

HTTPS     1-17

HTTPS using Internet Explorer     1-8

HTTPS using Netscape     1-14

using CLI     14-2

using interactive hardware client authentication and individual user authentication     1-19

M

main menu, CLI     14-2, 14-7

management protocols, configuring     8-1

Manager table of contents     1-28

Manager unexpectedly logs out (error)     A-6

managing digital certificates on VPN 3002     12-31

managing VPN Concentrator with CLI     14-1

memory, SDRAM     13-9

menu

choosing a menu item in CLI     14-3

context in CLI prompt     14-3

menu reference, CLI     14-7

MIB-II

statistics     13-39

ARP table     13-51

Ethernet traffic     13-53

interfaces     13-40

IP traffic     13-45

SNMP     13-56

TCP/UDP     13-42

system object     10-2

Microsoft Internet Explorer script error message     A-9

model number, system     13-9

modifying

event class     9-10

SNMP community     8-8

SNMP event trap destination     9-13

static route, for IP routing     7-3

syslog server to receive events     9-16

monitoring statistics     13-1

N

NAT (Network Address Translation)

definition     11-1

navigating

the VPN 3002 Hardware Client Manager     1-28

Netscape Navigator, requirements     1-1

Network Address Translation See NAT

Network Extension mode     11-2

effect on backup server connection     6-5

required settings on VPN Concentrator     11-3

nonvolatile memory     12-10

event log stored in     13-3

No such interface supported (error)     A-9

Not Allowed (error)     A-8

Not Found (error)     A-9

O

options configurable only on central-site Concentrator     7-9

Out of Range value (error)     A-10

P

password

administrator     12-10

factory default (Manager)     1-17

Passwords do not match (error)     A-10

PAT mode

configuring     11-6

definition     11-1

enabling     11-6

many-to-one translation     11-6

required settings on VPN Concentrator     11-2

PC monitor/display, recommended settings     1-2

peer     6-2

PEM-encoded certificate     12-28

ping a host     12-7

PKCS-10

enrollment request     12-24, 12-40

policy management     11-1

Port Address Translation mode See PAT mode

port number

HTTP     8-3

HTTPS     8-3

SNMP     8-6

SSH     8-14

syslog server     9-16

Telnet     8-5

Telnet over SSL     8-5

power, turning off     12-5

PPPoE

statistics     13-36

PPP over Ethernet See PPPoE

prerequisites, system administrator     ix

preshared keys     6-6

private interface

configuring     3-4

definition     3-1

private keys, saving in Flash memory     12-16

public interface

configuring     3-6

definition     3-1

Public Key Certificate Syntax-10 See PKCS-10

Public Key Infrastructure (PKI)     6-6, 12-16

Q

Quick Configuration     2-1

R

RC4-128 SSH encryption algorithm     8-14

RC4-40/MD5 Export SSL encryption algorithm     8-11

reboot

handling configuration files     12-6

reloads the boot configuration file     12-13

saving log file     12-5, A-1

system     12-5

re-enrolling a certificate     12-54

re-keying a certificate     12-54

remote server

configuring     6-3

renewing a DHCP lease     7-6

renewing digital certificates     12-54

requirements

browser     1-1

Internet Explorer     1-1

IPSec over TCP     6-6

JavaScript     1-2

Netscape Navigator     1-1

RFC 1650, Ethernet interface MIB objects     13-53

RFC 1907, SNMP version 2 MIB objects     13-56

RFC 2011, ARP table entries     13-51

RFC 2011, IP and ICMP MIB objects     13-45, 13-48

RFC 2012,TCP MIB objects     13-42

RFC 2013, UDP MIB objects     13-42

RFC 2459     12-50

root CA certificate     12-16

routing table (monitoring)     13-2

RRC4-128/MD5 SSL encryption algorithm     8-11

RSA key, SSH     8-13

S

SAVELOG.TXT file     9-4, 12-5, A-1

saving

configuration file with CLI     14-6

event log     13-5

log file on system reboot     9-4, 12-5

SCEP

(Simple Certificate Enrollment Protocol), definition     12-16

enrolling an identity certificate     12-41

enrolling SSL certificate     12-42

installing CA certificates     12-17

installing identity certificates     12-22, 12-24

SCEP-enabled certificate     12-17

troubleshooting     12-17

screen

login, using HTTPS     1-17

SDRAM memory     13-9

secure connection

See also tunnel

tunnel     6-1

Secure Shell protocol See SSH

Secure Sockets Layer See SSL     12-16

Security Associations (SAs)     6-2

self-signed certificates

CA certificates     12-16

SSL     12-16

SSL certificate, generating     12-33

server identity certificates     12-32

server key, SSH     8-13

servers

backup, configuring     6-3

backup, overview     6-4

configuring system access     5-1

remote, configuring     6-3

session idle timeout

live event log overrides     13-6

session key

SSH     8-13

Session Timeout (error)     A-5

severity level, events     9-3

shutdown system     12-5

Simple Certificate Enrollment Protocol See SCEP

Simple Network Management Protocol See SNMP

SNMP

configuring internal server     8-6

enabling     8-6

event trap destinations, configuring     9-12

add     9-13

modify     9-13

MIB-II statistics     13-56

port number     8-6

traps, configuring "well-known"     9-8

traps, configuring for specific events     9-11

SNMP communities

adding     8-8

configuring     8-7

modifying     8-8

software image

filenames     12-3, 13-9

updating on VPN 3002

procedure     12-2

stopping an image update     12-3

version info     12-3, 13-9

split tunneling

client (PAT) mode     11-1

Network Extension mode     11-3

SSH

configuring internal server     8-13

enable     8-14

enabling on public interface for XML support     8-17

encryption algorithms     8-14

host key     8-13

port number     8-14

RSA key     8-13

server key     8-13

server key regeneration     8-14

session key     8-13

statistics     13-32

SSL

client authentication (HTTPS only)     8-11

configuring internal server     8-10

encryption algorithms     8-11

statistics     13-28

SSL certificate     8-10, 12-16

enrolling     12-37

enrolling via SCEP     12-42

generating     12-33

installing in browser     1-3

installing with Internet Explorer     1-4

installing with Netscape     1-9

obtaining     12-28

viewing with Internet Explorer     1-8

viewing with Netscape     1-14

VPN Concentrator     1-3

standards

IEEE standard 802.3, Ethernet networks     13-53

ITU     12-50

RFC 1650, Ethernet interface MIB objects     13-53

RFC 1907, SNMP version 2 MIB objects     13-56

RFC 2011, ARP table entries     13-51

RFC 2011, IP and ICMP MIB objects     13-45, 13-48

RFC 2012,TCP MIB objects     13-42

RFC 2013, UDP MIB objects     13-42

RFC 2459     12-50

X.509     12-50

X.520     12-50

starting the CLI     14-2

static routes

adding     7-3

configuring for IP routing     7-2

modifying     7-3

statistics

devices behind the VPN 3002 Hardware Client     13-14

DHCP     13-30

DNS     13-27

HTTP     13-22

IPSec     13-16

MIB-II     13-39

ARP table     13-51

Ethernet     13-53

ICMP     13-48

interfaces     13-40

IP traffic     13-45

SNMP     13-56

TCP/UDP     13-42

monitoring     13-1, 13-15

PPPoE     13-36

public/private Ethernet interface     13-11

SSH     13-32

SSL     13-28

Telnet     13-25

user status     13-14

stopping

CLI     14-6

file upload to VPN 3002     12-3, 12-14

the VPN 3002     12-5

subordinate CA certificate     12-16

superuser See administrators

swap configuration files     12-13

syslog format, events     9-6

syslog server

configuring for events

add     9-16

modify     9-16

port number     9-16

syslog servers, configuring for events     9-14

system configuration     4-1

system identification, configuring     10-2

system reboot     12-5

reloads the boot configuration file     12-13

saving the log file     12-5

system shutdown     12-5

handling configuration files     12-6

system status

monitoring     13-8

private/public interface     13-11

T

table of contents, Manager     1-28

TCP/UDP MIB-II statistics     13-42

technical assistance, obtaining     xiv

Technical Assistance Center (TAC) website     xv

Telnet

accessing CLI     14-2

configuring internal server     8-4

enabling     8-4

port number     8-5

statistics     13-25

Telnet over SSL

configuring internal server     8-4

port number     8-5

time and date, configuring     10-3

timeout, administrator     12-11

live event log overrides     13-6

time zone, configuring     10-3

traffic management, configuring     11-5

transmission mode, configuring Ethernet interface     3-5, 3-8

traps, configuring

"well-known"     9-8

destination systems     9-12, 9-13

general events     9-8

specific events     9-11

troubleshooting

crash dump file     A-1

event log     A-1

files created for     A-1

information in event log     9-4

information in the event log     13-3

using configuration files     A-2

tunnel

configuring protocols     6-2

endpoint     6-1

functional description     6-1

initiation     11-4

protocols     6-1

type (model number), system     13-9

typographic conventions     xv

U

UDP MIB-II traffic statistics     13-42

updating software on VPN 3002     12-2

upload files to VPN 3002     12-14

user status     13-14

using the CLI     14-3

using the VPN Concentrator Manager     1-1

V

viewing

digital certificate details     12-50

digital certificates on VPN 3002     12-31

enrollment request     12-58

event log     13-5

SSL certificates

with Internet Explorer     1-8

with Netscape     1-14

VPN 3002 status, sessions, statistics, and event logs     13-1

VPN 3002 Hardware Client Manager

errors     A-5

navigating     1-28

organization     1-27

window     1-23

VPN Concentrator Manager

logging in     1-17

using     1-1

W

WINS

backup server, configuring     6-4

X

X.509

digital certificates     12-16

standards     12-50

X.520 standards     12-50

XML

configuring     8-16

enabling     8-16

Posted: Wed Nov 20 10:52:15 PST 2002
Copyright 1989-2000©Cisco Systems Inc.