-
Using Management Center for VPN Routers 1.3
-
Preface
-
Introduction
-
Getting Started with Router MC
-
Router MC Scenarios
-
Working with Activities
-
Managing Devices
-
Configuring VPN Settings
-
Configuring an IOS Firewall on your VPN Router
-
Defining IKE Policies
-
Defining VPN Tunnel Policies
-
Configuring Translation Rules
-
Working with Building Blocks
-
Uploading Device Configurations
-
Deploying Configurations
-
Viewing Reports
-
Router MC Administration
-
Troubleshooting
-
Router MC Operating Prerequisites
-
Router MC User Permissions
-
Table Of Contents
Defining Configuration Support Settings
Defining the Auto Update Server (AUS) Settings
Router MC Administration
The Admin tab allows system administrators to define overall system settings, and define the ranges and other settings that affect policy configuration and implementation. From this tab, an administrator can also configure the Auto Update Server (AUS) settings required for communication between Router MC and the AUS.
The following topics provide information about the settings that can be defined in the Admin tab:
•
Defining Configuration Support Settings
•
Defining System Settings
Administrators can define the overall system settings for the Router MC application, such as, the workflow mode, activity and job approval settings, and settings for historical jobs and activities.
The System Settings page is accessed by selecting Admin > System Settings.
Table 1-1 describes the elements displayed in the System Settings page.
Table 1-1 System Settings: GUI Reference
Use Workflow check box
Use this check box to change the application's workflow mode. By default, this check box is not selected, since the default working mode is Workflow Disabled mode. Select the check box to work in Workflow Enabled mode.
See Understanding Router MC Workflow Modes, page 1-5 for more information.
Require submission of activities for approval check box
If this check box is selected, activities must be submitted for approval. If this check box is not selected, activities do not have to be submitted for approval, but can be approved by the same user. In general, submission of activities for approval would not be necessary if the same user typically has the authority to define configurations and commit them to the database. See Understanding Activities, page 1-2 for more information.
Note
Require approval of jobs check box
If this check box is selected, jobs must be approved by a user with the appropriate permissions before they are deployed. See Approving a Job, page 1-23 for more information.
Note
Maximum Historical Jobs Saved field
Enter the number of jobs to be stored and displayed in the list of jobs. Router MC discards any historical jobs that exceed this value. The default value is 30.
Note
Maximum Historical Activities Saved field
Enter a number of activities. Router MC discards any historical activities that exceed this value. The default value is 30.
Clear Audit Records Prior To field
Specify a date in the format MM/DD/YYYY, or click the ... button to select a date from a calendar. Router MC will retain only those audit records that were created on or after the specified date.
... button
Click to open a calendar from which you can select the date of the oldest Router MC audit record that you want to keep. Click OK to confirm your selection and close the calendar, or click Cancel to close the calendar without selecting a date.
Config File Suffix field
Enter the file name suffix required for device configuration files being imported into Router MC. Users will only be able to import files with this suffix. In most cases, the suffix should be .cfg.
Display policy origin in incremental configuration check box
Selecting this check box enables you to view the policy source for incremental CLI commands generated for a device, in the View Configs option.
See Viewing Device Configurations (Workflow Disabled Mode), page 1-8 for more information.
Show Summary Step in Wizards check box
By default, all Router MC wizards end with a summary page that displays the definitions for that policy and enables you to go back and change them if necessary.
Deselect this check box to remove this summary page from all wizards.See Using Router MC Wizards, page 1-30 for more information.
Apply button
Click to confirm your selections and apply them.
Defining Configuration Support Settings
Administrators can change specific ranges and settings that affect policy configuration and implementation in Router MC, such as, the interior gateway protocol (IGP) process range used when generic routing encapsulation (GRE) is defined, and dialer interface ranges.
The Configuration Support Settings page is accessed by selecting Admin > Configuration Support Settings.
Table 1-2 describes the elements displayed in the Configuration Support Settings page.
Table 1-2 Configuration Support Settings—GUI Reference
Allow automatic generation of supplementary ACEs check box
If this check box is selected, Router MC will automatically generate additional ACEs to ensure that your firewall configurations will be compatible with other configurations, such as VPN configurations, management connections, and so on. These ACEs are in addition to the CLI commands generated by Router MC to implement your policy definitions.
By default, this check box is selected. If you prefer to add these ACEs manually when necessary, deselect the check box.
See Automatic ACE Generation in Router MC, page 1-30 for more information.
GRE Routing Range fields
Router MC adds an additional Interior Gateway Protocol (IGP) that is dedicated for IPSec and GRE secured communication. An IGP refers to a group of devices that receive routing updates from one another by means of a routing protocol, either EIGRP or OSPF. Each "routing group" is identified by a logical number, the process number. This process number must be within the range specified in these fields.
Enter an IGP process range to be used when GRE is defined for failover and routing. The default range is 110 to 120. See Understanding GRE, page 1-4 for more information.
Note
HA Standby Group Number (outside) field
Enter the standby number of the outside hub interface that matches the external virtual IP subnet, for hubs in an High Availability (HA) group. The number must be within the range of 0-255. See Defining HA Group Settings, page 1-25 for information about HA groups.
HA Standby Group Number (inside) field
Enter the standby number of the inside hub interface that matches the internal virtual IP subnet, for hubs in an HA group. The number must be within the range of 0-255.
Dialer Settings Range fields
Enter a range of numbers that can be used for dial backup configuration. A number from this range will be used for dialer pool, dialer group, and interface dialer settings. The allowed range for the dialer settings is 1-128.
See Configuring Dial Backup, page 1-43 for more information.
RTR Range fields
Enter a range of numbers that are available for configuring the RTR CLI commands for dial backup. The default range for the RTR settings is 1-2147483647.
See Configuring Dial Backup, page 1-43 for more information.
Maintain Non-RMC Defined CLI check box
This check box is selected by default. Router MC maintains and, where possible, reuses your existing policies (VPN, firewall, and NAT) on your devices, even if they were not configured using Router MC. This enables you to use Router MC to expand an existing network, without changing the existing network.
If you deselect this check box, Router MC will remove commands that do not contain the Router MC identifier and replace them with Router MC generated CLI commands, where relevant.
Apply button
Click to confirm your selections and apply them.
Defining the Auto Update Server (AUS) Settings
Administrators can specify the location of the AUS server and provide AUS contact information for Router MC. This information is required by Router MC in order to retrieve information from dynamically addressed devices.
See Importing Devices with Dynamically Assigned IP Addresses, page 1-12 and Understanding GRE with DMVPN, page 1-6 for more information.
The Auto Update Server Settings page is accessed by selecting Admin > Auto Update Server Settings.
Table 1-3 describes the elements displayed in the Auto Update Server Settings page.