Summary of the content on the page No. 1
VPN 3002 Hardware Client
Reference
Release 3.5
November 2001
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: OL-1893-01
Summary of the content on the page No. 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE
Summary of the content on the page No. 3
CONTENTS Preface ix Prerequisites ix Organization ix Related Documentation xi Documentation conventions xii Obtaining Documentation xiii Obtaining technical assistance xiv Using the VPN 3002 Hardware Client Manager 1-1 VPN 3002 Hardware Client Browser Requirements 1-1 Connecting to the VPN 3002 Using HTTP 1-2 Installing the SSL Certificate in Your Browser 1-3 Connecting to the VPN 3002 Using HTTPS 1-16 Configuring HTTP, HTTPS, and SSL Parameters 1-16 Logging into the VPN 3002 Hardware Client M
Summary of the content on the page No. 4
Contents Servers 5-1 Configuration | System | Servers 5-1 Configuration | System | Servers | DNS 5-1 Tunneling 6-1 Configuration | System | Tunneling Protocols 6-2 Configuration | System | Tunneling Protocols | IPSec 6-2 IP Routing 7-1 Configuration | System | IP Routing 7-1 Configuration | System | IP Routing | Static Routes 7-2 Configuration | System | IP Routing | Static Routes | Add or Modify 7-3 Configuration | System | IP Routing | Default Gateways 7-4 Configuration | System | IP Routing
Summary of the content on the page No. 5
Contents Configuration | System | Events | Classes | Add or Modify 9-10 Configuration | System | Events | Trap Destinations 9-12 Configuration | System | Events | Trap Destinations | Add or Modify 9-13 Configuration | System | Events | Syslog Servers 9-14 Configuration | System | Events | Syslog Servers | Add or Modify 9-16 General 10-1 Configuration | System | General 10-1 Configuration | System | General | Identification 10-2 Configuration | System | General | Time and Date 10-3 Policy Manag
Summary of the content on the page No. 6
Contents Administration | Certificate Management | Enroll | Certificate Type | PKCS10 12-39 Administration | Certificate Management | Enrollment or Renewal | Request Generated 12-40 Administration | Certificate Management | Enroll | Identity Certificate | SCEP 12-41 Administration | Certificate Management | Enroll | SSL Certificate | SCEP 12-42 Administration | Certificate Management | Install 12-44 Administration | Certificate Management | Install | Certificate Obtained via Enrollment 12-45 A
Summary of the content on the page No. 7
Contents Monitoring | Statistics | PPPoE 13-36 Monitoring | Statistics | MIB-II 13-39 Monitoring | Statistics | MIB-II | Interfaces 13-40 Monitoring | Statistics | MIB-II | TCP/UDP 13-42 Monitoring | Statistics | MIB-II | IP 13-45 Monitoring | Statistics | MIB-II | ICMP 13-48 Monitoring | Statistics | MIB-II | ARP Table 13-51 Monitoring | Statistics | MIB-II | Ethernet 13-53 Monitoring | Statistics | MIB-II | SNMP 13-56 Using the Command-Line Interface 14-1 Accessing the Command-line Interface
Summary of the content on the page No. 8
Contents VPN 3000 Series Concentrator Reference Volume I: Configuration viii 78-13782-01
Summary of the content on the page No. 9
Preface The VPN 3002 Hardware Client Reference provides guidelines for configuring the Cisco VPN 3002, details on all the functions available in the VPN 3002 Hardware Client Manager, and instructions for using the VPN 3002 Command Line Interface. Prerequisites We assume you have read the VPN 3002 Hardware Client Getting Started manual and have followed the minimal configuration steps in Quick Configuration. That section of the VPN Hardware Client Manager is not described here. We also assu
Summary of the content on the page No. 10
Preface Organization Chapter Title Description Chapter 5 Servers Explains how to configure the VPN 3002 to communicate with DNS servers to convert hostnames to IP addresses. Chapter 6 Tunneling Explains how to configure IPSec. Chapter 7 IP Routing Explains how to configure static routes, default gateways, and DHCP parameters and options. Chapter 8 Management Protocols Explains how to configure built-in VPN 3002 servers that provide management functions:, HTTP and HTTPS, Telnet, SNMP, SNMP
Summary of the content on the page No. 11
Preface Related Documentation Related Documentation Refer to the following documents for further information about Cisco VPN 3000 Series applications and products. VPN 3002 Hardware Client Documentation The VPN 3002 Hardware Client Getting Started manual provides information to take you from unpacking and installing the VPN 3002, through configuring the minimal parameters to make it operational (called Quick Configuration). This manual is online only. The VPN 3002 Hardware Client Quick Star
Summary of the content on the page No. 12
Preface Documentation conventions versions on the Cisco web site, click the Support icon on the toolbar at the top of the VPN Concentrator ® Manager, Hardware Client Manager, or Client window. To open the documentation, you need Acrobat Reader 3.0 or later; version 4.5 is included on the Cisco VPN 3000 Concentrator software distribution CD-ROM and on the VPN Client software distribution CD-ROM. Other References Other useful references include: • Cisco Systems, Dictionary of Internetworking
Summary of the content on the page No. 13
Preface Obtaining Documentation Data Formats As you configure and manage the system, enter data in the following formats unless the instructions indicate otherwise: Type of Data Format IP Addresses IP addresses use 4-byte dotted decimal notation (for example, 192.168.12.34); as the example indicates, you can omit leading zeros in a byte position. Subnet Masks and Subnet masks use 4-byte dotted decimal notation (for example, Wildcard Masks 255.255.255.0). Wildcard masks use the same notation
Summary of the content on the page No. 14
Preface Obtaining technical assistance Ordering documentation Cisco documentation is available in the following ways: Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace: http://www.cisco.com/cgi-bin/order/order_root.pl Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store: http://www.cisco.com/go/subscription Nonregistered Cisco.com users can order documentation through a local a
Summary of the content on the page No. 15
Preface Obtaining technical assistance Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco. To access Cisco.com, go to the following website: http://www.cisco.com Technical Assistance Center The Cisco TAC website is available to all customers who need technical assistance with
Summary of the content on the page No. 16
Preface Obtaining technical assistance VPN 3002 Hardware Client Reference xvi OL-1893-01
Summary of the content on the page No. 17
CH APTER 1 Using the VPN 3002 Hardware Client Manager The VPN 3002 Hardware Client Manager is an HTML-based interface that lets you configure, administer, monitor, and manage the VPN 3002 with a standard web browser. To use it, you connect to the VPN 3002, using a PC and browser on the same private network with the VPN 3002. The Manager uses the standard web client / server protocol, HTTP (Hypertext Transfer Protocol), which is a cleartext protocol. However, you can also use the Manager in
Summary of the content on the page No. 18
Chapter 1 Using the VPN 3002 Hardware Client Manager Connecting to the VPN 3002 Using HTTP JavaScript and Cookies Be sure JavaScript and Cookies are enabled in the browser. Refer to the documentation for your browser for instructions. Navigation Toolbar Do not use the browser navigation toolbar buttons Back, Forward, or Refresh/Reload with the VPN 3002 Hardware Client Manager unless instructed to do so. To protect access security, clicking Refresh/Reload automatically logs out the Mana
Summary of the content on the page No. 19
Chapter 1 Using the VPN 3002 Hardware Client Manager Installing the SSL Certificate in Your Browser Figure 1-1 VPN 3002 Hardware Client Manager Login Screen To continue using HTTP for the whole session, skip to “Logging into the VPN 3002 Hardware Client Manager.” Installing the SSL Certificate in Your Browser The Manager provides the option of using HTTP over SSL with the browser. SSL creates a secure session between your browser (VPN 3002 hardware client) and the VPN Concentrator (serv
Summary of the content on the page No. 20
Chapter 1 Using the VPN 3002 Hardware Client Manager Installing the SSL Certificate in Your Browser Follow these steps to install and use the SSL certificate for the first time. We provide separate instructions for Internet Explorer and Netscape Navigator when they diverge. Step 1 Connect to the VPN 3002 using HTTP as above. Step 2 On the login screen, click the Install SSL Certificate link. The Manager displays the Install SSL Certificate screen and automatically begins to download and