This chapter tells you how to prepare for, unpack, install, and power up the VPN 3002, and how to begin quick configuration.
Preparing to Install
To install the VPN 3002, you need the following skills:
Familiarity with Windows configuration and management, and with Microsoft Internet Explorer or Netscape Navigator browsers.
Normal computing-equipment power. For maximum protection, we recommend connecting the VPN 3002 to a conditioned power source or uninterruptible power supply (UPS). Be sure that the power source provides a reliable Earth ground.
At least 3 inches (75 mm) of unobstructed space on all sides to accommodate cooling intake vents on the sides and top.
Standard UTP/STP twisted-pair network cables, Category 5, with RJ-45 8-pin modular connectors. Cisco supplies two with the system.
A standard straight-through RJ-45 serial cable with a female DB-9 connector, which Cisco supplies with the system.
Configuring and Managing the VPN 3002
You can configure and manage the VPN 3002 using the command-line interface from the console or a Telnet or SSH client. However, for ease of use, we strongly recommend using the VPN 3002 hardware Client Manager, which is HTML-based, from a PC and browser.
The PC must be able to run the recommended browser. The console can be the same PC that runs the browser.
Browser Requirements
The VPN Hardware Client Manager requires either Microsoft Internet Explorer version 4.0 or higher, or Netscape Navigator version 4.5-4.7 or 6.0. For best results, we recommend Internet Explorer. Whatever browser and version you use, install the latest patches and service packs for it.
JavaScript and Cookies
Be sure JavaScript and Cookies are enabled in the browser. Refer to the documentation for your browser for instructions.
Navigation Toolbar
Do not use the browser navigation toolbar buttons Back, Forward, or Refresh / Reload with the VPN 3002 Hardware Client Manager unless instructed to do so. To protect access security, clicking Refresh / Reload automatically logs out the Manager session. Clicking Back or Forward may display stale Manager screens with incorrect data or settings.
We recommend that you hide the browser navigation toolbar to prevent mistakes while using the VPN 3002 Hardware Client Manager.
Recommended PC Monitor / Display Settings
For ease of use, we recommend setting your monitor or display:
Desktop area—1024 x 768 pixels or greater. Minimum = 800 x 600 pixels.
Color palette—256 colors or higher.
Unpacking
The VPN 3002 Hardware Client ships with the listed in Table 2-1
. Carefully unpack your device and check your contents against this list:
Table 2-1 VPN 3002 Hardware Client Packing List
Quantity
Item
1
CVPN 3002
1
External 15W power supply and power cord
1
RJ-45 to RJ-45 console cable (black)
1
RJ45 to DB9 console port adapter
1
RJ45 to DB25 console port adapter
4
Self-adhesive rubber feet
1
Wall mount kit 2 10-16x1 & 2 10-16x1.5 screws and 2 wall anchors
1
Power cord retention bracket and instructions
1
6' RJ-45 to RJ-45 Ethernet cable (yellow)
1
VPN 3000 Concentrator Series Software CD
1
VPN 3002 Basic Information label
1
VPN 3002 Quick Start card
1
VPN Client Software License Agreement
1
VPN 3002 Hardware Client Release Notes
1
Export Compliance Information document
1
Warranty card and product information packet
1
Hard copy documentation ordering flyer
Installing the VPN 3002
You can place the VPN 3002 on a table or shelf, or you can hang it on the wall.
Connecting the PC/Console
Connect the RJ45 straight-through serial cable between the console port on the back of the VPN 3002 and the COM1 or serial port on the PC.
If you are using a PC with a browser to manage the VPN 3002, be sure the PC is connected to the same private LAN as the VPN 3002.
If you are using a PC with a browser to manage the VPN 3002-8E, be sure the PC is connected to a switch port that is configured on the same private LAN as the VPN 3002-8E.
Connecting Network Cables
Connect network cables between the Ethernet interface on the back of the VPN 3002 and their respective public and private network hub, switch, or device.
The interfaces are (left to right):
Public = the VPN 3002 interface to the public network.
Private = the VPN 3002 interface to your private network (internal LAN).
Powering Up
Power up the PC/console and the VPN 3002 in the following sequence:
Step 1 Turn on the PC/console.
Step 2 If you want to use the command-line interface, start a terminal emulator (HyperTerminal) on the PC. Configure a connection to COM1, with the following port settings:
9600 bits per second
8 data bits
No parity
1 stop bit
Set the emulator for VT100 emulation, or let it autodetect the emulation type.
Step 3 Plug in the VPN 3002, which turns on the VPN 3002.
Step 4 The LED(s) on the front panel will blink and change color as the system executes diagnostics.
Step 5 Watch for these LEDs on the VPN 3002 front panel to stabilize and display as follows:
PWR = green when unit is on.
SYS = flashes amber when unit is performing diagnostics, flashes green until either the DHCP or PPPoE session is up (if you are using DHCP or PPPoE), and solid green when operational.
VPN = green when tunnel is established.
Step 6 Watch for LEDs on the private and public interface ports on the back of the device to display as follows:
Green = the interface is connected to the network.
Flashing amber = data is traveling across the network.
Step 1 Set the system time, date, time zone, and Daylight Savings Time (DST) support.
Step 2 Optionally upload an already existing configuration file.
Step 3 Configure the VPN 3002 private interface. To use Network Extension mode, you must configure an IP address other than the default, which is 192.168.10.1. For Client mode, you do not need to change this address.
Step 4 Configure the DHCP server to assign IP addresses for PCs located on the private network. The default IP address pool is 192.168.10.2-192.168.10.128. For Client mode, you do not need to modify this parameter.
Step 5 Configure the VPN 3002 public interface, using DHCP, PPPoE, or static address assignment. Note that the DHCP client is enabled by default on the public interface.
Step 6 Configure the IPSec parameters with group and usernames and passwords and the IP address of the central-site VPN Concentrator, also known as the IKE peer.
Step 7 Set the VPN 3002 to use either Client or Network Extension mode. Client mode is enabled by default, using Port Address Translation (PAT).
Step 8 If you are using DNS, configure local ISP DNS information for the VPN 3002.
Step 9 Configure static routes.
Step 10 Change the admin password for security.
You are done!
Quick Configuration Using Default Values
The easiest way to configure the VPN 3002 is to accept default values for all parameters that have default values. The next sections on PAT mode and Network Extension mode list the information you need if you use default values for quick configuration.
PAT Mode
For PAT mode, if you accept default values for all parameters, you need:
The IKE peer address, which is the public IP address of the VPN Concentrator to which this VPN 3002 connects.
Group and usernames and passwords. The group and usernames and passwords must also be configured on the VPN Concentrator to which this VPN 3002 connects. On the central-site VPN Concentrator, see Configuration | User Management | Groups, and Configuration | User Management | Users.
Network Extension Mode
For Network Extension mode, if you accept default values for all parameters, you need:
An IP address for the VPN 3002 private interface (supplied by your network administrator).
The IKE peer address, which is the public IP address of the VPN Concentrator to which the VPN 3002 connects.
Group and usernames and passwords. The group and usernames and passwords must also be configured on the VPN Concentrator to which this VPN 3002 connects. On the central-site VPN Concentrator, see Configuration | User Management | Groups, and Configuration | User Management | Users.
Disable PAT.
Quick Configuration Using Nondefault Values
Table 2-2 provides the information you need to set all the parameters for quick configuration. Write your entries here now to save time as you enter data.
Table 2-2 VPN 3002 Quick Configuration Parameters
Parameter Name
Information You Need to Enter
Your Entries
Upload Config
If you want to upload an already existing configuration file, the path to and name of the file.
Private Interface
Both of the following:
The IP address and subnet mask for the VPN 3002 interface to your private network. The default IP address is 192.168.10.1. Note that to use Network Extension mode, you must configure this private interface IP address to something other than the default.
The IP address pool range to assign, if you use DHCP for address assignment, and you do not want to accept default values.
The default range is 192.168.10.2 to 192.168.10.128. If you change the IP address for the private interface, the default is <Private IP address> + 1 to <Private IP address> + 127.
Public Interface
One of the following:
If statically assigned, the IP address, subnet mask, and default gateway for the VPN 3002 interface to the public network.
If you use DHCP to obtain an IP address, a system name (also called a hostname).
If you use PPPoE to connect to a public network, a PPPoE username and password.
IPSec
If you use digital certificates, you do not need to enter this information.
Both of the following:
The IKE peer address, that is, the IP address for the public interface of the central-site VPN Concentrator to which this VPN 3002 connects.
IPSec group names, usernames, and passwords. These must match the group names, usernames, and passwords configured on the central-site VPN Concentrator.
PAT
If you want to use Network Extension mode, an IP address for the private interface other than the default.
DNS
If you use DNS, both of the following:
The IP address of your local Internet Service Provider's DNS server.
The registered Internet domain name to use with DNS (such as cisco.com), obtained from your Internet Service Provider (ISP).
Static Routes
If you want to configure one or more static routes, the IP address(es), subnet mask(s), and metric(s) that apply to the static route(s), and destination router address(es).
