cc/td/doc/product/vpn/vpn3002/3_5
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Index

Index

Numerics

3DES-168/SHA SSL encryption algorithm     8-11

3DES-168 SSH encryption algorithm     8-14

A

accessing the CLI     14-1

access rights

administration     12-9
default Monitor administrator (CLI)     14-6
access settings, general, for administrators     12-11

add

event class     9-10
SNMP community     8-8
SNMP event destination     9-13
static route for IP routing     7-3
syslog server to receive events     9-16
Address Resolution Protocol (ARP) mapping table     13-51

administering the VPN 3002     12-1

administrators

access rights     12-9
access settings, general     12-11
configuring     12-9
parameters saved in nonvolatile memory     12-10
password     12-10
predefined     12-10
properties and rights, changing     12-9
session idle timeout     12-11
ARP table     13-51

authentication

client, SSL (HTTPS only)     8-11
using digital certificates     12-16

B

Back and Home CLI choices     14-5

back panel display (monitoring)     13-11

backup configuration file

swapping     12-13
use in troubleshooting     A-2
backup server list     6-4

backup servers

configuring     6-3
DNS and WINS servers     6-4
overview     6-4
Bad IP Address (error)     A-10

bidirectional tunnel endpoint     6-1

bootcode

version and filename     13-9
boot configuration file, swapping     12-13

browser

Back or Forward button displays incorrect screen or incorrect data     A-7
clear cache after software update     12-4
installing SSL certificate     1-3
navigation toolbar, don't use with Manager     1-2
requirements     1-1
built-in servers, configuring See management protocols     8-1

C

CA (Certificate Authority)

definition     12-16
CA certificates

definition     12-16
installing     12-44
cancelling an enrollment request     12-60

certificate

PEM-encoded     12-28
Certificate Authority (CA)

definition     12-16
certificate management     12-16

certificate request

fields     12-20
certificates

See also digital certificates
changing administrator properties and rights     12-9

Cisco.com website     xiv

clear event log     13-5

CLI

accessing     14-1
via console     14-1
via Telnet     14-2
Back and Home choices     14-5
choosing a menu item     14-3
configuration menu     14-7
entering values     14-3
errors     A-10
help command     14-5
main menu     14-2, 14-7
menu reference     14-7
navigating with shortcut numbers     14-4
prompt contains menu context     14-3
saving configuration file     14-6
shortcut numbers     14-4
starting     14-2
stopping     14-6
using     14-1, 14-3
client authentication, SSL (HTTPS only)     8-11

client mode

definition     11-1
effect on backup server connection     6-5
See also PAT mode
Command Line Interface

See CLI
concentrator settings

required for Network Extension mode     11-3
required for PAT     11-2
CONFIG.BAK file

See backup configuration file
use in troubleshooting     A-2
configuration

quick     2-1
system     4-1
VPN 3002 Hardware Client Manager     2-1
configuration files

automatic backup with file upload     12-14
changes with software update     12-2
handling at reboot or shutdown     12-6
handling during file upload     12-14
managing and viewing     12-12
saving with CLI     14-6
swap     12-13
useful for troubleshooting     A-2
configuration menu, CLI     14-7

configuring

administrative access to the VPN 3002     12-9
backup servers     6-3
default gateways for IP routing     7-4
interfaces     3-1
private interface     3-4
public interface     3-6
remote server     6-3
static routes for IP routing     7-2
VPN Concentrator with CLI     14-1
connecting to VPN Concentrator

using HTTP     1-2
using HTTPS     1-16
console, accessing CLI via     14-1

conventions

documentation     xv
typographic     xv
crash

dump file     A-1
crash, system

saves log file     A-1
CRSHDUMP.TXT file     A-1

D

data formats     xiii

data initiation

VPN 3002 and central-site concentrator     11-5
date and time, configuring     10-3

Daylight-Saving Time (DST), enabling     10-3

default

event handling, configuring     9-5
gateways, configuring for IP routing     7-4
Monitor administrator access rights (CLI)     14-6
delete

digital certificate     12-30, 12-57
enrollment request     12-61
DES-40/SHA Export SSL encryption algorithm     8-11

DES-56/SHA SSL encryption algorithm     8-11

DES-56 SSH encryption algorithm     8-14

DHCP     7-9

configuring parameters on VPN 3002     7-6
statistics     13-30
digital certificates

CA     12-16
definition     12-16
deleting     12-30, 12-57
enabling on the VPN 3002     12-29
enrolling     12-16, 12-22, 12-24, 12-37
expiration     12-17
fields     12-51
generating SSL     12-33
identity     12-16, 12-32
installing     12-16, 12-22, 12-24, 12-45
automatically via SCEP     12-17
manually     12-19
IPSec LAN-to-LAN     6-6
managing     12-16
PKCS-10 request     12-40
renewal     12-54
root     12-16
saving in Flash memory     12-16
SCEP-enabled     12-17
SSL     1-3, 12-16
troubleshooting     12-17
viewing and managing on VPN 3002     12-31
viewing details     12-50
X.509     12-16
disabling the public interface     3-6

display/PC monitor, recommended settings     1-2

DNS

backup server, configuring     6-4
servers, configuring     5-1
statistics     13-27
documentation

additional     xi
cautions     xii
conventions     xv
notes     xii
obtaining     xiii
Domain Name Servers See DNS

downloading

backup server list from a VPN Concentrator     6-5
event log to PC     13-5
Dynamic Host Configuration Protocol See DHCP

E

encryption algorithms

SSH     8-14
SSL     8-11
enrolling

certificates     12-37
digital certificates     12-16
identity certificates     12-20
identity certificate via SCEP     12-41
enrollment request

cancelling     12-60
creating     12-37
deleting     12-61
PKCS-10     12-24, 12-40
removing according to status     12-35
status table     12-35
time limit     12-17
viewing details     12-58
entering values with CLI     14-3

erasing the event log     13-5

error

an error has occurred ...     A-7
bad IP address     A-10
CLI     A-10
insufficient authorization     A-8
invalid login     A-5
Manager unexpectedly logs out     A-6
message displays     A-7
no such interface supported (IE)     A-9
not allowed     A-8
not found     A-9
out of range value     A-10
passwords do not match     A-10
session timeout     A-5
VPN 3002 Hardware Client Manager     A-5
Ethernet

interface
status and statistics     13-11
MIB-II statistics     13-53
event

class     9-1
configuring     9-5
configuring default handling     9-5
configuring for special handling
modify     9-10
configuring special handling     9-8
add     9-10
definition     9-1
severity level     9-3
trap destinations, configuring     9-12
event log

clear (erase)     13-5
definition     9-4
download to PC     13-5
format     9-6, 13-5
get     13-5
live     13-6
monitoring     13-3, 13-6
save     13-5
saved on system crash or reboot     A-1
saved on system failure or reboot     9-4
stored in nonvolatile memory     13-3
view     13-5
viewing     13-6
exiting from CLI     14-6

F

file management on VPN 3002     12-12

file upload to VPN 3002     12-2, 12-14

stopping     12-3, 12-14
filterable event log, monitoring     13-3

flash memory

corrupting     12-2, 12-5
managing files     12-12
temporary files in     12-14
format

data     xiii
event log     13-5
syslog     9-6
front panel display (monitoring)     13-11

G

gateways, default     7-4

general (default) event handling     9-5

general parameters, configuring     10-1

generating SSL server certificate     12-33

get event log     13-5

H

halting the VPN 3002     12-5

help, CLI     14-5

Home and Back CLI choices     14-5

host key

SSH     8-13
HTTP

configuring internal server     8-2
enabling     8-2
port number     8-3
statistics     13-22
using with Manager     1-2
HTTPS

configuring internal server     8-2
connecting using     1-16
definition     1-3
enabling     8-3
enabling on public interface for XML support     8-16
login screen     1-17
port number     8-3

I

ICMP

MIB-II statistics     13-48
PING     12-7
identification, configuring     10-2

identifying servers to the VPN 3002     5-1

identity certificates

definition     12-16
enrolling     12-20, 12-37
installed on the VPN 3002     12-32
installing     12-20
maximum allowed     12-16
idle timeout

administrator sessions     12-11
live event log overrides     13-6
IEEE standard 802.3, Ethernet networks     13-53

image, software

filenames     12-3
indicators, LED     A-2

individual user authentication

login screen     1-19
installing

CA certificates     12-44
automatic method (using SCEP)     12-17
manual method     12-19
digital certificates     12-16
enrolled certificates     12-45
identity certificates     12-20
identity certificates, automatic method     12-22, 12-24
SSL certificate
with Internet Explorer     1-4
with Netscape     1-9
Install SSL Certificate (screen)     1-4

interactive hardware client authentication

login screen     1-19
interfaces

configuring     3-1
Ethernet, configuring
transmission mode     3-5, 3-8
MIB-II statistics     13-40
private, configuring     3-4
public, configuring     3-6
public and private, definition     3-1
status     3-3
Internet Explorer, requirements     1-1

Invalid Login or Session Timeout (error)     A-5

IP MIB-II statistics     13-45

IP routing

configuring     7-1
IPSec

attributes configurable on the central-site concentrator     6-2
configuring     6-2
statistics     13-16
IPSec over TCP     6-5

requirements     6-6
ITU (International Telecommunication Union) standards     12-50

J

JavaScript, requirements     1-2

L

lease period, DHCP     7-6

LED indicators

table     A-2
live event log     13-6

Netscape requirements     13-6
log file

live event log     13-6
saving on system reboot     12-5
See also event log
logging in to the VPN Concentrator Manager     1-17

login

name, factory default (Manager)     1-17
password, factory default (Manager)     1-17
screen     1-3
HTTPS     1-17
HTTPS using Internet Explorer     1-8
HTTPS using Netscape     1-14
using CLI     14-2
using interactive hardware client authentication and individual user authentication     1-19

M

main menu, CLI     14-2, 14-7

management protocols, configuring     8-1

Manager table of contents     1-28

Manager unexpectedly logs out (error)     A-6

managing digital certificates on VPN 3002     12-31

managing VPN Concentrator with CLI     14-1

memory, SDRAM     13-9

menu

choosing a menu item in CLI     14-3
context in CLI prompt     14-3
menu reference, CLI     14-7

MIB-II

statistics     13-39
ARP table     13-51
Ethernet traffic     13-53
interfaces     13-40
IP traffic     13-45
SNMP     13-56
TCP/UDP     13-42
system object     10-2
Microsoft Internet Explorer script error message     A-9

model number, system     13-9

modifying

event class     9-10
SNMP community     8-8
SNMP event trap destination     9-13
static route, for IP routing     7-3
syslog server to receive events     9-16
monitoring statistics     13-1

N

NAT (Network Address Translation)

definition     11-1
navigating

the VPN 3002 Hardware Client Manager     1-28
Netscape Navigator, requirements     1-1

Network Address Translation See NAT

Network Extension mode     11-2

effect on backup server connection     6-5
required settings on VPN Concentrator     11-3
nonvolatile memory     12-10

event log stored in     13-3
No such interface supported (error)     A-9

Not Allowed (error)     A-8

Not Found (error)     A-9

O

options configurable only on central-site Concentrator     7-9

Out of Range value (error)     A-10

P

password

administrator     12-10
factory default (Manager)     1-17
Passwords do not match (error)     A-10

PAT mode

configuring     11-6
definition     11-1
enabling     11-6
many-to-one translation     11-6
required settings on VPN Concentrator     11-2
PC monitor/display, recommended settings     1-2

peer     6-2

PEM-encoded certificate     12-28

ping a host     12-7

PKCS-10

enrollment request     12-24, 12-40
policy management     11-1

Port Address Translation mode See PAT mode

port number

HTTP     8-3
HTTPS     8-3
SNMP     8-6
SSH     8-14
syslog server     9-16
Telnet     8-5
Telnet over SSL     8-5
power, turning off     12-5

PPPoE

statistics     13-36
PPP over Ethernet See PPPoE

prerequisites, system administrator     ix

preshared keys     6-6

private interface

configuring     3-4
definition     3-1
private keys, saving in Flash memory     12-16

public interface

configuring     3-6
definition     3-1
Public Key Certificate Syntax-10 See PKCS-10

Public Key Infrastructure (PKI)     6-6, 12-16

Q

Quick Configuration     2-1

R

RC4-128 SSH encryption algorithm     8-14

RC4-40/MD5 Export SSL encryption algorithm     8-11

reboot

handling configuration files     12-6
reloads the boot configuration file     12-13
saving log file     12-5, A-1
system     12-5
re-enrolling a certificate     12-54

re-keying a certificate     12-54

remote server

configuring     6-3
renewing a DHCP lease     7-6

renewing digital certificates     12-54

requirements

browser     1-1
Internet Explorer     1-1
IPSec over TCP     6-6
JavaScript     1-2
Netscape Navigator     1-1
RFC 1650, Ethernet interface MIB objects     13-53

RFC 1907, SNMP version 2 MIB objects     13-56

RFC 2011, ARP table entries     13-51

RFC 2011, IP and ICMP MIB objects     13-45, 13-48

RFC 2012,TCP MIB objects     13-42

RFC 2013, UDP MIB objects     13-42

RFC 2459     12-50

root CA certificate     12-16

routing table (monitoring)     13-2

RRC4-128/MD5 SSL encryption algorithm     8-11

RSA key, SSH     8-13

S

SAVELOG.TXT file     9-4, 12-5, A-1

saving

configuration file with CLI     14-6
event log     13-5
log file on system reboot     9-4, 12-5
SCEP

(Simple Certificate Enrollment Protocol), definition     12-16
enrolling an identity certificate     12-41
enrolling SSL certificate     12-42
installing CA certificates     12-17
installing identity certificates     12-22, 12-24
SCEP-enabled certificate     12-17
troubleshooting     12-17
screen

login, using HTTPS     1-17
SDRAM memory     13-9

secure connection

See also tunnel
tunnel     6-1
Secure Shell protocol See SSH

Secure Sockets Layer See SSL     12-16

Security Associations (SAs)     6-2

self-signed certificates

CA certificates     12-16
SSL     12-16
SSL certificate, generating     12-33
server identity certificates     12-32

server key, SSH     8-13

servers

backup, configuring     6-3
backup, overview     6-4
configuring system access     5-1
remote, configuring     6-3
session idle timeout

live event log overrides     13-6
session key

SSH     8-13
Session Timeout (error)     A-5

severity level, events     9-3

shutdown system     12-5

Simple Certificate Enrollment Protocol See SCEP

Simple Network Management Protocol See SNMP

SNMP

configuring internal server     8-6
enabling     8-6
event trap destinations, configuring     9-12
add     9-13
modify     9-13
MIB-II statistics     13-56
port number     8-6
traps, configuring "well-known"     9-8
traps, configuring for specific events     9-11
SNMP communities

adding     8-8
configuring     8-7
modifying     8-8
software image

filenames     12-3, 13-9
updating on VPN 3002
procedure     12-2
stopping an image update     12-3
version info     12-3, 13-9
split tunneling

client (PAT) mode     11-1
Network Extension mode     11-3
SSH

configuring internal server     8-13
enable     8-14
enabling on public interface for XML support     8-17
encryption algorithms     8-14
host key     8-13
port number     8-14
RSA key     8-13
server key     8-13
server key regeneration     8-14
session key     8-13
statistics     13-32
SSL

client authentication (HTTPS only)     8-11
configuring internal server     8-10
encryption algorithms     8-11
statistics     13-28
SSL certificate     8-10, 12-16

enrolling     12-37
enrolling via SCEP     12-42
generating     12-33
installing in browser     1-3
installing with Internet Explorer     1-4
installing with Netscape     1-9
obtaining     12-28
viewing with Internet Explorer     1-8
viewing with Netscape     1-14
VPN Concentrator     1-3
standards

IEEE standard 802.3, Ethernet networks     13-53
ITU     12-50
RFC 1650, Ethernet interface MIB objects     13-53
RFC 1907, SNMP version 2 MIB objects     13-56
RFC 2011, ARP table entries     13-51
RFC 2011, IP and ICMP MIB objects     13-45, 13-48
RFC 2012,TCP MIB objects     13-42
RFC 2013, UDP MIB objects     13-42
RFC 2459     12-50
X.509     12-50
X.520     12-50
starting the CLI     14-2

static routes

adding     7-3
configuring for IP routing     7-2
modifying     7-3
statistics

devices behind the VPN 3002 Hardware Client     13-14
DHCP     13-30
DNS     13-27
HTTP     13-22
IPSec     13-16
MIB-II     13-39
ARP table     13-51
Ethernet     13-53
ICMP     13-48
interfaces     13-40
IP traffic     13-45
SNMP     13-56
TCP/UDP     13-42
monitoring     13-1, 13-15
PPPoE     13-36
public/private Ethernet interface     13-11
SSH     13-32
SSL     13-28
Telnet     13-25
user status     13-14
stopping

CLI     14-6
file upload to VPN 3002     12-3, 12-14
the VPN 3002     12-5
subordinate CA certificate     12-16

superuser See administrators

swap configuration files     12-13

syslog format, events     9-6

syslog server

configuring for events
add     9-16
modify     9-16
port number     9-16
syslog servers, configuring for events     9-14

system configuration     4-1

system identification, configuring     10-2

system reboot     12-5

reloads the boot configuration file     12-13
saving the log file     12-5
system shutdown     12-5

handling configuration files     12-6
system status

monitoring     13-8
private/public interface     13-11

T

table of contents, Manager     1-28

TCP/UDP MIB-II statistics     13-42

technical assistance, obtaining     xiv

Technical Assistance Center (TAC) website     xv

Telnet

accessing CLI     14-2
configuring internal server     8-4
enabling     8-4
port number     8-5
statistics     13-25
Telnet over SSL

configuring internal server     8-4
port number     8-5
time and date, configuring     10-3

timeout, administrator     12-11

live event log overrides     13-6
time zone, configuring     10-3

traffic management, configuring     11-5

transmission mode, configuring Ethernet interface     3-5, 3-8

traps, configuring

"well-known"     9-8
destination systems     9-12, 9-13
general events     9-8
specific events     9-11
troubleshooting

crash dump file     A-1
event log     A-1
files created for     A-1
information in event log     9-4
information in the event log     13-3
using configuration files     A-2
tunnel

configuring protocols     6-2
endpoint     6-1
functional description     6-1
initiation     11-4
protocols     6-1
type (model number), system     13-9

typographic conventions     xv

U

UDP MIB-II traffic statistics     13-42

updating software on VPN 3002     12-2

upload files to VPN 3002     12-14

user status     13-14

using the CLI     14-3

using the VPN Concentrator Manager     1-1

V

viewing

digital certificate details     12-50
digital certificates on VPN 3002     12-31
enrollment request     12-58
event log     13-5
SSL certificates
with Internet Explorer     1-8
with Netscape     1-14
VPN 3002 status, sessions, statistics, and event logs     13-1
VPN 3002 Hardware Client Manager

errors     A-5
navigating     1-28
organization     1-27
window     1-23
VPN Concentrator Manager

logging in     1-17
using     1-1

W

WINS

backup server, configuring     6-4

X

X.509

digital certificates     12-16
standards     12-50
X.520 standards     12-50

XML

configuring     8-16
enabling     8-16

hometocprevnextglossaryfeedbacksearchhelp
Posted: Wed Nov 20 10:52:15 PST 2002
Copyright 1989-2000©Cisco Systems Inc.