User Guide
Page 1
VPN 3002 Hardware Client User Guide Release 3.0 March 2001 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: OL-0874-= Text Part Number: OL-0874-01
VPN 3002 Hardware Client User Guide Release 3.0 March 2001 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: OL-0874-= Text Part Number: OL-0874-01
User Guide
Page 2
..., LightStream, MICA, Network Registrar, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are trademarks of Cisco Systems, Inc. and certain other company. (0011R) VPN 3002 Hardware Client User Guide Copyright © 2001, Cisco Systems, Inc. The use of their respective owners. All other brands, names, or trademarks mentioned in the U.S. USERS MUST...
..., LightStream, MICA, Network Registrar, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are trademarks of Cisco Systems, Inc. and certain other company. (0011R) VPN 3002 Hardware Client User Guide Copyright © 2001, Cisco Systems, Inc. The use of their respective owners. All other brands, names, or trademarks mentioned in the U.S. USERS MUST...
User Guide
Page 3
... VPN 3002 Hardware Client Manager Browser requirements 1-1 Recommended PC monitor / display settings 1-3 Connecting to the VPN 3002 using HTTP 1-3 Installing the SSL certificate in your browser 1-3 Connecting to the VPN 3002 using HTTPS 1-16 Logging in the VPN 3002 Hardware Client Manager 1-17 Configuring HTTP, HTTPS, and SSL parameters 1-18 Understanding the VPN 3002 Hardware Client Manager window 1-19 Organization of the VPN 3002 Hardware Client Manager 1-22 Navigating the VPN 3002 Hardware Client...
... VPN 3002 Hardware Client Manager Browser requirements 1-1 Recommended PC monitor / display settings 1-3 Connecting to the VPN 3002 using HTTP 1-3 Installing the SSL certificate in your browser 1-3 Connecting to the VPN 3002 using HTTPS 1-16 Logging in the VPN 3002 Hardware Client Manager 1-17 Configuring HTTP, HTTPS, and SSL parameters 1-18 Understanding the VPN 3002 Hardware Client Manager window 1-19 Organization of the VPN 3002 Hardware Client Manager 1-22 Navigating the VPN 3002 Hardware Client...
User Guide
Page 4
... | Add or Modify 9-9 Configuration | System | Events | Trap Destinations 9-11 Configuration | System | Events | Trap Destinations | Add or Modify 9-12 Configuration | System | Events | Syslog Servers 9-13 iv VPN 3002 Hardware Client User Guide
... | Add or Modify 9-9 Configuration | System | Events | Trap Destinations 9-11 Configuration | System | Events | Trap Destinations | Add or Modify 9-12 Configuration | System | Events | Syslog Servers 9-13 iv VPN 3002 Hardware Client User Guide
User Guide
Page 5
...10 General Configuration | System | General 10-1 Configuration | System | General | Identification 10-2 Configuration | System | General | Time and Date 10-3 11 Policy Management Client mode/PAT 11-1 Network Extension mode 11-2 Configuration | Policy Management 11-3 Configuration | Policy Management | Traffic Management 11-3 Configuration | Policy Management | Traffic Management | PAT...| Certificates | View 12-24 Administration | Certificate Management | Certificates | Delete 12-27 13 Monitoring Monitoring 13-1 Monitoring | Routing Table 13-2 VPN 3002 Hardware Client User Guide v
...10 General Configuration | System | General 10-1 Configuration | System | General | Identification 10-2 Configuration | System | General | Time and Date 10-3 11 Policy Management Client mode/PAT 11-1 Network Extension mode 11-2 Configuration | Policy Management 11-3 Configuration | Policy Management | Traffic Management 11-3 Configuration | Policy Management | Traffic Management | PAT...| Certificates | View 12-24 Administration | Certificate Management | Certificates | Delete 12-27 13 Monitoring Monitoring 13-1 Monitoring | Routing Table 13-2 VPN 3002 Hardware Client User Guide v
User Guide
Page 6
... the CLI 14-3 CLI menu reference 14-7 A Errors and troubleshooting Files for troubleshooting A-1 LED indicators A-2 Errors on the system A-3 Settings on the VPN 3000 Series Concentrator A-4 VPN 3002 Hardware Client Manager errors A-5 Command Line Interface errors A-10 B Copyrights, licenses, and notices Software License Agreement of Cisco Systems, Inc B-1 Other licenses B-3 Regulatory Standards Compliance B-9 vi VPN 3002 Hardware Client User Guide
... the CLI 14-3 CLI menu reference 14-7 A Errors and troubleshooting Files for troubleshooting A-1 LED indicators A-2 Errors on the system A-3 Settings on the VPN 3000 Series Concentrator A-4 VPN 3002 Hardware Client Manager errors A-5 Command Line Interface errors A-10 B Copyrights, licenses, and notices Software License Agreement of Cisco Systems, Inc B-1 Other licenses B-3 Regulatory Standards Compliance B-9 vi VPN 3002 Hardware Client User Guide
User Guide
Page 8
Contents-Table of contents viii VPN 3002 Hardware Client User Guide
Contents-Table of contents viii VPN 3002 Hardware Client User Guide
User Guide
Page 9
Tables Contents Table 9-1: VPN 3002 event classes 9-1 Table 9-2: VPN 3002 event severity levels 9-4 Table 9-3: Configuring "well-known" SNMP traps 9-7 VPN 3002 Hardware Client User Guide ix
Tables Contents Table 9-1: VPN 3002 event classes 9-1 Table 9-2: VPN 3002 event severity levels 9-4 Table 9-3: Configuring "well-known" SNMP traps 9-7 VPN 3002 Hardware Client User Guide ix
User Guide
Page 11
... with Microsoft Internet Explorer or Netscape® Navigator® or Communicator browsers. Preface About this manual The VPN 3002 Hardware Client User Guide provides guidelines for configuring the Cisco VPN 3002, details on all the functions available in the VPN 3002 Hardware Client Manager table of contents (the left frame of the Manager browser window; Organization This manual is not described...
... with Microsoft Internet Explorer or Netscape® Navigator® or Communicator browsers. Preface About this manual The VPN 3002 Hardware Client User Guide provides guidelines for configuring the Cisco VPN 3002, details on all the functions available in the VPN 3002 Hardware Client Manager table of contents (the left frame of the Manager browser window; Organization This manual is not described...
User Guide
Page 12
... protocol for remote user connections via the system console or a Telnet session. It also describes all copyright and license information for Cisco software on it operational (called Quick Configuration). The VPN 3002 Hardware Client Manager also includes extensive context-sensitive online help that provide management functions:, HTTP and HTTPS, Telnet, SNMP, SNMP Community Strings, SSL...
... protocol for remote user connections via the system console or a Telnet session. It also describes all copyright and license information for Cisco software on it operational (called Quick Configuration). The VPN 3002 Hardware Client Manager also includes extensive context-sensitive online help that provide management functions:, HTTP and HTTPS, Telnet, SNMP, SNMP Community Strings, SSL...
User Guide
Page 13
... is included on the Cisco VPN 3000 Concentrator software distribution CD-ROM. VPN 3002 Hardware Client User Guide xiii version 4.5 is available in the following ways: • Registered Cisco Direct Customers can order Cisco Product documentation from Cisco Systems. World Wide Web You can access the most current Cisco documentation on the World Wide Web at the following sections provide...
... is included on the Cisco VPN 3000 Concentrator software distribution CD-ROM. VPN 3002 Hardware Client User Guide xiii version 4.5 is available in the following ways: • Registered Cisco Direct Customers can order Cisco Product documentation from Cisco Systems. World Wide Web You can access the most current Cisco documentation on the World Wide Web at the following sections provide...
User Guide
Page 14
.... In addition, you complete the form, click Submit to send it to the TAC website: xiv VPN 3002 Hardware Client User Guide To access Cisco.com, go to their relationships with Cisco. You can mail your convenience many documents contain a response card behind the front cover. Contacting TAC ...Drive San Jose, CA 95134-9883 We appreciate your comments to -use tool for doing business with Cisco. Customers and partners can resolve technical issues with a Cisco product or technology that provides immediate, open access to help customers and partners streamline business processes and ...
.... In addition, you complete the form, click Submit to send it to the TAC website: xiv VPN 3002 Hardware Client User Guide To access Cisco.com, go to their relationships with Cisco. You can mail your convenience many documents contain a response card behind the front cover. Contacting TAC ...Drive San Jose, CA 95134-9883 We appreciate your comments to -use tool for doing business with Cisco. Customers and partners can resolve technical issues with a Cisco product or technology that provides immediate, open access to help customers and partners streamline business processes and ...
User Guide
Page 15
... Protocol (IPSec). Other references Other useful books and articles include: Frequently Asked Questions about Microsoft VPN Security. Encyclopedia of the above cases, use the Cisco TAC website to quickly find answers to your country, go to business operations if service is down....cisco.com/tac P3 and P4 level problems are defined as follows: • P3-Your network performance is severely degraded, affecting significant aspects of your business operations. To obtain a directory of toll-free numbers for computer, networking, and data communication terms. VPN 3002 Hardware Client ...
... Protocol (IPSec). Other references Other useful books and articles include: Frequently Asked Questions about Microsoft VPN Security. Encyclopedia of the above cases, use the Cisco TAC website to quickly find answers to your country, go to business operations if service is down....cisco.com/tac P3 and P4 level problems are defined as follows: • P3-Your network performance is severely degraded, affecting significant aspects of your business operations. To obtain a directory of toll-free numbers for computer, networking, and data communication terms. VPN 3002 Hardware Client ...
User Guide
Page 17
VPN 3002 Hardware Client User Guide xvii The VPN3002 always stores filenames as uppercase. Port numbers Port numbers use decimal numbers from 0 to 65535 with no commas or spaces. Data formats Filenames Filenames on the VPN 3002 follow the DOS 8.3 naming convention: a maximum of eight characters for the name, plus a maximum of three characters for an extension. For example, LOG00007.TXT is a legitimate filename.
VPN 3002 Hardware Client User Guide xvii The VPN3002 always stores filenames as uppercase. Port numbers Port numbers use decimal numbers from 0 to 65535 with no commas or spaces. Data formats Filenames Filenames on the VPN 3002 follow the DOS 8.3 naming convention: a maximum of eight characters for the name, plus a maximum of three characters for an extension. For example, LOG00007.TXT is a legitimate filename.
User Guide
Page 19
.... Once the SSL certificate is an HTML-based interface that lets you configure, administer, monitor, and manage the VPN 3002 with Netscape navigator/Communicator version 4.0. Check these settings: VPN 3002 Hardware Client User Guide 1-1 CHAPTER 1 Using the VPN 3002 Hardware Client Manager The VPN 3002 Hardware Client Manager is installed, you can also use , install the latest patches and service packs for it , you...
.... Once the SSL certificate is an HTML-based interface that lets you configure, administer, monitor, and manage the VPN 3002 with Netscape navigator/Communicator version 4.0. Check these settings: VPN 3002 Hardware Client User Guide 1-1 CHAPTER 1 Using the VPN 3002 Hardware Client Manager The VPN 3002 Hardware Client Manager is installed, you can also use , install the latest patches and service packs for it , you...
User Guide
Page 20
... select Preferences. - On the Tools menu, select Internet Options. - Click Enable under Scripting of the Accept ... 1 Using the VPN 3002 Hardware Client Manager • Internet Explorer 4.0: - In the Security Settings window, scroll down to Scripting. - On the Advanced screen, click...click Custom (for Enable JavaScript. In the Security Settings window, scroll down to prevent mistakes while using the VPN 3002 Hardware Client Manager. 1-2 VPN 3002 Hardware Client User Guide On the Advanced screen, check the box for expert users) then click Settings. - cookies choices...
... select Preferences. - On the Tools menu, select Internet Options. - Click Enable under Scripting of the Accept ... 1 Using the VPN 3002 Hardware Client Manager • Internet Explorer 4.0: - In the Security Settings window, scroll down to Scripting. - On the Advanced screen, click...click Custom (for Enable JavaScript. In the Security Settings window, scroll down to prevent mistakes while using the VPN 3002 Hardware Client Manager. 1-2 VPN 3002 Hardware Client User Guide On the Advanced screen, check the box for expert users) then click Settings. - cookies choices...
User Guide
Page 21
... up the browser. 2 In the browser Address or Location field, you use the standard HTTP protocol to connect to Logging in your browser (VPN 3002 hardware client) and the VPN Concentrator (server). e.g., 10.10.147.2. This protocol is known as HTTPS, and uses the https:// prefix to connect to install an SSL ...certificate in the VPN 3002 Hardware Client Manager on page 1-17. Even if you plan to use HTTPS, you can use HTTP at first to the server. SSL creates a secure...
... up the browser. 2 In the browser Address or Location field, you use the standard HTTP protocol to connect to Logging in your browser (VPN 3002 hardware client) and the VPN Concentrator (server). e.g., 10.10.147.2. This protocol is known as HTTPS, and uses the https:// prefix to connect to install an SSL ...certificate in the VPN 3002 Hardware Client Manager on page 1-17. Even if you plan to use HTTPS, you can use HTTP at first to the server. SSL creates a secure...
User Guide
Page 22
1 Using the VPN 3002 Hardware Client Manager HTTPS is installed, you must be installed in your... certificate with a similar protocol, S-HTTP (Secure HTTP), which encrypts only HTTP application-level data. The VPN 3002 creates a self-signed SSL server certificate when it boots, and this certificate must enable HTTPS on the browser...using HTTPS. Continue below for authentication. You need to load with or without SSL. Managing the VPN 3002 is similar.) 1-4 VPN 3002 Hardware Client User Guide Manager screens may differ but the process is the same with SSL because of encryption...
1 Using the VPN 3002 Hardware Client Manager HTTPS is installed, you must be installed in your... certificate with a similar protocol, S-HTTP (Secure HTTP), which encrypts only HTTP application-level data. The VPN 3002 creates a self-signed SSL server certificate when it boots, and this certificate must enable HTTPS on the browser...using HTTPS. Continue below for authentication. You need to load with or without SSL. Managing the VPN 3002 is similar.) 1-4 VPN 3002 Hardware Client User Guide Manager screens may differ but the process is the same with SSL because of encryption...
User Guide
Page 23
... install it , the browser repeats all these steps each time. The browser displays the Certificate dialog box with information about the certificate. VPN 3002 Hardware Client User Guide 1-5 A few seconds after the VPN 3002 Hardware Client Manager SSL screen appears, Internet Explorer displays a File Download dialog box that identifies the certificate filename and source, and asks whether to...
... install it , the browser repeats all these steps each time. The browser displays the Certificate dialog box with information about the certificate. VPN 3002 Hardware Client User Guide 1-5 A few seconds after the VPN 3002 Hardware Client Manager SSL screen appears, Internet Explorer displays a File Download dialog box that identifies the certificate filename and source, and asks whether to...
User Guide
Page 24
The wizard opens the next dialog box asking you to complete the installation. 1-6 VPN 3002 Hardware Client User Guide The wizard opens a dialog box to select a certificate store. 1 Using the VPN 3002 Hardware Client Manager Figure 1-5: Internet Explorer Certificate Manager Import Wizard dialog box 5 Click Next to continue. Figure 1-6: Internet Explorer Certificate Manager Import Wizard dialog box 6 Let the wizard Automatically select the certificate store, and click Next.
The wizard opens the next dialog box asking you to complete the installation. 1-6 VPN 3002 Hardware Client User Guide The wizard opens a dialog box to select a certificate store. 1 Using the VPN 3002 Hardware Client Manager Figure 1-5: Internet Explorer Certificate Manager Import Wizard dialog box 5 Click Next to continue. Figure 1-6: Internet Explorer Certificate Manager Import Wizard dialog box 6 Let the wizard Automatically select the certificate store, and click Next.