Cisco Secure Desktop Configuration Guide for VPN 3000 Concentrator Series and Catalyst 6500 Series WebVPN Services Module Administrators, Release 3.1.1 - Tutorial [Cisco Secure Desktop]

Table Of Contents

Tutorial

Step One: Define Windows Locations

Step Two: Define Windows Location Identification

Work

Home

Insecure

Step Three: Configure Windows Location Modules

Work

Home

Insecure

Step Four: Configure Windows Location Features

Work

Home

Insecure

Step Five: Configure Windows CE Features

Step Six: Configure Macintosh and Linux Features

Step Seven: Save the Settings

Step Eight: Enable CSD (VPN 3000 Concentrator Series Only)

Tutorial

CSD is a highly customizable suite of security tools that you can deploy in many different ways to secure remote systems and enforce your company's network security polices. This chapter steps you through a configuration to help you understand the following:

•How to deploy CSD

•Which security decisions you need to make to best accommodate your users and secure your network

Note The instructions in this chapter introduce you to the CSD configuration settings. Subsequent chapters reinforce these instructions with detailed descriptions.

The following sections guide you through the CSD configuration sequence:

•Step One: Define Windows Locations

•Step Two: Define Windows Location Identification

•Step Three: Configure Windows Location Modules

•Step Four: Configure Windows Location Features

•Step Five: Configure Windows CE Features

•Step Six: Configure Macintosh and Linux Features

•Step Seven: Save the Settings

•Step Eight: Enable CSD (VPN 3000 Concentrator Series Only)

Step One: Define Windows Locations

Begin configuring CSD by defining Windows locations. Windows locations apply to supported Microsoft Windows clients only; they do not apply to Macintosh and Linux clients.

Locations let you deploy an appropriate secure environment to hosts that connect through the VPN. They let you increase security on hosts that you determine are likely to be insecure, and offer flexibility to clients you determine are secure. You can restrict user privileges when they connect from unknown computers. You can also deploy the Secure Desktop and Cache Cleaner modules on insecure hosts to wipe clean session information that might contain confidential company information. We recommend that you consider the different types of hosts that will connect through the VPN, before you determine the criteria needed to secure those hosts and the security policies to assign to those criteria.

This tutorial describes how to configure three example locations: "Work," "Home," and "Insecure." "Work" is for those connecting to the VPN from a workstation in the office, "Home" is for those working from home, and "Insecure" is for those who do not meet the criteria for either, such as those connecting from a cybercafé.

In this tutorial, "Work" provides clients with full access, "Home" provides some flexibility, and "Insecure" restricts access. This tutorial defines the locations as follows:

•Work

–Identified by a registry entry

–Secure Desktop and Cache Cleaner are disabled

–Full access: all features ON

•Home

–Identified by a certificate given by the administrator

–Secure Desktop and Vault Reuse are enabled, with no timeout

–Advanced features require company antivirus software, company antispyware, company firewall, and Windows 2000 Service Pack 4 or Windows XP

–Check for keystroke logger

•Insecure

–No identification

–Cache Cleaner

–All features disabled except web browsing

To create the three locations:

Step 1 Click Windows Location Settings in the menu on the left side of the CSD Manager window. The Windows Location Settings window opens.

Step 2 Type the following names in the Location name field, and click Add after typing each one:

•Work

•Home

•Insecure

CSD evaluates client connections against the location entries in the order listed on the Windows Location Settings window. CSD grants privileges to a client PC based on the first location definition it matches. Our example includes "Work," "Home," and "Insecure" in that order; to assign privileges to a host, CSD first determines whether it is a "Work" host. If it is not, it determines whether it is a "Home" host. If it is not, it assigns the privileges associated with the "Insecure" location.

To change the order of the evaluation, choose a location name and click Move Up or Move Down.

Note Click Save next to "Settings Modified" to save the configuration changes before continuing.

Step Two: Define Windows Location Identification

For each Windows location, define the criteria used to identify the location and the security modules to be deployed for that location. Specify this information by clicking on the location name in the menu on the left side of the CSD Manager. An Identification window lets you enable the identification criteria for the location: certificate, IP address range, and file/registry. The "Use Module" attribute at the bottom of the window lets you enable or disable the Secure Desktop or Cache Cleaner modules for the associated location.

Work

Identify clients in the "Work" location by registry entry as follows:

Step 1 Click the name Work in the menu on the left.

The Identification window opens.

Step 2 Check Enable identification using Registry or File criteria.

Step 3 Add a registry criteria such as, "HKEY_LOCAL_MACHINE\SOFTWARE\Company exists."

Step 4 Do not deploy a security module because the hosts in this location are inside the office; uncheck both Secure Desktop and Cache Cleaner next to "Use Module."

Home

Identify clients in the "Home" location by a certificate given by the administrator to users who connect from home, as follows:

Step 1 Click the name Home in the menu on the left.

Step 2 Check Enable identification using certificate criteria.

Step 3 Complete the Issued to and Issued By fields of the certificate.

Step 4 Check Secure Desktop next to "Use Module."

Insecure

Do not specify any criteria for the final location entry, "Insecure." It applies to all clients that do not match the criteria specified in the previous location entries. Enable the Cache Cleaner module for these clients, as follows:

Step 1 Click the name Insecure in the menu on the left.

Step 2 Check Cache Cleaner next to "Use Module."

Note Click Save next to "Settings Modified" to save the configuration changes before continuing.

Step Three: Configure Windows Location Modules

This section describes how to customize the CSD deployment for each location. Each location in the menu has six options: VPN Feature Policy, Keystroke Logger, Cache Cleaner, Secure Desktop General, Secure Desktop Settings, and Secure Desktop Browser.

If you selected Cache Cleaner next to "Use Module" in the location configuration, configure the Cache Cleaner. If you selected Secure Desktop, configure both the Secure Desktop and Cache Cleaner because CSD supports only the Cache Cleaner on Windows 98 machines.

Work

Because you assigned neither the Secure Desktop and Cache Cleaner security modules to the location entry named "Work," do not configure the associated VPN Feature Policy, Keystroke Logger, Cache Cleaner, Secure Desktop General, Secure Desktop Settings, and Secure Desktop Browser settings.

Home

Use the Secure Desktop for the "Home" location and allow vault reuse, no timeout, access to printing, and the command prompt. Also, allow connections using the Cache Cleaner for Windows 98 hosts. Set up the "Home" location with these settings as follows:

Step 1 Click Cache Cleaner under "Home."

The Cache Cleaner window opens.

a. Uncheck Launch cleanup upon inactivity timeout.

b. Uncheck Disable cancellation of cleaning.

See the option descriptions in "Cache Cleaner for Windows" for more information about the settings in this window.

Step 2 Click Secure Desktop General under "Home."

The Secure Desktop General window opens (Figure 5-1).

Figure 5-1 Secure Desktop General Window

a. Check Enable switching between Secure Desktop and Local Desktop.

b. Check Enable Vault Reuse.

c. Uncheck Enable Secure Desktop inactivity timeout.

With this attribute unchecked, the timeout has no effect.

See the option descriptions in "Secure Desktop General" for more information about the settings in this window.

Step 3 Click Secure Desktop Settings under "Home."

The Secure Desktop window opens.

Uncheck all options in this window except for Allow e-mail applications to work transparently.

See the option descriptions in "Secure Desktop Settings" for more information about the settings in this window.

Insecure

Use the default Cache Cleaner settings for the "Insecure" location. Assign or confirm the associated Cache Cleaner settings as follows:

Step 1 Click Cache Cleaner under "Insecure."

The Cache Cleaner window opens.

Step 2 Check Launch cleanup upon inactivity timeout.

When checked, this option forces a timeout if the user leaves the computer without logging out.

Step 3 Set Timeout after to 5 minutes.

Note Click Save next to "Settings Modified" to save the configuration changes before continuing.

Step Four: Configure Windows Location Features

CSD creates security modules for each location when you create it. Refer to the following sections to specify the level of access for each location.

Work

Provide full access to users in the "Work" location as follows:

Step 1 Click VPN Feature Policy under "Work."

Step 2 Set the following attributes to ON to ensure users connecting from the office environment have access to all of the VPN features:

•Web Browsing

•File Access

•Port Forwarding

•Full Tunneling

Home

Users connecting from home have advanced features like File Access, Port Forwarding, and Full Tunneling only if they meet the company network policies for antivirus software, antispyware, firewall software, and Windows 2000 Service Pack 4 or Windows XP. Provide users in the "Home" location with this level of access as follows:

Step 1 Click VPN Feature Policy under "Home."

Step 2 Set Web Browsing to ON.

Step 3 Set File Access to ON if criteria are matched.

Step 4 Click the ellipses (...) button under "Web Browsing."

A dialog window opens.

Step 5 Check AntiVirus and choose the antivirus software.

Note To choose multiple options for a given field in this window, Control-click them.

Step 6 Check Anti-spyware and choose the antispyware software.

Step 7 Check Firewall and choose the firewall software.

Step 8 Check OS and choose 2000 SP4, XP no SP, XP SP1, and XP SP2.

Step 9 Click OK.

Step 10 Repeat Steps 3 to 9 for Port Forwarding and Full Tunneling.

Insecure

These instructions grant web browsing access only, and only if the Secure Desktop is active. Provide this level of access to users in the "Insecure" location as follows:

Step 1 Click VPN Feature Policy under "Insecure."

Step 2 Set Web Browsing to ON if criteria are matched.

Step 3 Click the ellipses (...) button under "Web Browsing."

A dialog window opens.

Step 4 Check AntiVirus and choose the antivirus software.

Note To choose multiple options for a given field in this window, Control-click them.

Step 5 Check Firewall and choose the company firewall software.

Step 6 Check Anti-spyware and choose the antispyware software.

Step 7 Check OS and choose 2000 SP4, XP no SP, XP SP1, and XP SP2.

Step 8 Check Feature and choose Cache Cleaner.

Step 9 Click OK.

Step 10 Make sure File Access, Port Forwarding, and Full Tunneling are unchecked.

Step 11 Click OK.

See the option descriptions in "VPN Feature Policy" for more information.

Note Click Save next to "Settings Modified" to save the configuration changes before continuing.

Step Five: Configure Windows CE Features

CSD provides limited features and restrictions for Windows CE clients. The following instructions explain how to grant or restrict web browsing and file access privileges to these clients.

Configure CSD for Windows CE clients as follows:

Step 1 Click Windows CE.

The Windows CE window opens.

Step 2 Set Web Browsing to ON.

Step 3 Set File Access to ON.

See the option descriptions in "Setting Up CSD for Microsoft Windows CE Clients" for more information about the settings in this window.

Note Click Save next to "Settings Modified" to save the configuration changes before continuing.

Step Six: Configure Macintosh and Linux Features

CSD handles Macintosh and Linux systems differently from Windows. Instead of using different settings per location, all Macintosh and Linux hosts use the same settings. (Hosts connecting from both secure and insecure locations connect with the same settings.) The following instructions explain how to grant only web browsing access privileges with a global timeout.

Configure the Macintosh and Linux cache cleaner as follows:

Step 1 Click Mac & Linux Cache Cleaner.

The Cache Cleaner - Mac & Linux window opens.

Step 2 Check Launch cleanup upon global timeout.

Step 3 Set the Timeout after value to 5 minutes.

Step 4 Check Let user reset timeout.

Step 5 Set Web Browsing to ON.

Step 6 Set File Access to ON.

Step 7 Set Port Forwarding to OFF.

See the option descriptions in "Setting Up CSD for Macintosh and Linux Clients" for more information about the settings in this window.

Note Be sure to follow the instructions in the next section before leaving the Desktop Manager.

Step Seven: Save the Settings

After you configure the CSD suite, be sure to click Save in the upper left corner of the Secure Desktop Manager window (Figure 5-2).

Figure 5-2 Save Needed Indicator

Caution Navigating away from the Secure Desktop Manager window without saving results in the loss of all Secure Desktop Manager configuration changes.

The Secure Desktop Manager Save button provides a different Save function than that provided by the VPN Concentrator Manager.

Step Eight: Enable CSD (VPN 3000 Concentrator Series Only)

Note You must enable CSD on the Catalyst 6500 Series WebVPN Services Module before configuring it; therefore, these instructions apply only to the VPN 3000 Concentrator Series.

By default, the VPN 3000 Concentrator disables support for CSD. We recommend that you complete and verify the CSD configuration before you enable it.

Caution You lose any unsaved configuration changes you made to CSD if you follow the instruction in Step 1. Be sure to save the CSD configuration before proceeding.

Enable or disable VPN 3000 Concentrator support for CSD as follows:

Step 1 Choose Configuration | Tunneling and Security | WebVPN | Secure Desktop | Setup in the VPN Concentrator Manager.

The selected radio button indicates the current Enable/Disable setting.

Step 2 Click Enable Secure Desktop.

Step 3 Click Save Needed.

Step 4 Click OK.

The VPN Manager replaces "Save Needed" with "Save" to indicate it saved the VPN 3000 Concentrator configuration you modified.

	Cisco Secure Desktop Configuration Guide for VPN 3000 Concentrator Series and Catalyst 6500 Series WebVPN Services Module Administrators, Release 3.1.1
	Tutorial
Cisco Secure Desktop Configuration Guide for VPN 3000 Concentrator Series and Catalyst 6500 Series WebVPN Services Module Administrators, Release 3.1.1 About This Guide Installing the CSD Software Enabling and Disabling CSD Establishing a Management Session Introduction Tutorial Setting Up CSD for Microsoft Windows Clients Setting Up CSD for Microsoft Windows CE Clients Setting Up CSD for Macintosh and Linux Clients Exporting and Importing a CSD Configuration Frequently Asked Questions Index	Download this chapter Tutorial Download the complete book Cisco Secure Desktop Configuration Guide for VPN 3000 Concentrator and Catalyst 6500 Administrators, 3.1.1 - Whole Book PDF (PDF - 2 MB) Table Of Contents Tutorial Step One: Define Windows Locations Step Two: Define Windows Location Identification Work Home Insecure Step Three: Configure Windows Location Modules Work Home Insecure Step Four: Configure Windows Location Features Work Home Insecure Step Five: Configure Windows CE Features Step Six: Configure Macintosh and Linux Features Step Seven: Save the Settings Step Eight: Enable CSD (VPN 3000 Concentrator Series Only) Tutorial CSD is a highly customizable suite of security tools that you can deploy in many different ways to secure remote systems and enforce your company's network security polices. This chapter steps you through a configuration to help you understand the following: •How to deploy CSD •Which security decisions you need to make to best accommodate your users and secure your network Note The instructions in this chapter introduce you to the CSD configuration settings. Subsequent chapters reinforce these instructions with detailed descriptions. The following sections guide you through the CSD configuration sequence: •Step One: Define Windows Locations •Step Two: Define Windows Location Identification •Step Three: Configure Windows Location Modules •Step Four: Configure Windows Location Features •Step Five: Configure Windows CE Features •Step Six: Configure Macintosh and Linux Features •Step Seven: Save the Settings •Step Eight: Enable CSD (VPN 3000 Concentrator Series Only) Step One: Define Windows Locations Begin configuring CSD by defining Windows locations. Windows locations apply to supported Microsoft Windows clients only; they do not apply to Macintosh and Linux clients. Locations let you deploy an appropriate secure environment to hosts that connect through the VPN. They let you increase security on hosts that you determine are likely to be insecure, and offer flexibility to clients you determine are secure. You can restrict user privileges when they connect from unknown computers. You can also deploy the Secure Desktop and Cache Cleaner modules on insecure hosts to wipe clean session information that might contain confidential company information. We recommend that you consider the different types of hosts that will connect through the VPN, before you determine the criteria needed to secure those hosts and the security policies to assign to those criteria. This tutorial describes how to configure three example locations: "Work," "Home," and "Insecure." "Work" is for those connecting to the VPN from a workstation in the office, "Home" is for those working from home, and "Insecure" is for those who do not meet the criteria for either, such as those connecting from a cybercafé. In this tutorial, "Work" provides clients with full access, "Home" provides some flexibility, and "Insecure" restricts access. This tutorial defines the locations as follows: •Work –Identified by a registry entry –Secure Desktop and Cache Cleaner are disabled –Full access: all features ON •Home –Identified by a certificate given by the administrator –Secure Desktop and Vault Reuse are enabled, with no timeout –Advanced features require company antivirus software, company antispyware, company firewall, and Windows 2000 Service Pack 4 or Windows XP –Check for keystroke logger •Insecure –No identification –Cache Cleaner –All features disabled except web browsing To create the three locations: Step 1 Click Windows Location Settings in the menu on the left side of the CSD Manager window. The Windows Location Settings window opens. Step 2 Type the following names in the Location name field, and click Add after typing each one: •Work •Home •Insecure CSD evaluates client connections against the location entries in the order listed on the Windows Location Settings window. CSD grants privileges to a client PC based on the first location definition it matches. Our example includes "Work," "Home," and "Insecure" in that order; to assign privileges to a host, CSD first determines whether it is a "Work" host. If it is not, it determines whether it is a "Home" host. If it is not, it assigns the privileges associated with the "Insecure" location. To change the order of the evaluation, choose a location name and click Move Up or Move Down. Note Click Save next to "Settings Modified" to save the configuration changes before continuing. Step Two: Define Windows Location Identification For each Windows location, define the criteria used to identify the location and the security modules to be deployed for that location. Specify this information by clicking on the location name in the menu on the left side of the CSD Manager. An Identification window lets you enable the identification criteria for the location: certificate, IP address range, and file/registry. The "Use Module" attribute at the bottom of the window lets you enable or disable the Secure Desktop or Cache Cleaner modules for the associated location. Work Identify clients in the "Work" location by registry entry as follows: Step 1 Click the name Work in the menu on the left. The Identification window opens. Step 2 Check Enable identification using Registry or File criteria. Step 3 Add a registry criteria such as, "HKEY_LOCAL_MACHINE\SOFTWARE\Company exists." Step 4 Do not deploy a security module because the hosts in this location are inside the office; uncheck both Secure Desktop and Cache Cleaner next to "Use Module." Home Identify clients in the "Home" location by a certificate given by the administrator to users who connect from home, as follows: Step 1 Click the name Home in the menu on the left. Step 2 Check Enable identification using certificate criteria. Step 3 Complete the Issued to and Issued By fields of the certificate. Step 4 Check Secure Desktop next to "Use Module." Insecure Do not specify any criteria for the final location entry, "Insecure." It applies to all clients that do not match the criteria specified in the previous location entries. Enable the Cache Cleaner module for these clients, as follows: Step 1 Click the name Insecure in the menu on the left. Step 2 Check Cache Cleaner next to "Use Module." Note Click Save next to "Settings Modified" to save the configuration changes before continuing. Step Three: Configure Windows Location Modules This section describes how to customize the CSD deployment for each location. Each location in the menu has six options: VPN Feature Policy, Keystroke Logger, Cache Cleaner, Secure Desktop General, Secure Desktop Settings, and Secure Desktop Browser. If you selected Cache Cleaner next to "Use Module" in the location configuration, configure the Cache Cleaner. If you selected Secure Desktop, configure both the Secure Desktop and Cache Cleaner because CSD supports only the Cache Cleaner on Windows 98 machines. Work Because you assigned neither the Secure Desktop and Cache Cleaner security modules to the location entry named "Work," do not configure the associated VPN Feature Policy, Keystroke Logger, Cache Cleaner, Secure Desktop General, Secure Desktop Settings, and Secure Desktop Browser settings. Home Use the Secure Desktop for the "Home" location and allow vault reuse, no timeout, access to printing, and the command prompt. Also, allow connections using the Cache Cleaner for Windows 98 hosts. Set up the "Home" location with these settings as follows: Step 1 Click Cache Cleaner under "Home." The Cache Cleaner window opens. a. Uncheck Launch cleanup upon inactivity timeout. b. Uncheck Disable cancellation of cleaning. See the option descriptions in "Cache Cleaner for Windows" for more information about the settings in this window. Step 2 Click Secure Desktop General under "Home." The Secure Desktop General window opens (Figure 5-1). Figure 5-1 Secure Desktop General Window a. Check Enable switching between Secure Desktop and Local Desktop. b. Check Enable Vault Reuse. c. Uncheck Enable Secure Desktop inactivity timeout. With this attribute unchecked, the timeout has no effect. See the option descriptions in "Secure Desktop General" for more information about the settings in this window. Step 3 Click Secure Desktop Settings under "Home." The Secure Desktop window opens. Uncheck all options in this window except for Allow e-mail applications to work transparently. See the option descriptions in "Secure Desktop Settings" for more information about the settings in this window. Insecure Use the default Cache Cleaner settings for the "Insecure" location. Assign or confirm the associated Cache Cleaner settings as follows: Step 1 Click Cache Cleaner under "Insecure." The Cache Cleaner window opens. Step 2 Check Launch cleanup upon inactivity timeout. When checked, this option forces a timeout if the user leaves the computer without logging out. Step 3 Set Timeout after to 5 minutes. Note Click Save next to "Settings Modified" to save the configuration changes before continuing. Step Four: Configure Windows Location Features CSD creates security modules for each location when you create it. Refer to the following sections to specify the level of access for each location. Work Provide full access to users in the "Work" location as follows: Step 1 Click VPN Feature Policy under "Work." Step 2 Set the following attributes to ON to ensure users connecting from the office environment have access to all of the VPN features: •Web Browsing •File Access •Port Forwarding •Full Tunneling Home Users connecting from home have advanced features like File Access, Port Forwarding, and Full Tunneling only if they meet the company network policies for antivirus software, antispyware, firewall software, and Windows 2000 Service Pack 4 or Windows XP. Provide users in the "Home" location with this level of access as follows: Step 1 Click VPN Feature Policy under "Home." Step 2 Set Web Browsing to ON. Step 3 Set File Access to ON if criteria are matched. Step 4 Click the ellipses (...) button under "Web Browsing." A dialog window opens. Step 5 Check AntiVirus and choose the antivirus software. Note To choose multiple options for a given field in this window, Control-click them. Step 6 Check Anti-spyware and choose the antispyware software. Step 7 Check Firewall and choose the firewall software. Step 8 Check OS and choose 2000 SP4, XP no SP, XP SP1, and XP SP2. Step 9 Click OK. Step 10 Repeat Steps 3 to 9 for Port Forwarding and Full Tunneling. Insecure These instructions grant web browsing access only, and only if the Secure Desktop is active. Provide this level of access to users in the "Insecure" location as follows: Step 1 Click VPN Feature Policy under "Insecure." Step 2 Set Web Browsing to ON if criteria are matched. Step 3 Click the ellipses (...) button under "Web Browsing." A dialog window opens. Step 4 Check AntiVirus and choose the antivirus software. Note To choose multiple options for a given field in this window, Control-click them. Step 5 Check Firewall and choose the company firewall software. Step 6 Check Anti-spyware and choose the antispyware software. Step 7 Check OS and choose 2000 SP4, XP no SP, XP SP1, and XP SP2. Step 8 Check Feature and choose Cache Cleaner. Step 9 Click OK. Step 10 Make sure File Access, Port Forwarding, and Full Tunneling are unchecked. Step 11 Click OK. See the option descriptions in "VPN Feature Policy" for more information. Note Click Save next to "Settings Modified" to save the configuration changes before continuing. Step Five: Configure Windows CE Features CSD provides limited features and restrictions for Windows CE clients. The following instructions explain how to grant or restrict web browsing and file access privileges to these clients. Configure CSD for Windows CE clients as follows: Step 1 Click Windows CE. The Windows CE window opens. Step 2 Set Web Browsing to ON. Step 3 Set File Access to ON. See the option descriptions in "Setting Up CSD for Microsoft Windows CE Clients" for more information about the settings in this window. Note Click Save next to "Settings Modified" to save the configuration changes before continuing. Step Six: Configure Macintosh and Linux Features CSD handles Macintosh and Linux systems differently from Windows. Instead of using different settings per location, all Macintosh and Linux hosts use the same settings. (Hosts connecting from both secure and insecure locations connect with the same settings.) The following instructions explain how to grant only web browsing access privileges with a global timeout. Configure the Macintosh and Linux cache cleaner as follows: Step 1 Click Mac & Linux Cache Cleaner. The Cache Cleaner - Mac & Linux window opens. Step 2 Check Launch cleanup upon global timeout. Step 3 Set the Timeout after value to 5 minutes. Step 4 Check Let user reset timeout. Step 5 Set Web Browsing to ON. Step 6 Set File Access to ON. Step 7 Set Port Forwarding to OFF. See the option descriptions in "Setting Up CSD for Macintosh and Linux Clients" for more information about the settings in this window. Note Be sure to follow the instructions in the next section before leaving the Desktop Manager. Step Seven: Save the Settings After you configure the CSD suite, be sure to click Save in the upper left corner of the Secure Desktop Manager window (Figure 5-2). Figure 5-2 Save Needed Indicator Caution Navigating away from the Secure Desktop Manager window without saving results in the loss of all Secure Desktop Manager configuration changes. The Secure Desktop Manager Save button provides a different Save function than that provided by the VPN Concentrator Manager. Step Eight: Enable CSD (VPN 3000 Concentrator Series Only) Note You must enable CSD on the Catalyst 6500 Series WebVPN Services Module before configuring it; therefore, these instructions apply only to the VPN 3000 Concentrator Series. By default, the VPN 3000 Concentrator disables support for CSD. We recommend that you complete and verify the CSD configuration before you enable it. Caution You lose any unsaved configuration changes you made to CSD if you follow the instruction in Step 1. Be sure to save the CSD configuration before proceeding. Enable or disable VPN 3000 Concentrator support for CSD as follows: Step 1 Choose Configuration \| Tunneling and Security \| WebVPN \| Secure Desktop \| Setup in the VPN Concentrator Manager. The selected radio button indicates the current Enable/Disable setting. Step 2 Click Enable Secure Desktop. Step 3 Click Save Needed. Step 4 Click OK. The VPN Manager replaces "Save Needed" with "Save" to indicate it saved the VPN 3000 Concentrator configuration you modified.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.