User Guide
Page 2
... KIND, EXPRESS OR IMPLIED. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the word partner does not imply a partnership relationship between Cisco and any other company. (0011R) VPN 3002 Hardware Client User Guide Copyright © 2001, Cisco Systems, Inc. IN NO EVENT...
... KIND, EXPRESS OR IMPLIED. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the word partner does not imply a partnership relationship between Cisco and any other company. (0011R) VPN 3002 Hardware Client User Guide Copyright © 2001, Cisco Systems, Inc. IN NO EVENT...
User Guide
Page 11
... the VPN 3002 Hardware Client Getting Started manual and have followed the minimal configuration steps in Quick Configuration. Chapter 1, Using the VPN 3002 Hardware Client Manager explains how to install the SSL certificate for using the VPN 3002 Command Line Interface. It explains both HTTP and HTTPS browser connections, and how to log in the VPN 3002 Hardware Client Manager table of contents (the left frame of the VPN 3002 Hardware Client Manager. Chapter 5, Servers explains how to configure the VPN 3002 to you. Preface About this manual The VPN 3002 Hardware Client User Guide...
... the VPN 3002 Hardware Client Getting Started manual and have followed the minimal configuration steps in Quick Configuration. Chapter 1, Using the VPN 3002 Hardware Client Manager explains how to install the SSL certificate for using the VPN 3002 Command Line Interface. It explains both HTTP and HTTPS browser connections, and how to log in the VPN 3002 Hardware Client Manager table of contents (the left frame of the VPN 3002 Hardware Client Manager. Chapter 5, Servers explains how to configure the VPN 3002 to you. Preface About this manual The VPN 3002 Hardware Client User Guide...
User Guide
Page 12
... Quick Configuration). The VPN 3002 Hardware Client Manager also includes extensive context-sensitive online help that you from the online version; The VPN 3002 Hardware Client Quick Reference Card summarizes information for installing the VPN 3002 and beginning configuration. The VPN 3000 Concentrator Series User Guide provides details on the toolbar in the Manager window. xii VPN 3002 Hardware Client User Guide Chapter 13, Monitoring explains the many status, statistics, sessions, and event log screens that you can use the VPN Client command line interface, and how to make...
... Quick Configuration). The VPN 3002 Hardware Client Manager also includes extensive context-sensitive online help that you from the online version; The VPN 3002 Hardware Client Quick Reference Card summarizes information for installing the VPN 3002 and beginning configuration. The VPN 3000 Concentrator Series User Guide provides details on the toolbar in the Manager window. xii VPN 3002 Hardware Client User Guide Chapter 13, Monitoring explains the many status, statistics, sessions, and event log screens that you can use the VPN Client command line interface, and how to make...
User Guide
Page 14
... obtain documentation, troubleshooting tips, and sample configurations from the TAC website. Cisco.com Cisco.com is the foundation of a suite of features and services to the following address: Cisco Systems, Inc. To access Cisco.com, go to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can order products, check on Cisco.com to the TAC website: xiv VPN 3002 Hardware Client User Guide This highly integrated Internet...
... obtain documentation, troubleshooting tips, and sample configurations from the TAC website. Cisco.com Cisco.com is the foundation of a suite of features and services to the following address: Cisco Systems, Inc. To access Cisco.com, go to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can order products, check on Cisco.com to the TAC website: xiv VPN 3002 Hardware Client User Guide This highly integrated Internet...
User Guide
Page 19
... version you need only to connect to the Manager using HTTPS; JavaScript Be sure JavaScript is an HTML-based interface that lets you can also use HTTP over SSL (Secure Sockets Layer) protocol, which is a cleartext protocol. Check these settings: VPN 3002 Hardware Client User Guide 1-1 For best results, we recommend Internet Explorer. Browser requirements The VPN 3002 Hardware Client Manager requires either Microsoft Internet Explorer version 4.0 or higher, or Netscape Navigator / Communicator version 4.5-4.7. see Installing...
... version you need only to connect to the Manager using HTTPS; JavaScript Be sure JavaScript is an HTML-based interface that lets you can also use HTTP over SSL (Secure Sockets Layer) protocol, which is a cleartext protocol. Check these settings: VPN 3002 Hardware Client User Guide 1-1 For best results, we recommend Internet Explorer. Browser requirements The VPN 3002 Hardware Client Manager requires either Microsoft Internet Explorer version 4.0 or higher, or Netscape Navigator / Communicator version 4.5-4.7. see Installing...
User Guide
Page 21
... can just enter the VPN3002 Private interface IP address; VPN 3002 Hardware Client User Guide 1-3 Minimum = 800 x 600 pixels. • Color palette = 256 colors or higher. Figure 1-1: VPN 3302 Hardware Client Manager login screen To continue using HTTP over SSL with the browser. This protocol is known as HTTPS, and uses the https:// prefix to connect to the system. Connecting to the VPN 3002 using HTTP When your system administration tasks...
... can just enter the VPN3002 Private interface IP address; VPN 3002 Hardware Client User Guide 1-3 Minimum = 800 x 600 pixels. • Color palette = 256 colors or higher. Figure 1-1: VPN 3302 Hardware Client Manager login screen To continue using HTTP over SSL with the browser. This protocol is known as HTTPS, and uses the https:// prefix to connect to the system. Connecting to the VPN 3002 using HTTP When your system administration tasks...
User Guide
Page 22
... must be installed in your browser. You need to load with a similar protocol, S-HTTP (Secure HTTP), which encrypts only HTTP application-level data. Manager screens may differ but the process is similar.) 1-4 VPN 3002 Hardware Client User Guide The Manager displays the Install SSL Certificate screen and automatically begins to download and install its status bar. SSL uses digital certificates for the first time. When connected via SSL...
... must be installed in your browser. You need to load with a similar protocol, S-HTTP (Secure HTTP), which encrypts only HTTP application-level data. Manager screens may differ but the process is similar.) 1-4 VPN 3002 Hardware Client User Guide The Manager displays the Install SSL Certificate screen and automatically begins to download and install its status bar. SSL uses digital certificates for the first time. When connected via SSL...
User Guide
Page 43
.... • Quick Configuration: the minimal parameters needed to the Private and Public interfaces. • System: parameters for system-wide functions: server access, IPSec, IP routing, built-in detail. VPN 3002 Hardware Client User Guide 2-1 Configuration CHAPTER 2 Configuring the VPN 3002 means setting all the parameters that cover typical installations and uses; Cisco supplies default parameters that govern its use online Help, or see the VPN 3002 Getting Started manual, available online only. • Interfaces: parameters specific to make the VPN 3002 operational...
.... • Quick Configuration: the minimal parameters needed to the Private and Public interfaces. • System: parameters for system-wide functions: server access, IPSec, IP routing, built-in detail. VPN 3002 Hardware Client User Guide 2-1 Configuration CHAPTER 2 Configuring the VPN 3002 means setting all the parameters that cover typical installations and uses; Cisco supplies default parameters that govern its use online Help, or see the VPN 3002 Getting Started manual, available online only. • Interfaces: parameters specific to make the VPN 3002 operational...
User Guide
Page 62
... of the Manager window. 7-2 VPN 3002 Hardware Client User Guide To modify a configured static route, select the route from the list and click Delete. To save the active configuration and make it appears first in the list as [Default -> default router address]. The Manager opens the Configuration | System | IP Routing | Static Routes | Modify screen. The format is no static routes have been configured. The Manager immediately includes your changes in the list. If you have configured the default gateway, it the boot configuration, click the Save Needed icon at...
... of the Manager window. 7-2 VPN 3002 Hardware Client User Guide To modify a configured static route, select the route from the list and click Delete. To save the active configuration and make it appears first in the list as [Default -> default router address]. The Manager opens the Configuration | System | IP Routing | Static Routes | Modify screen. The format is no static routes have been configured. The Manager immediately includes your changes in the list. If you have configured the default gateway, it the boot configuration, click the Save Needed icon at...
User Guide
Page 65
... lease is not on one of the default gateway or router. Using DHCP simplifies configuration since you do not need to use it the boot configuration, click the Save Needed icon at the top of time, or lease period. VPN 3002 Hardware Client User Guide 7-5 e.g., 192.168.12.77. For example, if this route uses a low-speed line, you enter an IP address that is the lowest cost. The Manager returns to include your entries, click...
... lease is not on one of the default gateway or router. Using DHCP simplifies configuration since you do not need to use it the boot configuration, click the Save Needed icon at the top of time, or lease period. VPN 3002 Hardware Client User Guide 7-5 e.g., 192.168.12.77. For example, if this route uses a low-speed line, you enter an IP address that is the lowest cost. The Manager returns to include your entries, click...
User Guide
Page 70
... disable both HTTP and HTTPS, you cannot use a Web browser to connect to enable the HTTP server. Use the Cisco Command Line Interface from the login screen. Figure 8-2: Configuration | System | Management Protocols | HTTP/HTTPS screen Enable HTTP Check the box to the VPN 3002. HTTP must restart the Manager session from the console or a Telnet session. See the notes above. 8-2 VPN 3002 Hardware Client User Guide 8 Management Protocols Configuration | System | Management Protocols | HTTP/HTTPS This screen lets you configure and enable...
... disable both HTTP and HTTPS, you cannot use a Web browser to connect to enable the HTTP server. Use the Cisco Command Line Interface from the login screen. Figure 8-2: Configuration | System | Management Protocols | HTTP/HTTPS screen Enable HTTP Check the box to the VPN 3002. HTTP must restart the Manager session from the console or a Telnet session. See the notes above. 8-2 VPN 3002 Hardware Client User Guide 8 Management Protocols Configuration | System | Management Protocols | HTTP/HTTPS This screen lets you configure and enable...
User Guide
Page 71
... default is 443, which is 10. Maximum Sessions Enter the maximum number of the Manager window. The Manager returns to enable the HTTPS server. Configuration | System | Management Protocols | HTTP/HTTPS Enable HTTPS Check the box to the Configuration | System | Management Protocols screen. If both HTTP and HTTPS are disabled, you can no longer use the Manager, and you use the Manager over an encrypted connection. Figure 8-3: Configuration | System | Management Protocols screen VPN 3002 Hardware Client User Guide...
... default is 443, which is 10. Maximum Sessions Enter the maximum number of the Manager window. The Manager returns to enable the HTTPS server. Configuration | System | Management Protocols | HTTP/HTTPS Enable HTTPS Check the box to the Configuration | System | Management Protocols screen. If both HTTP and HTTPS are disabled, you can no longer use the Manager, and you use the Manager over an encrypted connection. Figure 8-3: Configuration | System | Management Protocols screen VPN 3002 Hardware Client User Guide...
User Guide
Page 72
... Port Enter the port number that Telnet over a secure, encrypted connection. Telnet server login usernames and passwords are the same as those enabled and configured on the Administration | Access Rights | Administrators screens. This enabled by default. Figure 8-4: Configuration | System | Management Protocols | Telnet screen Enable Telnet Check the box to communicate with the VPN 3002. The box is the well-known port number. 8-4 VPN 3002 Hardware Client User Guide The default is 992, which is the well-known port number. 8 Management Protocols Configuration | System | Management...
... Port Enter the port number that Telnet over a secure, encrypted connection. Telnet server login usernames and passwords are the same as those enabled and configured on the Administration | Access Rights | Administrators screens. This enabled by default. Figure 8-4: Configuration | System | Management Protocols | Telnet screen Enable Telnet Check the box to communicate with the VPN 3002. The box is the well-known port number. 8-4 VPN 3002 Hardware Client User Guide The default is 992, which is the well-known port number. 8 Management Protocols Configuration | System | Management...
User Guide
Page 80
... use to 4 times more processing than the 512-bit key. 1024-bit RSA Key = This key size provides high security. The SSH server supports SSH1 (protocol version 1.5), which uniquely identifies the VPN 3002 See Configuration | System | Management Protocols | SSL. 8-12 VPN 3002 Hardware Client User Guide The Manager returns to include your settings, click Cancel. To discard your settings in the active configuration, click Apply. At the start of the SSL certificate is the default...
... use to 4 times more processing than the 512-bit key. 1024-bit RSA Key = This key size provides high security. The SSH server supports SSH1 (protocol version 1.5), which uniquely identifies the VPN 3002 See Configuration | System | Management Protocols | SSL. 8-12 VPN 3002 Hardware Client User Guide The Manager returns to include your settings, click Cancel. To discard your settings in the active configuration, click Apply. At the start of the SSL certificate is the default...
User Guide
Page 131
...installed server identity certificates. The system uses parameters set on the VPN3002. Subject / Issuer The Common Name (CN) or Organizational Unit (OU) (if present), plus the Organization (O) in the Subject and Issuer fields of 33 characters each time you view and delete certificates. The Manager... server certificate installed on the Configuration | System | Management Protocols | SSL screen and generates the certificate. The system can also generate a self-signed SSL server certificate. The new certificate replaces any existing SSL certificate. VPN 3002 Hardware Client User Guide ...
...installed server identity certificates. The system uses parameters set on the VPN3002. Subject / Issuer The Common Name (CN) or Organizational Unit (OU) (if present), plus the Organization (O) in the Subject and Issuer fields of 33 characters each time you view and delete certificates. The Manager... server certificate installed on the Configuration | System | Management Protocols | SSL screen and generates the certificate. The system can also generate a self-signed SSL server certificate. The new certificate replaces any existing SSL certificate. VPN 3002 Hardware Client User Guide ...
User Guide
Page 180
... enabled. If you have changed them, use your entry.) The CLI displays the opening welcome message, the main menu, and the Main -> prompt. Login: _ Starting the CLI You start the CLI by default on the private network.) See the Configuration | System | Management Protocols | Telnet screen on the Manager. 2 Start the Telnet or Telnet/SSL client, and connect to Config file 5) Help Information 6) Exit Main -> _ 14-2 VPN 3002 Hardware Client User Guide This example uses the factory-supplied default admin login and password...
... enabled. If you have changed them, use your entry.) The CLI displays the opening welcome message, the main menu, and the Main -> prompt. Login: _ Starting the CLI You start the CLI by default on the private network.) See the Configuration | System | Management Protocols | Telnet screen on the Manager. 2 Start the Telnet or Telnet/SSL client, and connect to Config file 5) Help Information 6) Exit Main -> _ 14-2 VPN 3002 Hardware Client User Guide This example uses the factory-supplied default admin login and password...
User Guide
Page 182
... work only when you are at a menu, not when you are two ways to Config file 5) Help Information 6) Exit Main -> 2 (Administration) ) Software Update 2) System Reboot 3) Ping 4) Access Rights 5) File Management 6) Certificate Management 7) Back Config -> 4 (Access Rights) 1) Administrators 2) Access Settings 3) Back Admin -> 1 Administrative Users Username Enabled admin Yes config No isp No 1) Modify Administrator 2) Back Admin -> 1 14-4 VPN 3002 Hardware Client User Guide The series of numbers separated by periods. 14 Using the Command Line Interface Navigating...
... work only when you are at a menu, not when you are two ways to Config file 5) Help Information 6) Exit Main -> 2 (Administration) ) Software Update 2) System Reboot 3) Ping 4) Access Rights 5) File Management 6) Certificate Management 7) Back Config -> 4 (Access Rights) 1) Administrators 2) Access Settings 3) Back Admin -> 1 Administrative Users Username Enabled admin Yes config No isp No 1) Modify Administrator 2) Back Admin -> 1 14-4 VPN 3002 Hardware Client User Guide The series of numbers separated by periods. 14 Using the Command Line Interface Navigating...
User Guide
Page 195
... VPN 3002 automatically saves the event log to boot the system. • CONFIG.BAK = Backup configuration file. The SAVELOG.TXT file is rebooted. Event logs The VPN 3002 records system events in nonvolatile memory (NVRAM). APPENDIX A Errors and troubleshooting This appendix describes files for troubleshooting the VPN 3002, LED indicators on the system, and common errors that is automatically saved when the system crashes and when it is useful for troubleshooting The VPN 3002 Hardware Client creates several files...
... VPN 3002 automatically saves the event log to boot the system. • CONFIG.BAK = Backup configuration file. The SAVELOG.TXT file is rebooted. Event logs The VPN 3002 records system events in nonvolatile memory (NVRAM). APPENDIX A Errors and troubleshooting This appendix describes files for troubleshooting the VPN 3002, LED indicators on the system, and common errors that is automatically saved when the system crashes and when it is useful for troubleshooting The VPN 3002 Hardware Client creates several files...
User Guide
Page 197
... you make any changes, navigate to which this section to Monitoring > System Status. Unit has failed diagnostics. Click Connect Now. 1 Check that the VPN 3000 Series Concentrator to which this LED display: PWR = green SYS LED = green VPN LED = off . You see Chapter 9, Events, in the VPN 3002 Hardware Client User Guide. 1 Verify that the power cable is plugged into the VPN 3002 and a power outlet. Verify: - User name and password are unable to connect to...
... you make any changes, navigate to which this section to Monitoring > System Status. Unit has failed diagnostics. Click Connect Now. 1 Check that the VPN 3000 Series Concentrator to which this LED display: PWR = green SYS LED = green VPN LED = off . You see Chapter 9, Events, in the VPN 3002 Hardware Client User Guide. 1 Verify that the power cable is plugged into the VPN 3002 and a power outlet. Verify: - User name and password are unable to connect to...
User Guide
Page 198
... names and passwords that the DHCP server on the VPN 3000 Series Concentrator If your network administrator. See Chapter 14, User Management, in the VPN 3000 Concentrator Series User Guide. 4 If you set on . A-4 VPN 3002 Hardware Client Getting Started Attempting to the Private network of address assignment for the Private interface/ switch port are using Network Extension mode, configure a default gateway or a static route to ping the default gateway (Administration > Ping) yields no response. LED(s) for the VPN 3002: DHCP, address pools, per user, or client specified. See...
... names and passwords that the DHCP server on the VPN 3000 Series Concentrator If your network administrator. See Chapter 14, User Management, in the VPN 3000 Concentrator Series User Guide. 4 If you set on . A-4 VPN 3002 Hardware Client Getting Started Attempting to the Private network of address assignment for the Private interface/ switch port are using Network Extension mode, configure a default gateway or a static route to ping the default gateway (Administration > Ping) yields no response. LED(s) for the VPN 3002: DHCP, address pools, per user, or client specified. See...