-
VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release 4.7
-
A PDF Version of the Entire Book
-
Preface
-
Administration
-
Administer Sessions
-
Software Update
-
System Reboot
-
Reboot Status
-
Ping
-
Traceroute
-
Monitoring Refresh
-
Access Rights
-
File Management
-
Certificate Management
-
Monitoring
-
Routing Table
-
Dynamic Filters
-
Filterable Event Log
-
System Status
-
Sessions
-
Statistics
-
Using the Comand-Line Interface
-
Troubleshooting and System Errors
-
Copyrights, Licenses, and Notices
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - X - Y -
Index
Numerics
100 LED (Ethernet) B-7
A
AAA servers 9-10
add or modify 9-12
authentication 9-11
statistics 18-6
test 9-13
accessing the CLI A-1
access rights, administration 9-1
access settings for administrators 9-9
accounting statistics 18-2
ACL
add 9-8
administration 9-6
modify 9-8
configuring dynamic filters 14-4
Active Sessions LED B-6
Activity LED
SEP-E B-7
add
ACL 9-8
address pools
externally in use 18-5
reuse delay 18-5
statistic details 18-5
statistics 18-4
administering the VPN Concentrator 1-1
administration, ACL 9-6
add 9-8
modify 9-8
administration section of Manager 1-1
administrators
access rights 9-1
access settings 9-9
configuring 9-2
default passwords 9-3
default rights, table 9-4
file rights 9-5
locking configuration 2-6
modify properties 9-4
parameters in nonvolatile memory 9-2
predefined 9-2
session idle timeout 9-9
admin password, default 9-3
ARP table 18-47
authentication
AAA servers 9-11
AAA servers, add or modify 9-12
replica statistics 18-9
SDI statistics 18-9
statistics 18-7
using digital certificates 11-1
authorization statistics 18-10
B
back panel display (monitoring) 16-3
Bad IP Address error B-5
bandwidth management
bibliography xiii
bootcode
filename 16-2
upgrading xii
version 16-2
browser
Back or Forward button errors B-2
clear cache after software update 3-3
Refresh / Reload button logs out the Manager B-2
C
CA, See also Certificate Authority
CA certificates
configuring 11-56
definition 11-1
installing 11-44
caching, CRL 11-1
cancelling an enrollment request 11-72
certificate
PEM-encoded 11-17
certificate, See also digital certificates
Certificate Authority
definition 11-1
table 11-32
Certificate Revocation List (CRL)
acceptance 11-57
protocol 11-59
retrieval 11-58
viewing cache 11-52
Certificate Revocation List (CRL) checking 11-18, 11-56
enabling 11-18
on slow network 11-57
Cisco Trust Agent (CTA) 2-3
clear event log 15-3
CLI
accessing A-1
via console A-2
via SSH A-3
via Telnet A-2
access rights A-8
entering values A-4
errors B-5
help command A-7
main menu A-3
menu reference A-9
navigating A-6
saving configuration file A-7
specifying configured items A-5
starting A-3
stopping A-8
using Back and Home A-7
using shortcuts to navigate A-6
Coll LED (Ethernet) B-7
Command Line Interface
compliance standards C-10
compression
statistics 18-12
configuration files
automatic backup with file upload 10-6
changes with software update 3-2
encryption 9-9
for troubleshooting B-2
handling at reboot or shutdown 4-2
handling during file upload 10-6
managing 10-1
saving
CLI A-7
swapping 10-3
XML explort 10-8
configuring VPN Concentrator with CLI A-1
console, accessing CLI via A-2
conventions
documentation xii
typographic xii
copying configuration files 10-2
copyrights and licenses C-1
CPU Utilization LED B-6
crash
log file B-1
CRL checking, See Certificate Revocation List (CRL) checking
CRSHDUMP.TXT file B-1
D
data
compression,<emphasis> See compression
formats xiv
top ten sessions sorted by 17-8
default
administrator passwords 9-3
administrator rights, table 9-4
delete
configuration files 10-2
digital certificate 11-30, 11-62
enrollment request 11-73
DHCP
statistics 18-14
digital certificates
CA 11-1
Certificate Revocation List (CRL) checking 11-18, 11-56
definition 11-1
enabling
for IPSec LAN-to-LAN connections 11-27
for remote access connections 11-21
on the VPN Concentrator 11-21
expiration 11-18
fields 11-54
identity 11-1
installed on the VPN Concentrator 11-32
installing automatically via SCEP 11-4
manual installation 11-9
maximum allowed 11-1
PKCS-10 request 11-40
renewal 11-64
revocation 11-18
root 11-1
saving in Flash memory 11-1
SCEP 11-3
SCEP-enabled 11-4
SSL 11-1
obtaining 11-17
status 11-65
subordinate 11-1
troubleshooting 11-6
upload 11-50
viewing and managing on VPN Concentrator 11-31
viewing details 11-53
X.509 11-1
DNS
statistics 18-15
documentation
additional xii
cautions xiv
conventions xii
notes xiii
tips xiv
duration, top ten sessions sorted by 17-9
dynamic filters 14-1
configuring
in Cisco Secure ACS 14-4
on a RADIUS server 14-3
snytax 14-2
E
encryption
config file 9-9
encryption algorithms used by sessions (monitoring) 17-6
enrolling
certificates 11-36
identity certificate via SCEP 11-42
enrollment request
cancelling 11-72
creating 11-36
deleting 11-73
PKCS-10 11-40
removing according to status 11-34
status table 11-34
viewing details 11-70
error
an error has occurred ... B-3
errors
and troubleshooting B-1
an error has occurred ... B-3
bad IP address B-5
CLI B-5
insufficient authorization B-4
JavaScript B-3
no such interface supported (IE) B-4
not allowed B-4
not found B-4
old browser B-3
out of range value B-5
passwords do not match B-5
VPN Concentrator Manager B-2
Ethernet
100 LED B-7
interface status 16-6
Link LED B-7
Link Status LEDs B-6
MIB-II statistics 18-49
event log
capacity 15-1
clear (erase) 15-3
download to PC 15-2
filterable 15-1
format of 15-3
get 15-2
live 15-5
save 15-2
saved at system reboot B-1
saved if system crashes B-1
save on VPN Concentrator 15-3
stored in nonvolatile memory 15-1
events
statistics 18-16
exiting CLI A-8
Expansion Modules Insertion Status LEDs B-6
Expansion Modules Run Status LEDs B-6
export XML configuration file 10-8
externally in use 18-5
F
fans, cooling (monitoring) 16-3
Fan Status LED B-6
file access rights, administrators' 9-5
file management on VPN Concentrator 10-1
files
copying 10-2
deleting 10-2
importing XML 10-2
saving 10-2
viewing 10-2
file transfer, TFTP 10-4
file upload to VPN Concentrator 3-1, 10-6
filtering statistics 18-17
filters
dynamic See dynamic filters 14-2
LDAP 14-1
flash memory
file transfer via TFTP 10-4
file upload to 10-6
managing files in 10-1
rights to files in 9-5
size 10-1
space used 10-1
formats
data xiv
front panel display (monitoring) 16-2
G
generate
SSH host key 11-69
generating
SSL certificate 11-66
generating SSL server certificate 11-33
get event log 15-2
H
halt system 4-1
help, CLI A-7
HTTP
statistics 18-18
I
ICMP
MIB-II statistics 18-46
routing table entries 13-2
identity certificates
enrolling 11-36
maximum allowed 11-1
table 11-33
identity certificates, definition 11-1
idle timeout for administrator sessions 9-9
IKE
statistics 18-20
IKE proposal
configuring for remote access using digital certificates 11-21
image, software
filenames 3-2
update 3-1
importing configuration files 10-2
indicators
LED B-5
installing
CA certificates 11-44
CA certificates, automatic method (using SCEP) 11-4
certificates 11-44
enrolled certificates 11-45
identity certificates, automatic method 11-6
interfaces
Ethernet status and statistics 16-6
MIB-II statistics 18-37
Invalid Login or Session Timeout (error) B-3
Invalid Login or Session Timeout error B-2
IP MIB-II statistics 18-40
IPSec
statistics 18-19
IPSec LAN-to-LAN connections
enabling digital certificates 11-27
ITU (International Telecommunication Union) standards 11-53
J
Java Runtime Environment (JRE) requirements 7-1
JavaScript error B-3
L
L2TP
statistics 18-24
LAN-to-LAN sessions 2-4
LDAP
access 11-56
LDAP filters 14-1
LED indicators
100 (Ethernet) B-7
Active Sessions B-6
Activity (SEP-E) B-7
Coll (Ethernet) B-7
CPU Utilization B-6
Ethernet Link Status B-6
Expansion Modules Insertion Status B-6
Expansion Modules Run Status B-6
Fan Status B-6
Link (Ethernet) B-7
Power (SEP) B-7
Power Supplies
front panel B-6
Status (SEP) B-7
status, front panel 16-12
System B-6
table B-5
Throughput B-6
Tx (Ethernet) B-7
usage gauge B-6
licenses and copyrights C-1
Link LED (Ethernet) B-7
live event log 15-5
load balancing statistics 18-26
locked configuration 2-6
logging out all sessions 2-2
M
main menu, CLI A-3
managing digital certificates on VPN Concentrator 11-31
managing VPN Concentrator with CLI A-1
maximum number of certificates allowed 11-1
memory, SDRAM 16-2
memory, system
viewing status and data 16-4, 16-5
memory, upgrading xii
menus, CLI, navigating A-6
MIB-II statistics 18-36
model number, system 16-2
modify
ACL 9-8
properties of administrators 9-4
monitoring
screens, automatic refresh 8-1
section of Manager 12-1
N
NAC
reinitialize all 2-2
revalidate all 2-2
sessions 2-3
NAT statistics 18-27
navigating CLI menus A-6
nonvolatile memory 9-2
event log stored in 15-1
No such interface supported error B-4
Not Allowed error B-4
Not Found error B-4
notices, regulatory agency C-10
O
old browser (error) B-3
OSPF
MIB-II statistics 18-43
routing table entries 13-2
Out of Range value (error) B-5
P
password
default administrator 9-3
Passwords do not match error B-5
PEM-encoded certificate 11-17
ping a host 6-1
PKCS-10
enrollment request 11-40
Posture Agent 2-3
Posture Token
definition 2-9
power
Power Supplies LEDs
front panel B-6
SEP module LED B-7
status monitoring 16-7
turning off 4-1
PPTP
statistics 18-28
prerequisites, system administrator ix
private keys
saving in Flash memory 11-1
protocols, session (monitoring) 17-3
Public Key Certificate Syntax-10 See PKCS-10
Public Key Infrastructure (PKI) 11-1
R
reboot status screens 5-1
reboot system 4-1
redundancy, SEP modules 16-9
re-enrolling a certificate 11-64
references (bibliography) xiii
refresh Monitoring screens 8-1
regulatory agency notices C-10
reinitialize
NAC 2-2
re-keying a certificate 11-64
remote access
enabling digital certificates 11-21
statistics 2-4
renewing digital certificates 11-64
replicas (authentication), statistics 18-9
reuse delay 18-5
revalidate
NAC 2-2
RFC 2459 11-53
RIP
MIB-II statistics 18-42
routing table entries 13-2
root CA certificate 11-1
routing table (monitoring) 13-1
S
saving
configuration files 10-2
with CLI A-7
event log 15-3
SCEP
configuring 11-51
enrolling an identity certificate 11-42
enrolling SSL certificate 11-43
installing CA certificates 11-4, 11-47
installing identity certificates 11-6
SCEP-enabled certificate 11-4
troubleshooting 11-6
SDI authentication statistics 18-9
SDRAM memory 16-2
Secure Sockets Layer, See SSL 11-1
security associations (SA)
configuring for remote access using digital certificates 11-23
self-signed certificates
CA certificates 11-1
SSL 11-1
SSL certificate, generating 11-33
SEP modules
functions performed 16-8
redundancy 16-9
status and statistics 16-8
used by sessions (monitoring) 17-5
sessions
active (administration) 2-1
active (monitoring) 17-1
count, definition 2-3
data (monitoring) 17-1
parameter definitions 2-8
encryption algorithms used 17-6
LAN-to-LAN 2-4
logout all 2-2
management 2-5
maximum permitted 2-3
NAC 2-3
parameter definitions 2-6
protocols (monitoring) 17-3
remote access 2-4
SEP modules used 17-5
statistics (administration) 2-1
top ten 17-8
by data 17-8
by duration 17-9
by throughput 17-10
Session Timeout (error) B-3
Session Timeout error B-2
shutdown options 5-1
shutdown system 4-1
SNMP
MIB-II statistics 18-51
software image
update clients 3-4
update on VPN Concentrator 3-1
stopping 3-3
SSH
accessing CLI A-3
statistics 18-31
SSH host key, generating 11-69
SSL
statistics 18-32
SSL certificate 11-1
enrolling 11-36
enrolling via SCEP 11-43
exporting 11-67
obtaining 11-17
standards
ITU 11-53
RFC2459 11-53
X.520 11-53
standards compliance C-10
statistics 18-1
accounting 18-2
address pools 18-4
address pools (details) 18-5
authentication 18-7
authorization 18-10
bandwidth management 18-11
data compression 18-12
DHCP 18-14
DNS 18-15
events 18-16
filtering 18-17
HTTP 18-18
IKE 18-20
IPSec 18-19
L2TP 18-24
load balancing 18-26
MIB-II 18-36
ARP table 18-47
Ethernet 18-49
ICMP 18-46
interfaces 18-37
IP traffic 18-40
OSPF 18-43
RIP 18-42
SNMP 18-51
TCP/UDP 18-38
NAT 18-27
PPTP 18-28
sessions (administration) 2-1
SSH 18-31
SSL 18-32
Telnet 18-33
VRRP 18-34
Status LED
SEP B-7
stopping
CLI A-8
file upload to VPN Concentrator 3-3, 10-6
the VPN Concentrator 4-1
subordinate CA certificate 11-1
superuser <Emphasis>See administrators
swap configuration files 10-3
System LED B-6
system reboot 4-1
system shutdown 4-1
system status (monitoring) 16-1
T
TACACS+ server 9-10
add or modify 9-12
authentication 9-11
statistics 18-6
test 9-13
TCP/UDP MIB-II statistics 18-38
Telnet
accessing CLI A-2
statistics 18-33
temperature sensors (monitoring) 16-3
test
AAA servers 9-13
TFTP
file transfer 10-4
throughput, top ten sessions sorted by 17-10
Throughput LED B-6
timeout, administrator 9-9
live event log overrides 15-5
top ten sessions (monitoring) 17-8
traceroute 7-1
troubleshooting B-1
consult event log 15-1
files created for B-1
Tx LED (Ethernet) B-7
type (model number), system 16-2
typographic conventions xii
U
update software on VPN Concentrator 3-1
upgrading
bootcode xii
memory xii
upload
configuration file 10-6
digital certificates 11-50
usage gauge
LEDs (table) B-6
usage graph
LEDs (monitoring) 16-3
selector button 16-12
V
viewing
digital certificate details 11-53
digital certificates on VPN Concentrator 11-31
enrollment request 11-70
viewing files 10-2
voltage status 16-7
VPN Concentrator Manager
errors B-2
VRRP
statistics 18-34
X
X.509
digital certificates 11-1
X.520 standards 11-53
XML Export 10-8
Y
You are using an old browser or have disabled JavaScript (error) B-3