Using the Command-Line Interface for Quick Configuration

This chapter tells you how to complete quick configuration of the system using the VPN 3002 command-line interface (CLI).

Quick configuration supplies the minimal parameters needed to make the VPN3002 operational.

The CLI is a menu-based configuration, administration, and monitoring system built into the VPN 3002. You can use it from the console or in a Telnet or SSH session.

About Quick Configuration

You can go through quick configuration multiple times, and although it is easiest to configure its parameters in sequence, you can set and revisit parameters in whatever order you choose.

Entries are case-sensitive; for example, admin and ADMIN are different passwords.

The system shows current or default entries in brackets; for example, [ 10.10.4.6 ].

Configuration entries take effect as soon as you enter them, and they constitute the active, or running, configuration. The system automatically saves your entries when you press the Enter key.

If you make a mistake, the system displays an error message and repeats the previous prompt. You can often enter a correct value and proceed, but in some cases you may need to restart the section to correct an earlier error. See Appendix A, "Troubleshooting and System Errors" for more details.

Starting Quick Configuration

To use the command-line interface (CLI) for quick configuration of the VPN 3002:

Step 1

After booting the VPN 3002, start either the console or a Telnet or SSH session, and connect to the private interface of the VPN 3002 by entering the IP address for that interface.

Boot-ROM Initializing...

Boot configured 16 MB of RAM.

...

Loading image ..........

Verifying image checksum ...........

Active image loaded and verified...

Starting loaded image...

Image Loader Initializing...

Decompressing & loading image ............

Verifying image checksum ...........

Active image loaded and verified...

Starting loaded image...

Starting power-up diagnostics...

pSH+ Copyright (c) Integrated Systems, Inc., 1992.

Cisco Systems, Inc./VPN 3002 Hardware Client Version 3.0(REL) Feb 02 2001 09:53:35

Features:

Initializing VPN 3002 Hardware Client ...

Initialization Complete...Waiting for Network...

Login:_

Step 2

At the cursor, enter the login name: admin. At the password prompt, enter the default password: admin.

Login: admin

Password: admin

The system displays the opening message and prompts you to select an administrative task.

Welcome to

               Cisco Systems

         VPN 3002 Hardware Client

          Command Line Interface

Copyright (C) 1998-2001 Cisco Systems, Inc.

1) Configuration

2) Administration

3) Monitoring

4) Save changes to Config file

5) Help Information

6) Exit

Main -> _

1) Quick Configuration

2) Interface Configuration

3) System Management

4) Policy Management

5) Back

Config -> _

Setting the Time and Date

Step 1

The system prompts you to set the time on your device. The time in brackets is the current device time.

-- : Set the time on your device. The correct time is very important,

-- : so that logging entries are accurate.

 -- : Enter the system time in the following format:

 -- :       HH:MM:SS.  Example  21:30:00  for 9:30 PM

> Time

Quick -> [ 10:34:17 ] _

At the cursor, enter the correct device time in the format HH:MM:SS, using 24-hour notation. For example, enter 4:24 p.m. as 16:24:00.

Step 2

The system prompts you to set the date. The number in brackets is the current device date.

 -- : Enter the date in the following format.

 -- : MM/DD/YYYY  Example 06/12/1999  for June 12th 1999.

> Date

Quick -> [ 01/18/2001 ] _

At the cursor, enter the correct date in the format MM/DD/YYYY. Use four digits to enter the year. For example, enter June 12, 2001 as 06/12/2001.

Step 3

The system prompts you to set the time zone. The time zone selections are offsets in hours relative to GMT (Greenwich Mean Time), which is the basis for Internet time synchronization. The number in brackets is the current time zone offset.

-- : Set the time zone on your device. The correct time zone is very

 -- : important so that logging entries are accurate.

 -- : Enter the time zone using the hour offset from GMT:

 -- : -12 : Kwajalein  -11 : Samoa    -10 : Hawaii        -9 : Alaska

 -- :  -8 : PST         -7 : MST       -6 : CST           -5 : EST

 -- :  -4 : Atlantic    -3 : Brasilia  -2 : Mid-Atlantic  -1 : Azores

 -- :   0 : GMT         +1 : Paris     +2 : Cairo         +3 : Kuwait

 -- :  +4 : Abu Dhabi   +5 : Karachi   +6 : Almaty        +7 : Bangkok

 -- :  +8 : Singapore   +9 : Tokyo    +10 : Sydney       +11 : Solomon Is.

 -- : +12 : Marshall Is.

> Time Zone

Quick -> [ -5 ] _

At the cursor, enter the time zone offset in the format +/- NN, or accept the default, -5, for U.S. Eastern Standard Time.

Step 4

The system prompts with a menu to enable DST (Daylight-Saving Time support. During DST, clocks are set one hour ahead of standard time. Enabling DST support means that the VPN 3002 automatically adjusts the time zone for DST or standard time. If your system is in a time zone that uses DST, you must enable DST support.

1) Enable Daylight Savings Time Support

2) Disable Daylight Savings Time Support

Quick -> [ 1 ] _

At the cursor, enter 2 to disable DST support, or accept the default, 1, to enable DST support, and continue to the next section.

Uploading Configuration

To use the local console PC terminal emulation package to transfer (upload) configuration files from your PC, or from a system accessible to your PC, to the VPN 3002 flash memory:

Step 1

The system prompts you to choose whether or not to upload a configuration file.

1) Upload Config File

2) Do Not Upload Config File

3) Back

Quick -> [2]

At the cursor, enter 1 Upload Config File to transfer a configuration file. If you do not want to use an already existing configuration file, accept the default, 2, Do Not Upload Config File and continue to the next section.

Configuring the Private Interface

•

The private interface is the interface to your internal LAN (private network).

Note If you do not change the private interface IP address, you cannot disable PAT mode. That is, you cannot use Network Extension mode unless you configure a private IP address other than the default, which is 192.168.10.1

This table shows current IP addresses.

  Intf         Status       IP Address/Subnet Mask          MAC Address

-------------------------------------------------------------------------------

Pri Intf |      UP      |    192.168.10.1/255.255.255.0    | 00.90.A4.00.25.A8

Pub Intf |   Disabled   |        0.0.0.0/0.0.0.0           | 00.90.A4.00.25.A9

-------------------------------------------------------------------------------

DNS Server(s): DNS Server Not Configured

Default Gateway: 130.0.0.1

WARNING:-- The IP Address for the Private Interface is at the default value

WARNING:-- of 192.168.10.1. Keeping this Private Interface address will prevent

WARNING:-- Network Extension Mode from being enabled.

1) Configure the Private Interface

2) Skip the Private Interface Configuration

3) Back

Quick -> [ 2 ]

At the cursor, enter 1 Configure the Private Interface if you want to change the private interface IP address or subnet mask. If you do not want to change the private interface address, accept the default, 2, to continue with quick configuration. We assume that you enter 1.

This table shows current IP addresses.

-------------------------------------------------------------------------------

DNS Server(s): DNS Server Not Configured

Default Gateway: 130.0.0.1

> Enter IP Address

Quick Private Interface -> [ 192.168.10.1 ] _

To reconfigure the IP address for the private interface, at the cursor enter the IP address for the VPN 3002 private interface, using dotted decimal notation; for example, 192.168.12.34. Be sure no other device is using this address on the network.

Step 3

The system prompts you for the private interface subnet mask. The entry in brackets is the standard subnet mask for the IP address you entered above. For example, an IP address of 192.168.12.34 is a Class C address, and the standard subnet mask is 255.255.255.0.

> Enter Subnet Mask

Quick Private Interface -> [ 255.255.255.0 ]_

To reconfigure the subnet mask for the private interface, at the cursor enter the new subnet mask, using dotted decimal notation.

Step 4

The system gives you the option of configuring the DHCP server. The DHCP server for the private interface lets IP hosts in its network automatically obtain IP addresses from a limited pool of addresses for a fixed length of time, or lease period. Before the lease period expires, the VPN 3002 displays a message offering to renew it. If the lease is not renewed, the connection terminates when the lease expires, and the IP address becomes available for reuse. Using DHCP simplifies configuration since you do not need to know what IP addresses are considered valid on a particular network.

DHCP Server: Enabled

Address Pool: 192.168.10.2 - 192.168.10.128

1) Disable DHCP Server

2) Enable and Configure DHCP Server

3) Enable DHCP server with existing parameter values.

4) Back

Quick -> [ 3 ]

•

If you want to disable the DHCP server, at the prompt enter 1 Disable DHCP Server, and continue with quick configuration.

•

If you want to enable and configure the DHCP server, at the prompt enter 2 Enable and Configure DHCP Server, and follow Steps 6 through 9 below.

•

If you want to enable the DHCP server with existing parameters, at the prompt enter 3.

Step 5

If you choose 2 Enable and Configure DHCP server, the system displays the server parameters.

1) Enable/Disable DHCP

2) Set DHCP Lease Timeout

3) Set DHCP Pool

4) Back

5) Continue

Quick -> [ 3 ]

Enter the number for the parameter you want to configure, and press Enter to continue with quick configuration.

Step 6

To Enable or disable DHCP, at the prompt, enter 1. The system displays the Enable DHCP parameter.

1) Enable DHCP

2) Disable DHCP

Quick -> [ 1 ]

Step 7

The DHCP lease period is the amount of time, in minutes, that the private interface owns the IP address the DHCP server assigns. The minimum is 5, maximum is 500,000, and the default is 120 minutes.

To set the lease period, at the prompt, enter 2. The system displays the DHCP Lease Timeout parameter.

Quick -> [ 2 ]

> Lease Timeout (5-500000) minutes

Quick -> [ 120 ]

At the prompt, enter the number of minutes for the DHCP lease period, or press Enter to accept the default, 120 minutes, and continue with quick configuration.

Step 8

The DHCP pool is the range of IP addresses that this DHCP server can assign. The default address pool is 127 IP addresses, and the start of the range is the next IP address after that of the private interface. You can configure another range of IP addresses for the pool, but in no case can the pool have more than 127 addresses.

To configure the DHCP address pool, at the prompt enter 3 Set DHCP Pool. The system displays the DHCP Pool Start field.

Quick -> 3

> DHCP Pool Start

Quick -> [ 192.168.10.2 ]

Enter the IP address you want as the starting address in the pool, using dotted decimal notation, or accept the default (in brackets), and press Enter.

> DHCP Pool End

Quick -> [ 192.168.10.128 ]

Enter the IP address you want as the starting address in the pool, using dotted decimal notation, or accept the default (in brackets), and press Enter.

1) Enable/Disable DHCP

2) Set DHCP Lease Timeout

3) Set DHCP Pool

4) Back

5) Continue

Quick ->

To revisit DHCP parameters, enter the number for the parameter you want. Click Back to revisit earlier sections of quick configuration, or click Continue to proceed. We assume that you want to continue.

Configuring the Public Interface

Next you set the system name, and configure a way for the public interface to obtain an IP address using DHCP, PPPoE, or static addressing. The system displays the tasks involved, and also displays current values, if any. Be aware that many ISPs require a system name or hostname if you use DHCP to obtain an IP address.

See the sections that follow for more information about DHCP, PPPoE, and static addressing.

Configuring a System Name

This table shows current IP addresses.

  Intf       Status        IP Address/Subnet Mask          MAC Address

-------------------------------------------------------------------------------

Pri Intf|      UP      |    10.10.99.50/255.255.0.0    |  00.90.A4.00.25.A8

Pub Intf|    Disabled  |        0.0.0.0/0.0.0.0        |  00.90.A4.00.25.A9

-------------------------------------------------------------------------------

DNS Server(s): DNS Server Not Configured

DNS Domain Name: ispdomain.com

Default Gateway: 130.0.0.1

1) Configure System Name (hostname)

2) Obtain address via DHCP for the Public Interface

3) Use PPPoE to Connect to a Public Network

4) Configure the Public Interface

5) Back

Quick ->

-- : Assign a System Name (hostname) to this device.

-- : This may be required for DHCP.

> System Name

Quick -> _

Step 2

At the cursor, enter a name such as VPN01. This name must uniquely identify this device on your network. Press Enter. The system redisplays the table of current IP addresses and the current menu options.

Configuring DHCP

This table shows current IP addresses.

  Intf       Status        IP Address/Subnet Mask          MAC Address

-------------------------------------------------------------------------------

Pri Intf|      UP      |    10.10.99.50/255.255.0.0    |  00.90.A4.00.25.A8

Pub Intf|    Disabled  |        0.0.0.0/0.0.0.0        |  00.90.A4.00.25.A9

-------------------------------------------------------------------------------

DNS Server(s): DNS Server Not Configured

DNS Domain Name: ispdomain.com

Default Gateway: 130.0.0.1

1) Configure System Name (hostname)

2) Obtain address via DHCP for the Public Interface

3) Use PPPoE to Connect to a Public Network

4) Configure the Public Interface

5) Back

Quick -> [2]

Dynamic Host Configuration Protocol (DHCP) is a communications protocol that lets IP hosts in its network automatically obtain IP addresses from a limited pool of addresses for a fixed length of time, or lease period. Using DHCP simplifies configuration since you can manage the assignment of IP addresses from a central point. You do not need to manually enter an IP address for the public interface, and you do not need to know what IP addresses are considered valid on a particular network.

The DHCP server for the Public interface resides on the central-site VPN Concentrator.

Step 1

To obtain an IP address for the public interface using DHCP, at the prompt enter 2 and press Enter. The system proceeds to the IPSec parameters; see the section, " Configuring IPSec."

Configuring PPPoE

This table shows current IP addresses.

  Intf       Status        IP Address/Subnet Mask          MAC Address

-------------------------------------------------------------------------------

Pri Intf|      UP      |    10.10.99.50/255.255.0.0    |  00.90.A4.00.25.A8

Pub Intf|    Disabled  |        0.0.0.0/0.0.0.0        |  00.90.A4.00.25.A9

-------------------------------------------------------------------------------

DNS Server(s): DNS Server Not Configured

DNS Domain Name: ispdomain.com

Default Gateway: 130.0.0.1

1) Configure System Name (hostname)

2) Obtain address via DHCP for the Public Interface

3) Use PPPoE to Connect to a Public Network

4) Configure the Public Interface

5) Back

Quick ->

PPP over Ethernet (PPPoE) is a proposal that specifies how a host PC interacts with a broadband modem—xDSL, cable, wireless—to achieve access to high-speed data networks. It relies on the Ethernet and PPP standards. It includes an authentication strategy that requires a username and password to create a PPPoE session on the VPN 3002.

Step 1

At the prompt enter 3, and press Enter. The system prompts for a PPPoE username.

Quick -> 3

> PPPoE User Name

Step 2

Enter a PPPoE username. The maximum length is 64 characters; however, only the first 17 characters display. Press Enter. The system prompts for a PPPoE password.

> PPPoE Password

Quick ->

Step 3

Enter a PPPoE password, maximum length 64 characters. Press Enter. The system prompts you to verify the password. The system proceeds to the IPSec parameters; see the section, " Configuring IPSec."

Verify ->

Configuring a Static IP Address

This table shows current IP addresses.

  Intf       Status        IP Address/Subnet Mask          MAC Address

-------------------------------------------------------------------------------

Pri Intf|      UP      |    10.10.99.50/255.255.0.0    |  00.90.A4.00.25.A8

Pub Intf|    Disabled  |        0.0.0.0/0.0.0.0        |  00.90.A4.00.25.A9

-------------------------------------------------------------------------------

DNS Server(s): DNS Server Not Configured

DNS Domain Name: ispdomain.com

Default Gateway: 130.0.0.1

1) Configure System Name (hostname)

2) Obtain address via DHCP for the Public Interface

3) Use PPPoE to Connect to a Public Network

4) Configure the Public Interface

5) Back

Quick ->

To configure the VPN 3002 public interface with a static IP address, subnet mask, and default gateway for the public interface, follow these steps:

Step 1

At the prompt enter 4. The system again displays the current IP addresses table.

This table shows current IP addresses.

  Intf       Status        IP Address/Subnet Mask          MAC Address

-------------------------------------------------------------------------------

Pri Intf|      UP      |    10.10.99.50/255.255.0.0    |  00.90.A4.00.25.A8

Pub Intf|    Disabled  |        0.0.0.0/0.0.0.0        |  00.90.A4.00.25.A9

-------------------------------------------------------------------------------

DNS Server(s): DNS Server Not Configured

DNS Domain Name: ispdomain.com

Default Gateway: 130.0.0.1

> Enter IP Address

Quick Public Interface -> [ 0.0.0.0 ]_

Step 2

Enter the IP address for this interface, using dotted decimal notation, and press Enter. Be sure no other device is using this address on the network.

> Enter Subnet Mask

Quick Public Interface -> [ 255.0.0.0 ]

Enter the subnet mask for this interface, using dotted decimal notation. The default is a standard subnet mask appropriate for the IP address you just entered. For example, an IP address of 192.168.12.34 is a Class C address, and the standard subnet mask is 255.255.255.0. You can accept this entry or change it.

Step 4

When you press Enter, the system prompts you to specify a default gateway, which is the system to which the VPN 3002 should forward packets. In other words, if the VPN 3002 has no configured static routes that specify where to send packets, it sends them to this gateway. (When you first start the VPN 3002, it has no static routes.)

> Default Gateway

Quick -> _

At the cursor, enter the IP address of the default gateway (for example, 10.10.0.1). This address must not be the same as the IP address configured on any VPN 3002 interface. To specify no default gateway, which means the VPN 3002 drops unrouted packets, leave this entry blank. If you are using DHCP to acquire the public IP address, DHCP usually supplies the default gateway, and you should leave this field blank.

The system proceeds to the IPSec parameters; see the section," Configuring IPSec."

Configuring IPSec

The VPN 3002 connects to the remote VPN Concentrator using the IPSec remote server address, group name and password, and username and password. Note that these are the same group and usernames and passwords that you configure on the central-site VPN Concentrator for this VPN 3002.

If you are using digital certificates, the group name and group password are not required.

Step 1

In the IPSec Remote Server parameter, enter the IP address or hostname of the VPN Concentrator to which this VPN 3002 hardware client connects. Note that to enter a hostname, a DNS server must be configured.

> IPSec Remote Server

Quick -> [ 130.0.0.1 ]

1) Enable IPSec over TCP

2) Disable IPSec over TCP

Quick -> [ 2 ]

At the cursor, enter 1 to enable IPSec over TCP, or accept the default, 2, to disable IPSec over TCP.

> IPSec Group Name

Quick -> _

At the cursor, enter a unique name for this group. Maximum is 32 characters, case-sensitive; for example, Group1.

> IPSec Group Password

Quick -> _

At the cursor, enter a unique password for this group. Minimum is 4, maximum is 32 characters, case-sensitive. The system displays only asterisks.

Verify -> _

> IPSec User Name

Quick -> _

Enter a unique name within the group for this user. Maximum is 32 characters, case-sensitive.

Step 7

The system prompts you to enter the user password. Minimum is 4, maximum is 32 characters, case-sensitive. The system displays only asterisks.

> IPSec User Password

Quick -> _

Verify -> _

Configuring PAT or Network Extension mode

This section lets you configure this VPN 3002 to use either PAT or Network Extension mode. You have this option only if you have changed the private interface IP address.

If you have not changed the private interface IP address, the system displays the following message:

NOTE:-- Because the IP Address of the Private Interface was not

NOTE:-- changed from the initial default value, you cannot disable

NOTE:-- PAT on the IPSec tunnel to the VPN Concentrator.

Client Mode (PAT)

Client mode, also called PAT (Port Address Translation) mode, isolates all devices on the private network from those on the public network. In PAT mode:

•

IPSec encapsulates all traffic going from the private network of the VPN 3002 to the network(s) behind the IKE peer, i.e., the central-site VPN Concentrator.

•

PAT includes NAT (Network Address Translation). NAT translates the network addresses of the devices connected to the VPN 3002 private interface to the VPN Concentrator assigned IP address on the public interface, and also keeps track of these mappings so that it can forward replies to the correct device.

All traffic from the private network appears on the network behind the central-site VPN Concentrator (the IKE peer) with a single source IP address. This IP address is the one the central-site VPN Concentrator assigns to the VPN 3002. The IP addresses of the computers on the private network are hidden. You cannot ping or access a device on the VPN 3002 private network from outside of the private network, or directly from a device on the private network at the central site.

VPN 3000 Concentrator Settings Required for PAT

For the VPN 3002 to use PAT, follow these requirements for the central-site VPN Concentrator.

The VPN Concentrator at the central site must be running Software version 3.0 or later.

Address assignment must be enabled, by whatever method you choose to assign addresses (for example, DHCP, address pools, per user, or client-specified). If the VPN Concentrator uses address pools for address assignment, make sure to configure the address pools your network requires. See Chapter 6, "Address Management," in the VPN 3000 Series Concentrator Reference Volume 1: Configuration.

Configure a group to which you assign this VPN 3002. This includes assigning a group name and password. See Chapter 14, "User Management," in the VPN 3000 Series Concentrator Reference Volume 1: Configuration.

Configure one or more users for the group, including usernames and passwords.

Network Extension Mode

Network Extension mode allows the VPN 3002 to present a full, routable network to the tunneled network. IPSec encapsulates all traffic from the VPN 3002 private network to networks behind the central-site VPN Concentrator, but PAT does not apply. Therefore, devices behind the VPN Concentrator have direct access to devices on the VPN 3002 private network via the tunnel, and only over the tunnel, and vice versa.

In this mode, the VPN Concentrator does not assign an IP address for tunneled traffic (as it does in Client/PAT mode). The tunnel is terminated with the VPN 3002 private IP address (i.e., the assigned IP address). To use Network Extension mode, you must configure an IP address other than the default of 192.168.10.1 and disable PAT.

VPN 3000 Concentrator Settings Required for Network Extension Mode

For the VPN 3002 to use Network Extension mode, these are the requirements for the central-site VPN Concentrator.

The VPN Concentrator at the central site must be running Software version 3.0 or later.

Configure one or more users for the group, including usernames and passwords.

Configure either a default gateway or a static route to the VPN 3002 private network. See
Chapter 8, "IP Routing," in the VPN 3000 Series Concentrator Reference Volume I: Configuration.

If you want the VPN 3002 to be able to reach devices on other networks that connect to this VPN Concentrator, review your Network Lists. See Chapter 15, "Policy Management," in the VPN 3000 Series Concentrator Reference Volume I: Configuration.

Enabling or Disabling PAT

If you have changed the private interface IP address, the system prompts you to enable or disable PAT:

1) Enable PAT over the IPSec Tunnel

2) Disable PAT over the IPSec Tunnel (Network Extension)

Quick ->

To disable PAT, and use Network Extension mode, at the prompt enter 2. Note that you can not disable PAT if you have not changed the IP address for the private interface.

Configuring DNS

You can specify a Domain Name System (DNS) server for your local ISP, which lets you enter Internet hostnames (for example, mail01) rather than IP addresses for servers as you configure and manage the VPN 3002. While hostnames are easier to remember, using IP addresses avoids problems that might arise with the DNS server offline or congested. If you use a hostname to identify the central-site VPN Concentrator, you must configure a DNS server:

-- : Specify a local DNS server, which lets you enter hostnames

 -- : rather than IP addresses while configuring.

> DNS Server

Quick -> [ 0.0.0.0 ]

At the cursor, enter the IP address of your local DNS server in dotted decimal notation; for example, 10.10.0.11.

Step 2

The system prompts you to enter the registered Internet domain name in which the VPN 3002 is located (sometimes called the domain name suffix or subdomain).

-- : Enter your ISP's domain name; e.g., ispdomain.com

> Domain

Quick -> _

Configuring Static Routes

You can add or delete manual IP routes for this VPN 3002. The system displays a current static routes table:

-------------

Destination     Mask            Metric Destination

------------------------------------------------------------

0.0.0.0         0.0.0.0              1 130.0.0.1

1) Add Static Route

2) Delete Static Route

3) Back

4) Continue

Quick -> _

Adding a Static Route

If you selected 1 to add a static route, the system now prompts for the Net Address.

> Net Address

Quick ->

Enter the network IP address for this static route. Packets with this address are sent to the destination address below.

> Subnet Mask

Quick -> 255.0.0.0

Step 3

The system prompts you to identify the outbound destination as either a router/gateway, or as this VPN 3002 private or public interface.

1) Destination is Router

2) Destination is Interface

Quick -> _

If you want to set a router for the outbound destination, at the prompt enter 1. To select one for the VPN 3002 interfaces, at the prompt, enter 2.

Enter destination address.

Step 4

In either case, the system prompts you for the destination address. If you selected Router, the system prompts for the router address.

> Router Address

Quick -> _

Step 5

If you selected Interface, the system prompts you to choose either the private or public Interface.

Interfaces

----------

1. Private Interface (10.10.99.32)

2. Public Interface (0.0.0.0)

> Interface Number for this route

Quick ->_

Step 6

The system prompts for the cost for this route; this is a number from 1 to 16 where 1 is the lowest cost. The routing subsystem always tries to use the least costly route. For example, if a route uses a low speed line, you might assign a high metric so the system will use it only if all high-speed routes are unavailable.

Enter metric

> Route Metric (1 - 16)

Quick -> _

Static Routes

-------------

Destination     Mask            Metric Destination

------------------------------------------------------------

0.0.0.0         0.0.0.0              1 130.0.0.1

192.44.55.6     255.0.0.0            1 10.10.99.10

1) Add Static Route

2) Delete Static Route

3) Back

4) Continue

Deleting a Static Route

Step 1

To delete a static route, at the prompt enter 2. The system asks you which route you want to delete.

> Delete Which Route (net address)

Quick -> 192.44.55.6

3) Back

4) Continue

The menu displays again, with the route you deleted no longer present. To continue with quick configuration, at the prompt enter 4.

Changing admin Password

You can change the password for the admin administrator user. For ease of use during startup, the default admin password supplied with the VPN 3002 is also admin. Since the admin user has full access to all management and administration functions on the device, we strongly recommend you change this password to improve device security. You can further configure all administrators with the regular Administration menus.

-- : We strongly recommend that you change the password ...

> Reset Admin Password

Quick -> [ ***** ] _

At the cursor, enter a new password for admin. Remember that entries are case sensitive. For maximum security, the password should be at least 8 characters long, a mixture of upper- and lower-case alphabetic and numeric characters, and not easily guessed; for example, W8j9Haq3. The system displays only asterisks. To keep the default, press Enter.

Verify -> _

At the cursor, reenter the new password. The system displays only asterisks. To keep the default, press Enter.

Completing Quick Configuration

You have completed quick configuration, and your entries constitute the active or running configuration. The VPN 3002 now has enough information, and it is operational. The system has saved your changes to the active configuration in the system configuration file as you have made them.

1) Goto Main Configuration Menu

2) Exit

Quick -> _

Step 1

At the cursor, enter 2 to exit quick configuration. The system displays:

Done

Step 2

If you want to use the CLI for other functions, enter 1 at the cursor. For information on using the CLI, see the VPN 3002 Hardware Client Reference.

What Next?

Explore the CLI. The menus follow the same order, and let you perform the same functions, as the
VPN 3002 Hardware Client Manager. See Chapter 14, "Using the Command-Line Interface," in the VPN 3002 Hardware Client Reference for explanations of parameters and entries.

Proceed to a more detailed and complete system configuration. See the VPN 3002 Hardware Client Reference.

Table Of Contents