- Cisco IOS Network Management Configuration Guide, Release 12.4
Table Of Contents
VPN Device Manager Client for Cisco IOS Software (XSM Configuration)
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Enabling the XSM Server for VDM
Configuring XSM Privilege Levels for XRDs
Disabling the XSM Server for VDM
Verifying VDM Status on the XSM Server
Configuring XSM Statistics Collection
Configuration Examples for VDM
Enabling the XSM Server for VDM Example
Configuring XSM Privilege Levels for XRDs Example
Disabling the XSM Server for VDM Example
Configuring XSM Statistics Collection Example
VPN Device Manager Client for Cisco IOS Software (XSM Configuration)
Feature History
This document was written for Release 12.1(6)E, and last updated January 2003 for Release 12.2(14)S.
Note
For the primary documentaiton of the latest version of the VPN Device Manager (version 1.2), see the "Installation Guide and Release Notes for VPN Device Manager 1.2" at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/vdm/vdm12rn.htm
This document describes the command-line interface (CLI) Cisco IOS commands required to activate the VPN Device Manager (VDM) client and includes the following sections:
•
•
Feature Overview
VDM software is installed directly onto Cisco VPN devices. It allows network administrators to use a web browser to manage and configure site-to-site VPNs on a single device. VDM implements a wizard-based GUI that allows simplified VPN configuration of the device on which it resides and peer-to-peer interfaces from that device to remote devices. VDM requires configuration of some Cisco IOS commands before it can be fully operational.
Note
VDM also monitors general system statistics and VPN-specific information such as tunnel throughput and errors. The graphing capability allows comparison of such parameters as traffic volume, tunnel counts, and system utilization. VDM supports site-to-site VPNs. Its step-by-step wizards simplify the configuration of common VPN setups, interfaces, and policies, including:
•
•
Figure 1 shows a simplified VDM deployment within a VPN.
Figure 1 Simplified VDM Deployment
XML Subscription Manager
XML Subscription Manager (XSM) is an HTTP-based service for retrieving information from a Cisco device. Once remote applications (such as VDM) are connected to the XSM server, they can subscribe to data sets called XML Request Descriptors (XRDs). These are XML-formatted messages describing configuration (access-control lists (ACLs), interfaces, crypto-maps, and others) and monitoring information (CPU, memory usage, interface statistics, and others).
XSM provides remote applications such as VDM with a constantly updated stream of data about Cisco device status by supplying real-time data without repeated device polling.
CLI Commands for VDM
This document gives details about Cisco IOS commands specific to VDM functionality. These commands are not related to general VPN functions but are designed to manage VDM itself via the XSM server. By using the Java-enabled VDM application, you can perform all VPN-related configuration and monitoring tasks within the application.
These commands are designed to complement VDM. The following tasks are performed by specific Cisco IOS XSM commands (command name in parentheses):
•
•
•
•
•
•
•
•
•
•
For more information on VDM, the Installation and Release Notes for VPN Device Manager for the product version you are using or the Documentation CD-ROM that shipped with the product. See the VPN Device Manager index (http://www.cisco.com/warp/public/cc/pd/nemnsw/vpdvmn) for further information.
Related Features and Technologies
•
•
Related Documents
•
•
•
•
•
•
•
•
•
•
•
Supported Platforms
The XSM Cisco IOS commands are available on the following VDM-enabled platforms:
•
•
•
•
•
•
•
•
This feature is supported on the following platforms in Cisco IOS Release 12.2(14)S:
•
•
Determining Platform Support Through Cisco Feature Navigator
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
No new or modified MIBs are supported by this feature.
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs
No new or modified RFCs are supported by this feature.
Prerequisites
The VDM client software must be installed on your device. It might already have been installed if you chose the VPN option at the time of configuration.
Configuring VDM
See the following sections for configuration tasks for this feature. Each task in the list is identified as either required or optional.
•
•
•
•
•
•
Enabling the XSM Server for VDM
Use the xsm command in global configuration mode to activate XSM clients (such as VDM) on your device. Enabling this command also enables the xsm vdm and xsm edm global configuration commands, so there is no need to enable them separately.
Configuring XSM Privilege Levels for XRDs
To set the minimum required privilege levels and grant appropriate access to view, monitor, or configure the XSM client (such as VDM), use the following commands in global configuration mode. Privilege levels set on the device determine which access level users possess (configuration and monitoring, monitoring only, or neither).
Users with privilege levels lower than the required monitoring privilege level will not have access to either the configuration or monitoring data required for subscription to XML Request Descriptors (XRDs). The higher the number, the higher the privilege level. The privilege level for the xsm privilege configuration level command must be greater than or equal to that of the xsm privilege monitor level command.
Disabling the XSM Server for VDM
To disable the XSM server, use the command below in global configuration mode. Disabling this command also disables the xsm vdm and xsm edm global configuration commands.
Verifying VDM Status on the XSM Server
Use the show xsm status command to verify the status of clients (such as VDM) on the XSM server.
Router# show xsm status
Displays information and status about clients subscribed to the XSM server.
Use the show xsm xrd-list command to verify all XML Request Descriptors (XRDs) for XSM clients (such as VDM) made available by subscription to the XSM server.
Router# show xsm xrd-list
Displays all XRDs for clients subscribed to the XSM server.
Clearing XSM Client Sessions
Use the clear xsm command to clear data from XSM clients (such as VDM) on the XSM server. To disconnect a specific client, you must identify the session number. Use the show xsm status command to obtain specific session numbers.
Router# clear xsm [session number]
Clears XSM client sessions.
•
•
Configuring XSM Statistics Collection
To configure the XSM server and its related clients (such as VDM) for Embedded Device Manager (EDM) or VPN-specific statistics collection of up to 5 days of data, use the following commands in global configuration mode.
Configuration Examples for VDM
This section provides the following configuration examples:
•
•
•
•
Enabling the XSM Server for VDM Example
The following example shows how to enable the XSM client on the device:
xsmConfiguring XSM Privilege Levels for XRDs Example
The following example shows how to set a privilege level of 11, for subscription to XRDs:
xsm privilege monitor level 11Disabling the XSM Server for VDM Example
The following example shows how to enable and then disable the XSM client on the device to troubleshoot VDM:
no xsmxsmConfiguring XSM Statistics Collection Example
The following example shows how to configure the XSM server and its related clients (such as VDM) for Embedded Device Manager (EDM) or VPN-specific statistics collection of up to 5 days of data:
xsm history edm
xsm history vdm
Command Reference
The following modified commands are pertinent to this feature. To see the command pages for these commands and other commands used with this feature, go to the Cisco IOS Master Commands List, Release 12.4, at http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124mindx/
124index.htm.•
•
•
•
•
•
•
•
•
•
•
•
Glossary
Internet Key Exchange (IKE)—A key management protocol standard used in conjunction with IPSec and other standards. IPSec can be configured without IKE, but IKE enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard. IKE authenticates the IPSec peers, negotiates IPSec keys, and negotiates IPSec security associations. Before any IPSec traffic can be passed, each router/firewall/host must be able to verify the identity of its peer. This can be done by manually entering preshared keys into both hosts or by a CA service.
IP security (IPSec)—A framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers. IPSec provides these security services at the IP layer.
Virtual Private Network (VPN)—A virtual network that uses advanced encryption and tunneling to permit organizations to establish secure, end-to-end, private network connections over public IP infrastructure networks, such as the Internet or extranets.
VPN Device Manager (VDM)—A browser-based tool for configuring and monitoring VPNs on a VPN-enabled device. VDM allows users to configure and monitor advanced VPN functionality within Cisco devices.
XML Subscription Manager (XSM)— A Cisco IOS subsystem that allows embedded device managers such as VDM to receive XML-based configuration and monitoring information for managing network devices.
XML Request Descriptor (XRD)—A specific requested type of data from XSM.
Embedded Device Manager (EDM)—An XSM adapter that publishes general network device configuration and monitoring information for device managers such as VDM.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.
