How it Works
Cisco
Loading...
VPN 3002 Hardware Client Manager
User Manual
220 pgs2.66 Mb0

Cisco CVPN3002-8E-K9 - Fast Ethernet VPN Gateway, 3002 - VPN Hardware Client, VPN 3002 Hardware Client Manager User Manual

170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
Cisco Systems, Inc.
Corporate Headquarters
Tel:
800 553-NETS (6387)
Fax: 408 526-4100
VPN 3002 Hardware Client User Guide
Release 3.0 March 2001
Customer Order Number: OL-0874-= Text Part Number: OL-0874-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
AccessPath, AtmDirector, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Networking Academy, the Cisco Systems Networking Academy logo, Discover AA That’s Possible, Fast Step, Follow Me Browsing, FormShare, FrameShare, GigaStack, IGX, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, MGX, the Networkers logo, Packet, PIX, RateMUX, ScriptBuilder, ScriptShare, SlideCast, SMARTnet, TransPath, Voice LAN, Wavelength Router, WebViewer are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastSwitch, IOS, IP/TV, LightStream, MICA, Network Registrar, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. and certain other countries.
All other brands, names, or trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0011R)
VPN 3002 Hardware Client User Guide
Copyright © 2001, Cisco Systems, Inc. All rights reserved.
iii
VPN 3002 Hardware Client User Guide
CONTENTS
Table of contents
Table of contents
Preface
About this manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Additional documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Documentation on VPN software distribution CDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Obtaining documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Obtaining technical assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Other references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Documentation conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Data formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
1 Using the VPN 3002 Hardware Client Manager
Browser requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Recommended PC monitor / display settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Connecting to the VPN 3002 using HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Installing the SSL certificate in your browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Connecting to the VPN 3002 using HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16
Logging in the VPN 3002 Hardware Client Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Configuring HTTP, HTTPS, and SSL parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18
Understanding the VPN 3002 Hardware Client Manager window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19
Organization of the VPN 3002 Hardware Client Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-22
Navigating the VPN 3002 Hardware Client Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23
2 Configuration
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
3 Interfaces
Configuration | Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Configuration | Interfaces | Private . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Configuration | Interfaces | Public . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
4 System Configuration
Configuration | System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Contents—Table of contents
iv
VPN 3002 Hardware Client User Guide
5Servers
Configuration | System | Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Configuration | System | Servers | DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
6 Tunneling
Configuration | System | Tunneling Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Configuration | System | Tunneling Protocols | IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
7IP Routing
Configuration | System | IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Configuration | System | IP Routing | Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Configuration | System | IP Routing | Static Routes |
Add or Modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Configuration | System | IP Routing | Default Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Configuration | System | IP Routing | DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Configuration | System | IP Routing | DHCP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Configuration | System | IP Routing | DHCP Options |
Add or Modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
8 Management Protocols
Configuration | System | Management Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Configuration | System | Management Protocols | HTTP/HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Configuration | System | Management Protocols | Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
Configuration | System | Management Protocols | SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Configuration | System | Management Protocols |
SNMP Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Configuration | System | Management Protocols | SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9
Configuration | System | Management Protocols | SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12
9 Events
Event class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Event severity level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Event log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-5
Configuration | System | Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
Configuration | System | Events | General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-6
Configuration | System | Events | Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-8
Configuration | System | Events | Classes | Add or Modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-9
Configuration | System | Events | Trap Destinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11
Configuration | System | Events | Trap Destinations |
Add or Modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12
Configuration | System | Events | Syslog Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-13
ContentsTable of contents
v
VPN 3002 Hardware Client User Guide
Configuration | System | Events | Syslog Servers | Add or Modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-15
10 General
Configuration | System | General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
Configuration | System | General | Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2
Configuration | System | General | Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3
11 Policy Management
Client mode/PAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1
Network Extension mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
Configuration | Policy Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3
Configuration | Policy Management | Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3
Configuration | Policy Management | Traffic
Management | PAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4
Configuration | Policy Management | Traffic Management |
PAT | Enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-4
12 Administration
Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1
Administration | Software Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Administration | System Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Administration | Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7
Administration | Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8
Administration | Access Rights | Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9
Administration | Access Rights | Access Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-10
Administration | File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-11
Administration | File Management | View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-12
Administration | File Management | Swap Config Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13
Administration | File Management | Config File Upload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13
Administration | Certificate Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15
Administration | Certificate Management | Enrollment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-17
Administration | Certificate Management | Enrollment |
Request Generated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-20
Administration | Certificate Management | Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21
Administration | Certificate Management | Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-23
Administration | Certificate Management | Certificates | View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-24
Administration | Certificate Management | Certificates | Delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-27
13 Monitoring
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1
Monitoring | Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
ContentsTable of contents
vi
VPN 3002 Hardware Client User Guide
Monitoring | Filterable Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-3
Monitoring | Live Event Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-8
Monitoring | System Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-9
Monitoring | System Status | Private/Public Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-12
Monitoring | Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-14
Monitoring | Statistics | IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-15
Monitoring | Statistics | HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-21
Monitoring | Statistics | Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-22
Monitoring | Statistics | DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-23
Monitoring | Statistics | SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-24
Monitoring | Statistics | DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-26
Monitoring | Statistics | SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-27
Monitoring | Statistics | MIB-II . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-28
Monitoring | Statistics | MIB-II | Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-28
Monitoring | Statistics | MIB-II | TCP/UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-30
Monitoring | Statistics | MIB-II | IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-32
Monitoring | Statistics | MIB-II | ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-35
Monitoring | Statistics | MIB-II | ARP Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-37
Monitoring | Statistics | MIB-II | Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-39
Monitoring | Statistics | MIB-II | SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-41
14 Using the Command Line Interface
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1
Starting the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2
Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-3
CLI menu reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-7
A Errors and troubleshooting
Files for troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1
LED indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2
Errors on the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3
Settings on the VPN 3000 Series Concentrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4
VPN 3002 Hardware Client Manager errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5
Command Line Interface errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-10
B Copyrights, licenses, and notices
Software License Agreement of Cisco Systems, Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Other licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3
Regulatory Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-9
Index
ContentsTable of contents
viii
VPN 3002 Hardware Client User Guide
Contents
ix
VPN 3002 Hardware Client User Guide
Tables
Table 9-1: VPN 3002 event classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1
Table 9-2: VPN 3002 event severity levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4
Table 9-3: Configuring well-known SNMP traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-7
xi
VPN 3002 Hardware Client User Guide
Preface
About this manual
The VPN 3002 Hardware Client User Guide provides guidelines for configuring the Cisco VPN 3002, details on all the functions available in the VPN 3002 Hardware Client Manager, and instructions for using the VPN 3002 Command Line Interface.
Prerequisites
We assume yo u have read the VPN 3002 Hardware Client Getting Started manual and have followed the minimal configuration steps in Quick Configuration. That section of the VPN Hardware Client Manager is not described here.
We also assume you are an experienced system administrator or network administrator with appropriate education and training, who knows how to install, configure, and manage internetworking systems. However, virtual private networks and VPN devices may be new to you. You should be familiar with Windows® 95/98 or Windows NT® system configuration and management, and you should be familiar with Microsoft Internet Explorer or Netscape® Navigator® or Communicator browsers.
Organization
This manual is organized by the order in which sections appear in the VPN 3002 Hardware Client Manager table of contents (the left frame of the Manager browser window; see Figure 1-30 in Chapter 1.
Chapter 1, Using the VPN 3002 Hardware Client Manager explains how to log in, navigate, and use the VPN 3002 Hardware Client Manager with a browser. It explains both HTTP and HTTPS browser connections, and how to install the SSL certificate for a secure (HTTPS) connection.
Chapter 2, Configuration describes the main VPN 3002 Hardware Client Manager configuration screen.
Chapter 3, Interfaces explains how to configure the VPN 3002 Private and Public interfaces.
Chapter 4, System Configuration describes the system configuration screen of the VPN 3002 Hardware Client Manager.
Chapter 5, Servers explains how to configure the VPN 3002 to communicate with DNS servers to convert hostnames to IP addresses (DNS).
Chapter 6, Tunneling explains how to configure IPSec.
Preface
xii
VPN 3002 Hardware Client User Guide
Chapter 7, IP Routing explains how to configure static routes, default gateways, and DHCP parameters and options.
Chapter 8, Management Protocols explains how to configure built-in VPN 3002 servers that provide management functions:, HTTP and HTTPS, Telnet, SNMP, SNMP Community Strings, SSL and SSH.
Chapter 9, Events explains how to configure system events such as alarms, traps, error conditions, network problems, task completion, or status changes.
Chapter 10, General explains how to configure the system identification, date, and time.
Chapter 11, Policy Management explains how to configure PAT and use LAN Extension mode.
Chapter 12, Administration explains how to configure and use high-level VPN 3002 administrator activities such as who is allowed to configure the system, what software runs on it, rebooting and shutting down the system, managing its configuration files, and managing X.509 digital certificates.
Chapter 13, Monitoring explains the many status, statistics, sessions, and event log screens that you can use to monitor the VPN 3002.
Chapter 14, Using the Command Line Interface explains how to use the built-in menu- and command-line-based administrative management system via the system console or a Telnet session. With the CLI, you can access and configure all the same parameters as the HTML-based VPN 3002 Hardware Client Manager.
Appendix A, Errors and troubleshooting describes common errors that may occur while configuring the system, and how to correct them. It also describes all system and module LED indicators.
Appendix B, Copyrights, licenses, and notices provides all copyright and license information for Cisco software on the VPN 3002, and for software that the system uses under license from other firms.
Additional documentation
The VPN 3002 Hardware Client Getting Started manual provides information to take you from unpacking and installing the VPN 3002, through configuring the minimal parameters to make it operational (called Quick Configuration). This manual is online only.
The VPN 3002 Hardware Client Manager also includes extensive context-sensitive online help that you can access by clicking the
Help icon on the toolbar in the Manager window.
The VPN 3002 Hardware Client Quick Reference Card summarizes information for Quick Configuration. This quick reference card is provided with the VPN 3002, and is also available online.
The VPN 3002 Hardware Client Basic Information sticky label summarizes information for installing the VPN 3002 and beginning configuration. It is provided with the VPN 3002 and you can also print it from the online version; you can afix the label to the VPN 3002 if you want.
The VPN 3000 Concentrator Series Getting Started manual provides information to take you from unpacking and installing the VPN 3000, through configuring the minimal parameters to make it operational (called Quick Configuration).
The VPN 3000 Concentrator Series User Guide provides details on all the functions available in the VPN Concentrator Manager, and guidelines for configuring the VPN 3000 Concentrator.
The VPN Client User Guide explains how to install, configure, and use the VPN Client, which lets a remote client use the IPSec tunneling protocol for secure connection to a private network through the VPN 3000 Concentrator.
The VPN Client Administrator Guide tells how to configure a VPN 3000 Concentrator for remote user connections via the VPN Client, how to automate remote user profiles, how to use the VPN Client command line interface, and how to get troubleshooting information.
Documentation on VPN software distribution CDs
xiii
VPN 3002 Hardware Client User Guide
Documentation on VPN software distribution CDs
The VPN 3000 Concentrator and VPN 3002 Hardware Client documentation is provided on the VPN 3000 Concentrator software distribution CD-ROM in PDF format. The VPN Client documentation is included on the VPN Client software distribution CD-ROM, also in PDF format. To view the latest versions on the Cisco Web site, click the
Support icon on the toolbar at the top of the VPN Concentrator,
Manager, Hardware Client Manager or Client window. To open the documentation, you need Adobe
®
Acrobat
®
Reader 3.0 or later; version 4.5 is included on the Cisco VPN 3000 Concentrator software
distribution CD-ROM.
Obtaining documentation
The following sections provide sources for obtaining documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at the following sites:
• http://www.cisco.com
• http://www-china.cisco.com
• http://www-europe.cisco.com
Documentation CD-ROM
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Ordering documentation
Cisco documentation is available in the following ways:
• Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace:
http://www.cisco.com/cgi-bin/order/order_root.pl
• Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:
http://www.cisco.com/go/subscription
• Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, in North America, by calling 800 553-NETS(6387).
Preface
xiv
VPN 3002 Hardware Client User Guide
Documentation feedback
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc. Document Resource Connection 170 West Tasman Drive San Jose, CA 95134-9883
We appreciate your comments.
Obtaining technical assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to the following website:
http://www.cisco.com
Technical Assistance Center
The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
Contacting TAC by using the Cisco TAC website
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:
Other references
xv
VPN 3002 Hardware Client User Guide
http://www.cisco.com/tac
P3 and P4 level problems are defined as follows:
• P3—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
• P4—You need information or assistance on Cisco product capabilities, product installation, or basic product configuration.
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.
To register for Cisco.com, go to the following website:
http://www.cisco.com/register/
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:
http://www.cisco.com/tac/caseopen
Contacting TAC by telephone
If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
P1 and P2 level problems are defined as follows:
• P1—Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available.
• P2—Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.
Other references
Other useful books and articles include:
Frequently Asked Questions about Microsoft VPN Security. Microsoft Corporation: 1998. (Available from Microsoft web site,
www.microsoft.com.)
Kosiur, Dave. Building and Managing Virtual Private Networks. Wiley: 1998.
Sheldon, Tom. Encyclopedia of Networking. Osborne/McGraw-Hill: 1998.
Stallings, William. Data and Computer Communications, 5th ed. Prentice-Hall: 1997.
www.ietf.org for Internet Engineering Task Force (IETF) Working Group drafts on IP Security
Protocol (IPSec).
www.whatis.com, a Web reference site with definitions for computer, networking, and data
communication terms.
Documentation conventions
We use these typographic conventions in this manual:
Data formats
As you configure and manage the system, enter data in these formats unless the instructions indicate otherwise.
IP addresses
IP addresses use 4-byte dotted decimal notation; for example, 192.168.12.34. You can omit leading zeros in a byte position.
Subnet masks and wildcard masks
Subnet masks use 4-byte dotted decimal notation; for example, 255.255.255.0. Wildcard masks use the same notation; for example,
0.0.0.255. You can omit leading zeros in a byte position.
MAC addresses
MAC addresses use 6-byte hexadecimal notation; for example, 00.10.5A.1F.4F.07.
Hostnames
Hostnames use legitimate network host or end-system name notation; for example, VPN01. Spaces are not allowed. A hostname must uniquely identify a specific system on a network.
Text strings
Text strings use alphanumeric characters, upper- and lower-case. Most text strings are case-sensitive; for example,
simon and Simon represent different usernames. The maximum length of text strings is
generally 48 characters.
Font Meaning
This font Document, chapter, and section titles. Emphasized text.
This font
Command-line prompts and entries, data-entry-field entries, system displays, filenames, etc.
This font
Literal entries you should make exactly as shown.
<This font>
Variables that the system supplies. Ignore the angle brackets.
This font
Menus, menu items, keyboard keys, icons, screen names, data-entry field names, etc.
Data formats
xvii
VPN 3002 Hardware Client User Guide
Filenames
Filenames on the VPN 3002 follow the DOS 8.3 naming convention: a maximum of eight characters for the name, plus a maximum of three characters for an extension. For example,
LOG00007.TXT is a
legitimate filename. The VPN3002 always stores filenames as uppercase.
Port numbers
Port numbers use decimal numbers from 0 to 65535 with no commas or spaces.
1-1
VPN 3002 Hardware Client User Guide
CHAPTER
1
Using the VPN 3002 Hardware Client Manager
The VPN 3002 Hardware Client Manager is an HTML-based interface that lets you configure, administer, monitor, and manage the VPN 3002 with a standard Web browser. To use it, you need only to connect to the VPN 3002 using a PC and browser on the same private network with the VPN 3002.
The Manager uses the standard Web client / server protocol, HTTP (Hypertext Transfer Protocol), which is a cleartext protocol. However, you can also use the Manager in a secure, encrypted HTTP connection over SSL (Secure Sockets Layer) protocol, which is known as HTTPS.
To use a cleartext HTTP connection, see Connecting to the VPN 3002 using HTTP.
To use HTTP over SSL (HTTPS) with the Manager:
1 The first time, connect to the Manager using HTTP, and
2 Install an SSL certificate in the browser; see Installing the SSL certificate in your browser on page
1-3.
Once the SSL certificate is installed, you can connect directly using HTTPS; see Connecting to the VPN 3002 using HTTPS on page 1-16.
Browser requirements
The VPN 3002 Hardware Client Manager requires either Microsoft Internet Explorer version 4.0 or higher, or Netscape Navigator / Communicator version 4.5-4.7. For best results, we recommend Internet Explorer. Whatever browser and version you use, install the latest patches and service packs for it.
Note: You cannot use the Live Event Log feature with Netscape navigator/Communicator version 4.0.
JavaScript
Be sure JavaScript is enabled in the browser. Check these settings:
1 Using the VPN 3002 Hardware Client Manager
1-2
VPN 3002 Hardware Client User Guide
Internet Explorer 4.0:
On the View menu, select Internet Options.
On the Security tab, click Custom (for expert users) then click Settings.
In the Security Settings window, scroll down to Scripting.
Click Enable under Scripting of Java applets.
Click
Enable under Active scripting.
Internet Explorer 5.0:
On the
To ol s menu, select Internet Options.
On the Security tab, click Custom Level.
In the Security Settings window, scroll down to Scripting.
Click Enable under Active scripting.
Click
Enable under Scripting of Java applets.
Navigator / Communicator 4.x:
On the
Edit menu, select Preferences.
On the Advanced screen, check the box for Enable JavaScript.
Cookies
Be sure cookies are enabled in the browser. Check these settings:
Internet Explorer 4.0:
On the
View menu, select Internet Options.
On the Advanced tab, scroll down to Security then Cookies.
Click Always accept cookies.
Internet Explorer 5.0:
On the To ol s menu, select Internet Options.
On the Security tab, click Custom Level.
In the Security Settings window, scroll down to Cookies.
Click Enable under Allow cookies that are stored on your computer.
Click Enable under Allow per-session cookies (not stored).
Navigator / Communicator 4.5:
On the Edit menu, select Preferences.On the Advanced screen, click one of the Accept ... cookies choices, and do not check Warn me before
accepting a cookie
.
Navigation toolbar
Do not use the browser navigation toolbar buttons Back, Forward, or Refresh / Reload with the VPN 3002 Hardware Client Manager unless instructed to do so. To protect access security, clicking
Refresh / Reload
automatically logs out the Manager session. Clicking
Back or Forward m ay displ a y stale Ma n a g er scre e n s
with incorrect data or settings.
We recommend that you hide the browser navigation toolbar to prevent mistakes while using the VPN 3002 Hardware Client Manager.
Recommended PC monitor / display settings
1-3
VPN 3002 Hardware Client User Guide
Recommended PC monitor / display settings
For best ease of use, we recommend setting your monitor or display:
Desktop area = 1024 x 768 pixels or greater. Minimum = 800 x 600 pixels.
Color palette = 256 colors or higher.
Connecting to the VPN 3002 using HTTP
When your system administration tasks and network permit a cleartext connection between the VPN 3002 and your browser, you can use the standard HTTP protocol to connect to the system.
Even if you plan to use HTTPS, you use HTTP at first to install an SSL certificate in your browser.
1 Bring up the browser.
2 In the browser
Address or Location field, you can just enter the VPN3002 Private interface IP address;
e.g.,
10.10.147.2. The browser automatically assumes and supplies an http:// prefix.
The browser displays the VPN3002 Hardware Client Manager login screen.
Figure 1-1: VPN 3302 Hardware Client Manager login screen
To continue using HTTP for the whole session, skip to Logging in the VPN 3002 Hardware Client Manager on page 1-17.
Installing the SSL certificate in your browser
The Manager provides the option of using HTTP over SSL with the browser. SSL creates a secure session between your browser (VPN 3002 hardware client) and the VPN Concentrator (server). This protocol is known as HTTPS, and uses the
https:// prefix to connect to the server. The browser first
authenticates the server, then encrypts all data passed during the session.
1 Using the VPN 3002 Hardware Client Manager
1-4
VPN 3002 Hardware Client User Guide
HTTPS is often confused with a similar protocol, S-HTTP (Secure HTTP), which encrypts only HTTP application-level data. SSL encrypts all data between client and server at the IP socket level, and is thus more secure.
SSL uses digital certificates for authentication. The VPN 3002 creates a self-signed SSL server certificate when it boots, and this certificate must be installed in the browser. Once the certificate is installed, you can connect using HTTPS. You need to install the certificate from a given VPN 3002 only once.
Managing the VPN 3002 is the same with or without SSL. Manager screens may take slightly longer to load with SSL because of encryption / decryption processing. When connected via SSL, the browser shows a locked-padlock icon on its status bar. Both Microsoft Internet Explorer and Netscape Navigator support SSL.
For HTTPS to work on the Public interface, you must enable HTTPS on the VPN 3002 through the CLI or from an HTTP session on the Private interface first. See
Follow these steps to install and use the SSL certificate for the first time. We provide separate instructions for Internet Explorer and Netscape Navigator when they diverge.
1 Connect to the VPN 3002 using HTTP as above.
2 On the login screen, click the
Install SSL Certificate link.
The Manager displays the
Install SSL Certificate screen and automatically begins to download and install
its SSL certificate in your browser.
Figure 1-2: Install SSL Certificate screen
The installation sequence now differs depending on the browser. Continue below for Internet Explorer, or skip to Installing the SSL certificate with Netscape on page 1-9.
Installing the SSL certificate with Internet Explorer
This section describes SSL certificate installation using Microsoft Internet Explorer 5.0. (With Internet Explorer 4.0, some dialog boxes may differ but the process is similar.)
Installing the SSL certificate in your browser
1-5
VPN 3002 Hardware Client User Guide
You need to install the SSL certificate from a given VPN 3002 only once. If you do reinstall it, the browser repeats all these steps each time.
A few seconds after the VPN 3002 Hardware Client Manager SSL screen appears, Internet Explorer displays a
File Download dialog box that identifies the certificate filename and source, and asks whether
to
Open or Save the certificate. To immediately install the certificate in the browser, select Open. If you
Save the file, the browser prompts for a location; you must then double-click on the file to install it.
Figure 1-3: Internet Explorer File Download dialog box
3 Click the Open this file from its current location radio button, then click OK.
The browser displays the
Certificate dialog box with information about the certificate. You must now
install the certificate.
Figure 1-4: Internet Explorer Certificate dialog box
4 Click Install Certificate.
The browser starts a wizard to install the certificate. The certificate store is where such certificates are stored in Internet Explorer.
1 Using the VPN 3002 Hardware Client Manager
1-6
VPN 3002 Hardware Client User Guide
Figure 1-5: Internet Explorer Certificate Manager Import Wizard dialog box
5 Click Next to continue.
The wizard opens the next dialog box asking you to select a certificate store.
Figure 1-6: Internet Explorer Certificate Manager Import Wizard dialog box
6 Let the wizard Automatically select the certificate store, and click Next.
The wizard opens a dialog box to complete the installation.
Installing the SSL certificate in your browser
1-7
VPN 3002 Hardware Client User Guide
Figure 1-7: Internet Explorer Certificate Manager Import Wizard dialog box
7 Click Finish.
The wizard opens the
Root Certificate Store dialog box asking you to confirm the installation.
Figure 1-8: Internet Explorer Root Certificate Store dialog box
8 To install th e ce r tif icate, click Yes. This dialog box closes, and a final wizard confirmation dialog box
opens.
Figure 1-9: Internet Explorer Certificate Manager Import Wizard final dialog box
9 Click OK to close this dialog box, and click OK on the Certificate dialog box (Figure 1-4) to close it.
You can now connect to the VPN 3002 using HTTP over SSL (HTTPS).
10 On the Manager SSL screen (Figure 1-2), click the link that says,
After installing the SSL certificate,
click here to connect to the VPN 3002 Hardware Client using SSL
.
Depending on how your browser is configured, you may see a
Security Alert dialog box.
1 Using the VPN 3002 Hardware Client Manager
1-8
VPN 3002 Hardware Client User Guide
Figure 1-10: Internet Explorer Security Alert dialog box
11 Click OK.
The VPN 3002 Hardware Client displays the HTTPS version of the Manager login screen.
Figure 1-11: VPN 3002 Hardware Client Manager login screen using HTTPS (Internet Explorer)
The browser maintains the HTTPS state until you close it or access an unsecure site; in the latter case you may see a
Security Alert screen.
Proceed to Logging in the VPN 3002 Hardware Client Manager on page 1-17 to log in as usual.
Viewing certificates with Internet Explorer
There are (at least) two ways to examine certificates stored in Internet Explorer.
First, note the padlock icon on the browser status bar in Figure 1-11. If you double-click on the icon, the browser opens a
Certificate Properties screen showing details of the specific certificate in use.
Installing the SSL certificate in your browser
1-9
VPN 3002 Hardware Client User Guide
Figure 1-12: Internet Explorer 4.0 Certificate Properties screen
Click any of the Field items to see Details. Click Close when finished.
Second, you can view all the certificates that are stored in Internet Explorer 4.0. Click the browser
View
menu and select
Internet Options. Click the Content tab, then click Authorities in the Certificates section.
In Internet Explorer 5.0, click the browser
To ol s menu and select Internet Options. Click the Content tab,
then click
Certificates in the Certificates section. On the Certificate Manager, click the Trusted Root
Certification Authorities
tab.
The VPN 3002 Hardware Client SSL certificate name is its Ethernet 1 (Private) IP address.
Figure 1-13: Internet Explorer 4.0 Certificate Authorities list
Select a certificate, then click View Certificate. The browser displays the Certificate Properties screen, as in Figure 1-12 above.
Installing the SSL certificate with Netscape
This section describes SSL certificate installation using Netscape Navigator / Communicator 4.5.
1 Using the VPN 3002 Hardware Client Manager
1-10
VPN 3002 Hardware Client User Guide
Reinstallation
You need to install the SSL certificate from a given VPN 3002 only once. If you try to reinstall it, Netscape displays the note in Figure 1-14. Click
OK and just connect to the VPN 3002 using SSL (see
Step 7 on page 1-13).
Figure 1-14: Netscape reinstallation note
First-time installation
The instructions below follow from Step 2 on page 1-4 and describe first-time certificate installation.
A few seconds after the VPN 3002 Hardware Client Manager SSL screen appears, Netscape displays a
New Certificate Authority screen.
Figure 1-15: Netscape New Certificate Authority screen 1
1 Click Next> to proceed.
Netscape displays the next
New Certificate Authority screen, which further explains the process.
Installing the SSL certificate in your browser
1-11
VPN 3002 Hardware Client User Guide
Figure 1-16: Netscape New Certificate Authority screen 2
2 Click Next> to proceed.
Netscape displays the next
New Certificate Authority screen, which lets you examine details of the VPN
3002 Hardware Client SSL certificate.
Figure 1-17: Netscape New Certificate Authority screen 3
3 Click Next> to proceed.
Netscape displays the next
New Certificate Authority screen, with choices for using the certificate. No
choices are checked by default.
1 Using the VPN 3002 Hardware Client Manager
1-12
VPN 3002 Hardware Client User Guide
Figure 1-18: Netscape New Certificate Authority screen 4
4 You must check at least the first box, Accept this Certificate Authority for Certifying network sites. Click
Next> to proceed.
Netscape displays the next
New Certificate Authority screen, which lets you choose to have the browser
warn you about sending data to the VPN 3002.
Figure 1-19: Netscape New Certificate Authority screen 5
5 Checking the box is optional. Doing so means that you get a warning whenever you apply settings
on a Manager screen, so it’s probably less intrusive to manage the VPN 3002 without those warnings. Click
Next> to proceed.
Netscape displays the final
New Certificate Authority screen, which asks you to name the certificate.
Loading...
+ 190 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use