User Guide for CiscoView Device Manager for the Cisco IPSec VPN Acceleration Services Module (CVDM-VPNSM)
Getting Started
Download this chapter
Getting StartedGetting Started
Download the complete book
User Guide for CiscoView Device Manager for the Cisco IPSec VPN Acceleration Services Module - Book PDFUser Guide for CiscoView Device Manager for the Cisco IPSec VPN Acceleration Services Module - Book PDF (PDF - 2 MB)
give_us_feedback

Table Of Contents

Getting Started with CVDM-VPNSM

Key Features in CVDM-VPNSM

Starting CVDM-VPNSM

Installing the Java Plug-in

Navigating in CVDM-VPNSM

What Does the Home Page Show Me?

What Does the Setup Page Show Me?

Understanding the CVDM-VPNSM Desktop

Selector

Understanding the Action Buttons

Saving Startup Configurations

Editing Preferences

Viewing the Running Configuration Information for the Device

Viewing the Device Transport Log

Refreshing CVDM-VPNSM

Delivering CLI Commands to the Device


Getting Started with CVDM-VPNSM

CiscoView Device Manager for the Cisco IPSec VPN Acceleration Services Module (CVDM-VPSDM) is an embedded device manager for setup, configuration, and monitoring of the IPSec VPN Acceleration Services Module (VPN module). CVDM-VPNSM allows you to manage your VPN module by providing functions for configuring site-to-site VPNs, remote access VPNs, IPSec rules, and AAA settings. CVDM-VPNSM makes such configuration easier by allowing you to perform all these operations using one graphical user interface (GUI) tool.

You use wizards and dialog boxes to make your configurations; CVDM-VPNSM then designs best-practice command line interface (CLI) configurations based on your GUI configurations. You can view the CLI configurations generated by CVDM-VPNSM and deploy them to the device immediately or save them for future editing.

Note CVDM-VPNSM supports the deployment of native Cisco IOS commands only.

This chapter contains the following topics:

Key Features in CVDM-VPNSM

Starting CVDM-VPNSM

Navigating in CVDM-VPNSM

Saving Startup Configurations

Editing Preferences

Viewing the Running Configuration Information for the Device

Viewing the Device Transport Log

Refreshing CVDM-VPNSM

Delivering CLI Commands to the Device

Key Features in CVDM-VPNSM

The following table describes the key features of CVDM-VPNSM.

Table 1-1 Key Features 

Feature
Description

VLAN management

CVDM-VPNSM allows you to manage the VLANs in your network by allowing you to configure and manage crypto connections.

Site-to-site VPN configuration

You can set up site-to-site VPNs and configure settings for them, such as GRE tunnels for encrypted traffic flow and crytpo connections.

IPSec configuration

CVDM-VPNSM allows you to configure the IPsec settings to define authentication and encryption parameters and deploy them to the VPN peers in your network. You can manage the following IPSec features:

Crypto maps

IPSec rules

Transform sets

IKE policies

Preshared keys

AAA configuration

You can configure parameters on the AAA server, such as authentication lists, accounting lists, and authorization lists.

Remote access VPN configuration

You can configure remote access VPNs and configure settings for them, such as crypto connections, global settings, and group policies.

View statistics

You can view connection statistics and security association statistics.


Starting CVDM-VPNSM

Step 1 Open a web browser.

Step 2 In your browser, enter the IP address or DNS hostname of the device. The Enter Network Password dialog box appears (see Figure 1-1), prompting you for your level 15 credentials.

Figure 1-1 Enter Network Password Dialog Box

Step 3 Enter your username and password for level 15 access. If you do not have level 15 access to the device, CVDM-VPNSM will not start.

Note If enable password is used for HTTP authentication, use enable password only.

Step 4 Click OK. The device home page appears.

Step 5 Click the CVDM-VPN link on the device home page.

Step 6 The CVDM-VPNSM splash screen is displayed, and the Password Needed - Networking dialog box appears (see Figure 1-2).

Figure 1-2 Splash Screen and Password Needed - Networking Dialog Box

Note If you do not have Java Plug-in version 1.4.2_06, you will be prompted to install it. If you are not prompted, go to http://java.sun.com/products/archive/j2se/1.4.2_06/index.html and install the Java plug-in.

This website is Copyright © 1994-2005, Sun Microsystems, Inc.

The CVDM-VPNSM splash screen must remain open in order for the application to function properly. Do not close this window until you log out. CVDM-VPNSM will appear in a separate window.

Note It may take some time before CVDM-VPNSM appears.

Step 7 In the Password Needed - Networking dialog box, enter your username and password.

Note If enable password is used for HTTP authentication, use enable password only.

Step 8 Click Yes. The Warning - Security dialog box appears (see Figure 1-3).

Figure 1-3 Warning - Security Dialog Box

Step 9 To accept the security certificate and continue, click Yes. A dialog box appears (see Figure 1-4), prompting you for your username and password.

Figure 1-4 Enter Credentials for <IP Address> Dialog Box (Username and Password)

Step 10 If SSH is enabled on the device, enter your SSH username and password. If SSH is not activated on the device, you are prompted to authenticate using Telnet instead. Follow the prompts to enter your Telnet credentials; the application also asks if you want to enable SSH on the device. To enable SSH, follow the prompts provided by the application.

Step 11 Click OK.

If enable is not configured on the device, CVDM-VPNSM starts. Skip the remaining steps in this procedure.

If enable is configured on the device, a dialog box appears (see Figure 1-5), asking you to enter your enable password.

Figure 1-5 Enter Credentials for <IP Address> Dialog Box (Enable Password)

Step 12 Enter your enable password.

Step 13 Click OK. CVDM-VPNSM starts.

Installing the Java Plug-in

CVDM-VPNSM requires Java Plug-in version 1.4.2_06. The first time you invoke any Java Plug-in enabled window, you are alerted if the plug-in has not been installed. CVDM-VPNSM prompts you to download and install the plug-in files, using the installation screens or the procedure displayed. The next time you start the application, CVDM-VPNSM automatically uses the plug-in. Install the Java Plug-in 1.4.2_06 provided with CVDM-VPNSM (not from any other source).

Navigating in CVDM-VPNSM

Before you begin using CVDM-VPNSM, you must understand the basic operation of the user interface, including the login procedure and user interface elements. See the following sections for more information:

What Does the Home Page Show Me?

What Does the Setup Page Show Me?

Understanding the CVDM-VPNSM Desktop

Understanding the Action Buttons

What Does the Home Page Show Me?

The home page is the first screen that comes up when CVDM-VPNSM is started. It gives a quick overview of the services running on the device and a snapshot of the overall health of the system (see Figure 1-6).

Figure 1-6 CVDM-VPNSM Home Page Components and Descriptions

Figure 1-6 Reference
Location
Description

1

System Overview tab

VPN Module (list or field)

Slot number on the device to which the VPN module is attached. If there are multiple modules in the chassis, a list is displayed. From this list, you can select the slot number for the desired VPN module; the System Overview pane displays information for that slot.

Sup IOS Version

Version of IOS software running on the supervisor card.

Model

The model type of the VPN module.

Status

Current status of the VPN module.

Software Version

Software version of the VPN module.

Hardware Version

Hardware version of the VPN module.

Firmware Version

Firmware version.

Serial Number

Serial number of the VPN module.

2

IPSec Dashboard tab: IPSec column

Crypto Maps

Number of IPSec crypto maps on the device.

Static Crypto Maps

Number of static IPSec crypto maps on the device.

Dynamic Crypto Maps

Number of dynamic IPSec crypto maps on the device.

Incomplete Crypto Maps

Number of incomplete crypto maps on the device.

Transform Sets

Number of transform sets configured.

IPSec Rules

Number of IPSec rules configured.

IPSec Dashboard tab: IKE column

IKE Policies

Number of IKE policies configured.

Preshared Keys

Number of preshared keys configured.

3

Service Dashboard tab: Site-to-Site VPN column

Crypto Connections

Number of site-to-site VPN crypto connections.

Crypto Maps

Number of site-to-site VPN crypto maps.

GRE Tunnels

Number of site-to-site VPN GRE tunnels.

Service Dashboard tab: Remote Access column

Crypto Connections

Number of remote access VPN crypto connections.

Crypto Maps

Number of remote access VPN crypto maps.

Group Policies

Number of remote access VPN group policies.

Address Pools

Number of remote access VPN address pools.

Service Dashboard tab: Access Rules column

Access Rules

Number of access rules configured on the device.

Access Rule Entries

Number of access rule entries configured on the device.

Service Dashboard tab: AAA column

Radius Servers

Name of the RADIUS server.

Authentication Groups

Number of AAA authentication groups.

Authorization Groups

Number of AAA authorization groups.

Accounting Groups

Number of AAA accounting groups.

4

Connection Dashboard tab: Crypto Connections column

Inside VLANs

Number of inside VLANs on the device.

Outside VLANs

Number of outside VLANs on the device.

Crypto Connections

Number of crypto connections on the device.

Connection Dashboard tab: Connection Statistics column

Active Connections

Number of active connections on the device.

Active ISAKMP SAs

Number of active Internet Security Association and Key Management Protocol (ISAKMP) SAs on the device.

Invalid ISAKMP SAs

Number of invalid ISAKMP SAs on the device.

Site-to-Site Active

Number of active site-to-site VPN connections.

Remote Access Active

Number of active remote access VPN connections.

Connection Dashboard tab: Table

Group Name column

Name of the group policy configured on the device.

Connections column

Number of active connections on the group policy.

5

FAQ list and Go button

Contains frequently asked questions about using CVDM-VPNSM. Select a question from the list and click the Go button.


What Does the Setup Page Show Me?

The setup page allows you to view information about and configure site-to-site VPNs, remote access VPNs, IPSec rules, and AAA server information. You can also edit your global settings from the setup page (see Figure 1-7).

Figure 1-7 CVDM-VPNSM Setup Page

Understanding the CVDM-VPNSM Desktop

This section describes the main GUI elements of the CVDM-VPNSM application.

Figure 1-8 CVDM-VPNSM GUI Elements

Figure 1-8 Reference
Location
Description

1

Menu bar

Provides File, Edit, View, and Help options.

File

File > Save to Startup—Saves the configuration running on the device as the startup configuration. For more information, see Saving Startup Configurations.

File > Exit—Logs you out of CVDM-VPNSM and closes the application window.

Edit

Edit > Preferences...—Displays the Preferences dialog box from which you can edit application preferences. See Editing Preferences for more information.

View

View > Home—Displays the Home page. See What Does the Home Page Show Me? for more information.

View > Setup—Displays the Setup page. See What Does the Setup Page Show Me? for more information.

View > Running Config—Opens the Show Running Configuration dialog box, which displays information about the configuration running on the supervisor or device. See Viewing the Running Configuration Information for the Device for more information.

1 (continued)

Menu bar (continued)

View (continued)

View > Refresh—Collects the most recent device information and updates the CVDM-VPNSM data. See Refreshing CVDM-VPNSM for more information.

View > Transport Log...—Displays the transport log of the device. The transport log displays all communication between CVDM-VPNSM and the device. See Viewing the Device Transport Log for more information.

Help

Help > Help Topics—Displays online help.

Help > About CVDM-VPNSM...—Displays CVDM-VPNSM version information.

2

Task bar

Provides the following buttons:

Home—Displays the home page. See What Does the Home Page Show Me? for more information on the home page.

Setup—Displays the Setup page for accessing CVDM-VPNSM functions. See What Does the Setup Page Show Me? for more information on the Setup page.

Refresh—Collects the most recent device information and updates CVDM-VPNSM data.

Deliver—Opens the Deliver Configuration to Switch/Module(s) dialog box, from which you can send accumulated CLI commands to the device. See Delivering CLI Commands to the Device for more information.

Help—Displays context-sensitive help.

3

Page

CVDM-VPNSM working area in which you perform tasks.

4

Pane

One part of a divided page or dialog box.

5

Status bar

Provides the following information:

Application user and privilege level.

Icon showing the security level of the connection.

Time stamp showing the last time CVDM-VPNSM collected data.

6

Selector

Hierarchy of the groups and objects available in the Setup page that allows you to access specific functions for a switch or service object. See Selector for more information.

7

Left-most pane

Contains buttons on the Setup page that allow you to access VPN module configuration functions.


Selector

The selector is a tree that appears on most Switch and Services pages. Figure 1-9 shows what the selector looks like when folders, subfolders, and objects are displayed. Not all selectors contain all of these elements.

Figure 1-9 Selector

Figure 1-9 Reference
Location
Description

1

Selector handle

Click the handle to open and close the selector, or click the handle and drag it to resize it.

2

Group folder

Displays a group of objects. Click the plus (+) symbol to see the contents of this folder.

3

Object

Displays the individual entity contained in the group or subgroup. Click an object to open the page for that object.


Understanding the Action Buttons

This section describes the action buttons that commonly appear in CVDM-VPNSM dialog boxes and wizards. For a description of the wizard action buttons, see Table 1-2; for a description of the dialog box action buttons, see Table 1-3.

Table 1-2 Wizard Action Buttons

Button
Action

Back

Takes you to the previous page.

Next

Takes you to the next page.

Finish

Takes you to the wizard Deliver page.

Cancel

Exits a wizard dialog box without making any changes.

Help

Displays context-sensitive online help.


Table 1-3 Dialog Box Action Buttons

Button
Action

OK

Saves your changes.

Cancel

Exits the dialog box without making any changes.

Help

Displays context-sensitive online help.


Note Some dialog boxes may contain additional buttons not described in this table.

Saving Startup Configurations

You can save your device configuration as the startup configuration.

Step 1 Select File > Save to Startup. A warning dialog box appears, asking if you want to continue.

Step 2 To proceed, click Yes. CVDM-VPNSM saves the configuration as your startup configuration.

Editing Preferences

Step 1 Select Edit > Preferences.... The Preferences dialog box appears.

Step 2 Edit the appropriate values:

GUI Element
Action

Show CLI Preview for Wizards check box

Select this check box if you want CVDM-VPNSM to display the CLI commands to be delivered to the device after you have completed a wizard. By default, this check box is deselected.

When this check box is selected, when you click Finish in a wizard, the Deliver Configuration to the Switch/Module(s) dialog box opens and displays the CLI commands. For more information, see Delivering CLI Commands to the Device.

Show CLI Preview on Delivery check box

Select this check box if you want CVDM-VPNSM to display the CLI commands to be delivered to the device. By default, this check box is selected.

When this check box is selected, if you click Deliver, then the Deliver Configuration to Switch/Module(s) dialog box opens and displays the CLI commands. For more information, see Delivering CLI Commands to the Device.

Refresh After Delivery check box

Select this check box to automatically refresh CVDM-VPNSM after you deliver commands to the device. Refreshing CVDM-VPNSM allows you to obtain the latest service device information and update the CVDM-VPNSM data. By default, this check box is selected.

When this check box is deselected, when you click Finish in a wizard, CVDM-VPNSM prompts you to optionally refresh the application after delivering commands to the device. For more information, see Refreshing CVDM-VPNSM.

Confirm before Exiting check box

Select this check box if you want CVDM-VPNSM to ask you to confirm that you want to exit the application. By default, this check box is selected.

When this check box is selected, CVDM-VPNSM displays a dialog box asking you if you want to exit CVDM-VPNSM. From this dialog box, you can select the Always display this dialog box before exiting check box if you always want CVDM-VPNSM to confirm that you want to exit CVDM-VPNSM.


Viewing the Running Configuration Information for the Device

Select View > Running Config. The Show Running Configuration dialog box appears. Information about the running configuration for the device is displayed.

You can click the Save to File... button to save this information as a text file.

Viewing the Device Transport Log

Step 1 Select View > Transport Log.... A warning dialog box appears.

Step 2 To proceed, click OK. The Transport Log dialog box appears, displaying information about communication between CVDM-VPNSM and the device. You can do the following:

Click Clear Log to clear the information in the transport log.

Click Save to File... to save the transport log information as a text file.

Refreshing CVDM-VPNSM

You can refresh CVDM-VPNSM at any time to obtain the latest device information and update the CVDM-VPNSM data.

Note You can specify that CVDM-VPNSM automatically refresh after you deliver commands to the device; see Editing Preferences for more information.

Step 1 Click Refresh at the top of the window or select View > Refresh from the Menu bar.

Step 2 A dialog box appears, asking if you want to proceed with the refresh. To proceed, click Yes. The most recent device information is collected and is populated in CVDM-VPNSM. If you do not deliver your accumulated commands, they are not saved by the application.

Delivering CLI Commands to the Device

Note You must deliver accumulated CLI commands to the device before any changes you make in CVDM-VPNSM will be applied.

Step 1 Click the Deliver button at the top of the window. The Deliver Configuration to Switch/Module(s) dialog box appears if you have configured CVDM-VPNSM to display the accumulated CLI commands when you click the Deliver button (for more information on configuring this option, see Editing Preferences).

Note The Deliver Configuration to Switch/Module(s) dialog box also appears when you click the Finish button in a wizard if you have configured CVDM-VPNSM to display the accumulated CLI commands after you have completed a wizard.

Step 2 Edit the appropriate values.

GUI Element
Action

Window

Displays the accumulated CLI commands to be delivered to the device.

Deliver button

Click to send the accumulated CLI commands to the device.

Save to File... button

Click to save the CLI commands as a text file.

Close button1

Close the dialog box without delivering any CLI commands.

Deliver Later button2

Click to deliver the wizard CLI commands to the device at a later time.

1 This button is available only in the Deliver Configuration to Switch/Module(s) dialog box that is displayed after you click Deliver at the top of the window.

2 This button is available only in the Deliver Configuration to Switch/Module(s) dialog box that is displayed after you click Finish in a wizard.


Note The Deliver Configuration to Switch/Module(s) dialog box displays all accumulated CLI commands that will be delivered to the module; therefore, any previous CLI commands that were not sent to the module are shown in this dialog box, as well as the CLI commands you have generated in this session.