User Guide
Page 6
...-2 Using the CLI 14-3 CLI menu reference 14-7 A Errors and troubleshooting Files for troubleshooting A-1 LED indicators A-2 Errors on the system A-3 Settings on the VPN 3000 Series Concentrator A-4 VPN 3002 Hardware Client Manager errors A-5 Command Line Interface errors A-10 B Copyrights, licenses, and notices Software License Agreement of Cisco Systems, Inc B-1 Other licenses B-3 Regulatory Standards Compliance B-9 vi VPN 3002 Hardware Client User Guide
...-2 Using the CLI 14-3 CLI menu reference 14-7 A Errors and troubleshooting Files for troubleshooting A-1 LED indicators A-2 Errors on the system A-3 Settings on the VPN 3000 Series Concentrator A-4 VPN 3002 Hardware Client Manager errors A-5 Command Line Interface errors A-10 B Copyrights, licenses, and notices Software License Agreement of Cisco Systems, Inc B-1 Other licenses B-3 Regulatory Standards Compliance B-9 vi VPN 3002 Hardware Client User Guide
User Guide
Page 12
... and license information for Cisco software on it operational (called Quick Configuration). This quick reference card is provided with the VPN 3002 and you from the online version; The VPN 3000 Concentrator Series Getting Started manual provides information to take you can access and configure all system and module LED indicators. xii VPN 3002 Hardware Client User Guide It...
... and license information for Cisco software on it operational (called Quick Configuration). This quick reference card is provided with the VPN 3002 and you from the online version; The VPN 3000 Concentrator Series Getting Started manual provides information to take you can access and configure all system and module LED indicators. xii VPN 3002 Hardware Client User Guide It...
User Guide
Page 13
... distribution CDs Documentation on VPN software distribution CDs The VPN 3000 Concentrator and VPN 3002 Hardware Client documentation is provided on the VPN 3000 Concentrator software distribution CD-ROM in PDF format. The VPN Client documentation is included on the Cisco VPN 3000 Concentrator software distribution CD-ROM. Ordering documentation Cisco documentation is available as a single unit or as an annual subscription. To open the...
... distribution CDs Documentation on VPN software distribution CDs The VPN 3000 Concentrator and VPN 3002 Hardware Client documentation is provided on the VPN 3000 Concentrator software distribution CD-ROM in PDF format. The VPN Client documentation is included on the Cisco VPN 3000 Concentrator software distribution CD-ROM. Ordering documentation Cisco documentation is available as a single unit or as an annual subscription. To open the...
User Guide
Page 21
... x 600 pixels. • Color palette = 256 colors or higher. e.g., 10.10.147.2. VPN 3002 Hardware Client User Guide 1-3 Even if you plan to use HTTPS, you use HTTP at first to the system. The browser...VPN 3002 Hardware Client Manager on page 1-17. SSL creates a secure session between the VPN 3002 and your browser, you can use , we recommend setting your browser The Manager provides the option of use the standard HTTP protocol to connect to install an SSL certificate in your browser (VPN 3002 hardware client) and the VPN Concentrator (server). Connecting to the VPN 3002...
... x 600 pixels. • Color palette = 256 colors or higher. e.g., 10.10.147.2. VPN 3002 Hardware Client User Guide 1-3 Even if you plan to use HTTPS, you use HTTP at first to the system. The browser...VPN 3002 Hardware Client Manager on page 1-17. SSL creates a secure session between the VPN 3002 and your browser, you can use , we recommend setting your browser The Manager provides the option of use the standard HTTP protocol to connect to install an SSL certificate in your browser (VPN 3002 hardware client) and the VPN Concentrator (server). Connecting to the VPN 3002...
User Guide
Page 38
.... Help tab Click to VPN 3000 Concentrator Series and VPN 3002 Hardware Client documentation in PDF format. (To view the PDF files, you need Adobe® Acrobat® Reader 3.0 or later, and version 4.0 is included on the VPN 3000 Concentrator Series software CD-ROM.) When you momentarily rest the pointer on the main Cisco Web page, Cisco Connection Online (CCO...
.... Help tab Click to VPN 3000 Concentrator Series and VPN 3002 Hardware Client documentation in PDF format. (To view the PDF files, you need Adobe® Acrobat® Reader 3.0 or later, and version 4.0 is included on the VPN 3000 Concentrator Series software CD-ROM.) When you momentarily rest the pointer on the main Cisco Web page, Cisco Connection Online (CCO...
User Guide
Page 53
... as you add here is configured on the central-site Concentrator in order. VPN 3002 Hardware Client User Guide 5-1 For the VPN 3002, these servers. Configuration | System | Servers This section of these are DNS servers that you configure and manage the VPN 3002. DNS servers convert domain names to IP addresses. DNS information that convert hostnames to IP addresses...
... as you add here is configured on the central-site Concentrator in order. VPN 3002 Hardware Client User Guide 5-1 For the VPN 3002, these servers. Configuration | System | Servers This section of these are DNS servers that you configure and manage the VPN 3002. DNS servers convert domain names to IP addresses. DNS information that convert hostnames to IP addresses...
User Guide
Page 58
..., etc. and second, to work with the VPN Concentrator; X.509 Digital Certificates • Diffie-Hellman Groups 1and 2 • Encryption Algorithms: - IPSec provides the most secure protocol. The VPN 3002 initiates all according to establish the tunnel (the IKE SA); DES-56 - 3DES-168 • Extended Authentication (XAuth) 6-2 VPN 3002 Hardware Client User Guide 6 Tunneling Configuration | System | Tunneling Protocols...
..., etc. and second, to work with the VPN Concentrator; X.509 Digital Certificates • Diffie-Hellman Groups 1and 2 • Encryption Algorithms: - IPSec provides the most secure protocol. The VPN 3002 initiates all according to establish the tunnel (the IKE SA); DES-56 - 3DES-168 • Extended Authentication (XAuth) 6-2 VPN 3002 Hardware Client User Guide 6 Tunneling Configuration | System | Tunneling Protocols...
User Guide
Page 59
....56. Group and user names and passwords must be identical on the VPN 3002 and on the Concentrator to which this VPN 3002 connects. In the Group Password field, enter a unique password for the group to which this VPN 3002 connects. The field displays only asterisks. VPN 3002 Hardware Client User Guide 6-3 Check the box to authenticate the peer during Phase...
....56. Group and user names and passwords must be identical on the VPN 3002 and on the Concentrator to which this VPN 3002 connects. In the Group Password field, enter a unique password for the group to which this VPN 3002 connects. The field displays only asterisks. VPN 3002 Hardware Client User Guide 6-3 Check the box to authenticate the peer during Phase...
User Guide
Page 60
...characters, case-sensitive. Minimum is 4, maximum is the user password configured on the central-site Concentrator to which this VPN 3002 connects. Maximum is the user name configured on the central-site Concentrator to which this user. Maximum is 32 characters, case-sensitive.This is 32 characters, case...-sensitive. In the User Name field, enter a unique name for this VPN 3002 connects. The field displays only asterisks. In the...
...characters, case-sensitive. Minimum is 4, maximum is the user password configured on the central-site Concentrator to which this VPN 3002 connects. Maximum is the user name configured on the central-site Concentrator to which this user. Maximum is 32 characters, case-sensitive.This is 32 characters, case...-sensitive. In the User Name field, enter a unique name for this VPN 3002 connects. The field displays only asterisks. In the...
User Guide
Page 103
... ping or access a device on the VPN 3002 includes deciding whether your want the VPN 3002 to the VPN 3002. NAT translates the network addresses of the devices connected to the VPN 3002 Private interface to networks within the Concentrator's network list, travels in either of the computers on the corporate network. VPN 3002 Hardware Client User Guide 11-1 The IP addresses of...
... ping or access a device on the VPN 3002 includes deciding whether your want the VPN 3002 to the VPN 3002. NAT translates the network addresses of the devices connected to the VPN 3002 Private interface to networks within the Concentrator's network list, travels in either of the computers on the corporate network. VPN 3002 Hardware Client User Guide 11-1 The IP addresses of...
User Guide
Page 104
... for tunneled traffic (as described above. See Chapter 6, Address Management, in the VPN 3000 Concentrator Series User Guide. 11-2 VPN 3002 Hardware Client User Guide The tunnel is terminated with split tunneling You assign the VPN 3002 to a Group on the private side of the VPN 3002 Public interface. If you enable split tunneling for that group, IPSec operates on...
... for tunneled traffic (as described above. See Chapter 6, Address Management, in the VPN 3000 Concentrator Series User Guide. 11-2 VPN 3002 Hardware Client User Guide The tunnel is terminated with split tunneling You assign the VPN 3002 to a Group on the private side of the VPN 3002 Public interface. If you enable split tunneling for that group, IPSec operates on...
User Guide
Page 105
Configuration | Policy Management | Traffic Management The Manager displays the Configuration | Policy Management | Traffic Management screen. VPN 3002 Hardware Client User Guide 11-3 Configuration | Policy Management The Configuration | Policy Management screen introduces this Concentrator, review your Network Lists. Figure 11-2: Configuration | Policy Management | Traffic Management screen PAT To configure PAT (Port Address Translation) click PAT. Configuration | Policy...
Configuration | Policy Management | Traffic Management The Manager displays the Configuration | Policy Management | Traffic Management screen. VPN 3002 Hardware Client User Guide 11-3 Configuration | Policy Management The Configuration | Policy Management screen introduces this Concentrator, review your Network Lists. Figure 11-2: Configuration | Policy Management | Traffic Management screen PAT To configure PAT (Port Address Translation) click PAT. Configuration | Policy...
User Guide
Page 146
... a bootcode upgrade, only Cisco support personnel can update this VPN client. Up Since The date and time that the VPN 3002 was last updated. Software Rev The version name, number, and date of SDRAM memory installed in Network Extension mode. 13-10 VPN 3002 Hardware Client User Guide When you boot... and it . You can do so. RAM Size The total amount of the VPN 3002 Hardware Client system software image file. Assigned IP Address The IP address assigned to the VPN 3002 by the central-site Concentrator when PAT mode is running in Network Extension mode, because the central-site...
... a bootcode upgrade, only Cisco support personnel can update this VPN client. Up Since The date and time that the VPN 3002 was last updated. Software Rev The version name, number, and date of SDRAM memory installed in Network Extension mode. 13-10 VPN 3002 Hardware Client User Guide When you boot... and it . You can do so. RAM Size The total amount of the VPN 3002 Hardware Client system software image file. Assigned IP Address The IP address assigned to the VPN 3002 by the central-site Concentrator when PAT mode is running in Network Extension mode, because the central-site...
User Guide
Page 147
Monitoring | System Status Tunnel Established to which this VPN 3002 connects. VPN 3002 Hardware Client User Guide 13-11 Duration: The length of the VPN 3000 Concentrator to : The IP address of time that this SA has sent since the tunnel has been up . Encryption The encryption ... . Authentication The authentication method this SA, either IPSec or IKE (the control tunnel). Octets Out The number of octets (bytes) this VPN 3002. Type The type of the SAs for this SA uses. Security Associations: This table describes the following attributes of tunnel for this SA...
Monitoring | System Status Tunnel Established to which this VPN 3002 connects. VPN 3002 Hardware Client User Guide 13-11 Duration: The length of the VPN 3000 Concentrator to : The IP address of time that this SA has sent since the tunnel has been up . Encryption The encryption ... . Authentication The authentication method this SA, either IPSec or IKE (the control tunnel). Octets Out The number of octets (bytes) this VPN 3002. Type The type of the SAs for this SA uses. Security Associations: This table describes the following attributes of tunnel for this SA...
User Guide
Page 215
...community 8-8 SNMP event destination 9-12 static route for IP routing 7-3 syslog server to receive events 9-15 administering the VPN Concentrator 12-1 administration section of Manager 12-1 Administration (tab on Manager screen) 1-21 administrators access rights 12-8 access settings... requirements 1-1 built-in servers, configuring See management protocols 8-1 C Certificate Authority VPN 3002 Hardware Client User Guide INDEX See digital certificates certificate management 12-15 Cisco Connection Online Web page 1-20 Cisco Systems (logo) 1-22 clear event log 13-6 CLI access rights 14-7 accessing...
...community 8-8 SNMP event destination 9-12 static route for IP routing 7-3 syslog server to receive events 9-15 administering the VPN Concentrator 12-1 administration section of Manager 12-1 Administration (tab on Manager screen) 1-21 administrators access rights 12-8 access settings... requirements 1-1 built-in servers, configuring See management protocols 8-1 C Certificate Authority VPN 3002 Hardware Client User Guide INDEX See digital certificates certificate management 12-15 Cisco Connection Online Web page 1-20 Cisco Systems (logo) 1-22 clear event log 13-6 CLI access rights 14-7 accessing...
User Guide
Page 216
...session timeout A-6 errors and troubleshooting A-1 CLI A-10 VPN 3002 Hardware Client Manager A-5 Ethernet MIB-II statistics 13-39 event classes configuring for IP routing 7-4 delete digital certificate 12-27 DHCP functions within the VPN Concentrator, configuring 7-5 statistics 13-26 digital certificates deleting 12... documentation additional xii Cisco Web page 1-20 conventions xvi E enrolling with a Certificate Authority 12-20 entering values with a Certificate Authority 12-20 enrollment request 12-17 generating SSL 12-23 identity 12-16 in 12-14 formats VPN 3002 Hardware Client User Guide
...session timeout A-6 errors and troubleshooting A-1 CLI A-10 VPN 3002 Hardware Client Manager A-5 Ethernet MIB-II statistics 13-39 event classes configuring for IP routing 7-4 delete digital certificate 12-27 DHCP functions within the VPN Concentrator, configuring 7-5 statistics 13-26 digital certificates deleting 12... documentation additional xii Cisco Web page 1-20 conventions xvi E enrolling with a Certificate Authority 12-20 entering values with a Certificate Authority 12-20 enrollment request 12-17 generating SSL 12-23 identity 12-16 in 12-14 formats VPN 3002 Hardware Client User Guide
User Guide
Page 217
...using 1-16 login screen 1-17 I ICMP MIB-II statistics 13-35 icon Cisco Systems logo 1-22 closed or collapsed 1-22 open or expanded 1-22 Refresh... 12-16, 12-21 installing SSL certificate with Internet Explorer 1-4 with Netscape 1-9 interfaces configuring 3-1 VPN 3002 Hardware Client User Guide Index Ethernet, configuring speed 3-6 transmission mode 3-4, 3-6 filter Ethernet 3-6 MIB-II statistics...) in Manager window 1-22 licenses and copyrights B-1 log files See event log logging in the VPN Concentrator Manager 1-17 login name current (Manager) 1-21 factory default (Manager) 1-17 password, factory ...
...using 1-16 login screen 1-17 I ICMP MIB-II statistics 13-35 icon Cisco Systems logo 1-22 closed or collapsed 1-22 open or expanded 1-22 Refresh... 12-16, 12-21 installing SSL certificate with Internet Explorer 1-4 with Netscape 1-9 interfaces configuring 3-1 VPN 3002 Hardware Client User Guide Index Ethernet, configuring speed 3-6 transmission mode 3-4, 3-6 filter Ethernet 3-6 MIB-II statistics...) in Manager window 1-22 licenses and copyrights B-1 log files See event log logging in the VPN Concentrator Manager 1-17 login name current (Manager) 1-21 factory default (Manager) 1-17 password, factory ...
User Guide
Page 218
... nonvolatile memory 12-9 event log stored in 13-3 Not Allowed (error) A-7 Not Found (error) A-8 notices, regulatory agency B-9 O open or expanded (icon) 1-22 organization of the VPN Concentrator Manager 1-22 Out of Range value (error) A-10 P password factory default (Manager) 1-17 Passwords do not match (error) A-10 ping a host 12-7 PKCS-10 enrollment...12 modify 9-12 MIB-II statistics 13-41 traps, configuring "well-known" 9-7 SNMP communities, configuring 8-7 add 8-8 modify 8-8 software image filenames 12-3, 13-10 update on VPN Concentrator 12-2 stopping 12-3 VPN 3002 Hardware Client User Guide
... nonvolatile memory 12-9 event log stored in 13-3 Not Allowed (error) A-7 Not Found (error) A-8 notices, regulatory agency B-9 O open or expanded (icon) 1-22 organization of the VPN Concentrator Manager 1-22 Out of Range value (error) A-10 P password factory default (Manager) 1-17 Passwords do not match (error) A-10 ping a host 12-7 PKCS-10 enrollment...12 modify 9-12 MIB-II statistics 13-41 traps, configuring "well-known" 9-7 SNMP communities, configuring 8-7 add 8-8 modify 8-8 software image filenames 12-3, 13-10 update on VPN Concentrator 12-2 stopping 12-3 VPN 3002 Hardware Client User Guide
User Guide
Page 219
... stopping CLI 14-7 file upload to VPN Concentrator 12-3, 12-14 the Manager (logout) 1-21 the VPN Concentrator 12-5 strings, text, format xvi subnet masks, format xvi superuser See administrators support, Cisco 1-20 Support (tab on Manager screen) 1-20 swap configuration files 12-13 syslog servers, configuring for events 9-13 VPN 3002 Hardware Client User Guide Index add 9-15...
... stopping CLI 14-7 file upload to VPN Concentrator 12-3, 12-14 the Manager (logout) 1-21 the VPN Concentrator 12-5 strings, text, format xvi subnet masks, format xvi superuser See administrators support, Cisco 1-20 Support (tab on Manager screen) 1-20 swap configuration files 12-13 syslog servers, configuring for events 9-13 VPN 3002 Hardware Client User Guide Index add 9-15...
User Guide
Page 220
Index using the VPN Concentrator Manager 1-1 V viewing SSL certificates with Internet Explorer 1-8 with Netscape 1-14 VPN 3002 Hardware Client Manager errors A-5 VPN Concentrator Manager logging in 1-17 logging out 1-21 navigating 1-23 organization of 1-22 understanding the window 1-19 using 1-1 W wildcard masks, format xvi window, Manager, understanding 1-19 X X.509 digital certificates 12-16 Index-6 VPN 3002 Hardware Client User Guide
Index using the VPN Concentrator Manager 1-1 V viewing SSL certificates with Internet Explorer 1-8 with Netscape 1-14 VPN 3002 Hardware Client Manager errors A-5 VPN Concentrator Manager logging in 1-17 logging out 1-21 navigating 1-23 organization of 1-22 understanding the window 1-19 using 1-1 W wildcard masks, format xvi window, Manager, understanding 1-19 X X.509 digital certificates 12-16 Index-6 VPN 3002 Hardware Client User Guide