VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release 4.7 - Using the Comand-Line Interface [Cisco VPN 3000 Series Concentrators]

Table Of Contents

Using the Command-Line Interface

Accessing the CLI

Console Access

Telnet Access

SSH Access

Starting the CLI

Using the CLI

Choosing Menu Items

Entering Values

Specifying Configured Items

Navigating Quickly through the CLI

Using Shortcut Numbers

Using Back and Home

Getting Help Information

Saving the Configuration File

Stopping the CLI

Understanding CLI Access Rights

CLI Menu Reference

Main Menu

1 Configuration

1.1 Configuration > Interface Configuration

1.1.1, 1.1.2, or 1.1.3 Configuration > Interface Configuration > Configure Ethernet #1 or #2 or #3

1.1.3 Configuration > Interface Configuration > Configure Power Supplies

1.1.4 Configuration > Interface Configuration > Configure Power Supplies

1.2 Configuration > System Management

1.2.1 Configuration > System Management > Servers

1.2.2 Configuration > System Management > Address Management

1.2.3 Configuration > System Management > IP Routing

1.2.4 Configuration > System Management > Management Protocols

1.2.5 Configuration > System Management > Event Configuration

1.2.6 Configuration > System Management > General Config

1.2.7 Configuration > System Management > Client Update

1.2.8 Configuration > System Management > Load Balancing

1.3 Configuration > User Management

1.3.1 Configuration > User Management > Base Group

1.3.2 Configuration > User Management > Groups

1.3.3 Configuration > User Management > Users

1.4 Configuration > Policy Management

1.4.1 Configuration > Policy Management > Access Hours

1.4.2 Configuration > Policy Management > Traffic Management

1.4.3 Configuration > Policy Management > Group Matching

1.5 Configuration > Tunneling and Security

1.5.1 Configuration > Tunneling and Security > PPTP

1.5.2 Configuration > Tunneling and Security > L2TP

1.5.3 Configuration > Tunneling and Security > IPSec

1.5.4 Configuration > Tunneling and Security > SSH

1.5.5 Configuration > Tunneling and Security > SSL

1.5.6 Configuration > Tunneling and Security > WebVPN

2 Administration

2.1 Administration > Administer Sessions

2.2 Administration > Software Update

2.2.2 Administration > Software Update > Clients

2.3 Administration > System Reboot

2.3.2 Administration > System Reboot > Schedule Reboot

2.3.3 Administration > System Reboot > Schedule Shutdown

2.4 Administration > Reboot Status

2.7 Administration > Access Rights

2.7.1 Administration > Access Rights > Administrators

2.7.2 Administration > Access Rights > Access Control List

2.7.3 Administration > Access Rights > Access Settings

2.7.4 Administration > Access Rights > Admin AAA Servers

2.8 Administration > File Management

2.8.6 Administration > File Management > Swap Configuration File

2.9 Administration > Certificate Management

2.9.1 Administration > Certificate Management > Enrollment

2.9.2 Administration > Certificate Management > Installation

2.9.3 Administration > Certificate Management > Certificate Authorities

2.9.4 Administration > Certificate Management > Identity Certificates

2.9.5 Administration > Certificate Management > SSL Certificate

2.9.6 Administration > Certificate Management > Enrollment Status

2.9.7 Administration > Certificate Management > SSH Host Key

3 Monitoring

3.1 Monitoring > Routing Table

3.2 Monitoring > Event Log

3.2.2 Monitoring > Event Log > View Event Log

3.3 Monitoring > System Status

3.3.2 Monitoring > System Status > View Card Status

3.3.3 Monitoring > System Status > View LED Status

3.3.4 (3.3.3 on Model 3005) Monitoring > System Status > View Memory Status

3.4 Monitoring > Sessions

3.4.1 Monitoring > Sessions > View Session Statistics

3.4.2 Monitoring > Sessions > View Top Ten Lists

3.4.3 Monitoring > Sessions > View Session Protocols

3.4.4 View Session SEPS

3.4.4 (3.4.5 on Models 3015-3080) Monitoring > Sessions > View Session Encryption

3.4.5 (3.4.6 on Models 3015-3080) Monitoring > Sessions > Filter Sessions on Group

3.5 Monitoring > General Statistics

3.5.1 Monitoring > General Statistics > Protocol Statistics

3.5.2 Monitoring > General Statistics > Server Statistics

3.5.3 Monitoring > General Statistics > Event Statistics

3.5.4 Monitoring > General Statistics > MIB II Statistics

3.6 Monitoring > Dynamic IPSec Filters

Using the Command-Line Interface

The VPN 3000 Concentrator Series Command-Line Interface (CLI) is a menu- and command-line-based configuration, administration, and monitoring system built into the VPN Concentrator. You use it via the system console, an SSH session, or Telnet (including SSL Telnet).

You can use the CLI to completely manage the system. You can access and configure the same parameters as the HTML-based VPN 3000 Concentrator Series Manager, except for IPSec LAN-to-LAN configuration.

Note LAN-to-LAN configuration is not supported via the CLI. New features in Release 4.7 are not supported via the CLI.

Note Certificate upload is available only via SSH.

This chapter describes general features of the CLI and how to access and use it. It does not describe the individual menu items and parameter entries. For information on specific parameters and options, see the corresponding section of the VPN Concentrator Manager in the VPN 3000 Series Concentrator Reference. For example, to understand Ethernet interface configuration parameters and choices, see Configuration | Interfaces | Ethernet in the "Interfaces" chapter of VPN 3000 Series Concentrator Reference Volume I: Configuration.

Accessing the CLI

You can access the CLI in three ways:

•Via the system console.

•Via a Telnet (or Telnet over SSL) client.

•Via SSH.

Console Access

To access the CLI via console:

Step 1 Connect a PC to the VPN Concentrator via a straight-through RS-232 serial cable (which Cisco supplies with the system) between the Console port on the VPN Concentrator and the serial port on the PC. For more information, see the VPN Concentrator Getting Started manual.

Step 2 Start a terminal emulator (e.g., HyperTerminal) on the PC. Configure a connection to COM1 with port settings of:

•Bits per second = 9600.

•Data bits= 8.

•Parity = None.

•Stop bit = 1.

•Flow control = None.

Step 3 Set the emulator for VT100 emulation, or let it auto-detect the emulation type.

Step 4 Press Enter on the PC keyboard until you see the login prompt. (You might see a password prompt and error messages as you press Enter; ignore them and stop at the login prompt.)
Login: _
Telnet Access

To access the CLI via a Telnet client:

Step 1 Enable the Telnet server on the VPN Concentrator. (It is enabled by default.) See the Configuration | System | Management Protocols | Telnet screen on the VPN Concentrator Manager.

Step 2 Start the Telnet client, and connect to the remote system using these parameters:

•Host Name or Session Name = The IP address on the VPN Concentrator Ethernet 1 (Private) interface; for example, 10.10.147.2

•Port = Telnet (The default Telnet port is 23.)

•Terminal Type = VT100 or ANSI

Step 3 The VPN Concentrator displays a login prompt:
Login: _
SSH Access

To access the CLI via an SSH client:

Step 1 Enable the SSH server on the VPN Concentrator. (It is enabled by default.) See the Configuration | System | Management Protocols | SSH screen on the VPN Concentrator Manager.

Step 2 Start the SSH client, and connect to the remote system using these parameters:

•Host Name or Session Name = The IP address on the VPN Concentrator Ethernet 1 (Private) interface; for example, 10.10.147.2

•Port = SSH (The default SSH port is 22.)

•Terminal Type = VT100 or ANSI

•User name = admin

Step 3 A security warning might appear stating: "There is no entry for this server in your list of know hosts." If this warning appears, continue.

Step 4 Enter your administrative password, and connect to the VPN Concentrator. When your connection is established, you are already logged in.

Starting the CLI

You start the CLI by logging in.

CLI login usernames and passwords for console, Telnet, and SSH access are the same as those configured and enabled for administrators. See the Administration | Access Rights | Administrators screen. By default, only admin is enabled.

This example uses the factory-supplied default admin login and password. If you have changed them, use your entries.

At the prompts, enter the administrator login name and password. Entries are case-sensitive. (The CLI does not show your password entry.)
Login: admin
Password: admin 
The CLI displays the opening welcome message, the main menu, and the Main -> prompt:
                 Welcome to
                Cisco Systems
        VPN 3000 Concentrator Series
           Command Line Interface
Copyright (C) 1998-2004 Cisco Systems, Inc.
1) Configuration
2) Administration
3) Monitoring
4) Save changes to Config file
5) Help Information
6) Exit
Main -> _
Using the CLI

This section explains how to:

•Choose menu items.

•Enter values for parameters and options.

•Specify configured items by number or name.

•Navigate quickly—using shortcuts—through the menus.

•Display a brief help message.

•Save entries to the system configuration file.

•Stop the CLI.

•Understand CLI administrator access rights.

The CLI displays menus or prompts at every level to guide you in choosing configurable options and setting parameters. The prompt always shows the menu context.

Choosing Menu Items

To use the CLI, enter a number at the prompt that corresponds to the desired menu item, and press Enter.

For example, this is the Configuration > System Management> General Config> System Identification menu:
1) Set System Name
2) Set Contact
3) Set Location
4) Back
General -> _
Enter 1 to set the system name.

Entering Values

The CLI shows any current or default value for a parameter in brackets [ ]. To change the value, enter a new value at the prompt. To leave the value unchanged, just press Enter.

Continuing the example above, this is the prompt to enter a value for the system name:
> Host Name
General -> [ Lab VPN ] _
You can enter a new name at the prompt, or just press Enter to keep the current name.

Specifying Configured Items

Many menus give choices that act on configured items—such as groups, users, filter rules, etc.—and the CLI lists those items with a number and their name. To specify an item, you can usually enter either its number or its name. The CLI indicates when you must use a specific identifier (usually the item's number).

For example, the Configuration > User Management > Groups menu lists configured groups:
Current User Groups
---------------------------------------------------------------
| 1. QuickGroup                        | 2. IPSecGroup 
---------------------------------------------------------------
1) Add a Group
2) Modify a Group
3) Delete a Group
4) Back
Groups -> _
To delete QuickGroup, enter 3 at the prompt. The CLI displays:
> Enter the Group to Delete
Groups -> _
At the prompt you can enter either its number (1) or its name (QuickGroup).

However, this next example shows the prompt for a specific identifier. The Configuration > System Management > Servers > Authentication Servers menu lists configured servers:
Authentication Server Summary Table
Num |        Server       |        Type         |    Port
-------------------------------------------------------------
  1 |          Internal   |      Internal       |        0
  2 |     192.168.34.56   |        RADIUS       |        0
-------------------------------------------------------------
1) Add Authentication Server
2) Modify Authentication Server
3) Delete Authentication Server
4) Move Server Up
5) Move Server Down
6) Test Server
7) Back
Authentication -> _
To delete the RADIUS server, enter 3 at the prompt. The CLI displays:
> Delete Server (number)
Authentication -> _
At the prompt, you must enter 2 for the RADIUS server.

Navigating Quickly through the CLI

There are two ways to move quickly through the CLI: shortcut numbers, and the Back/Home options. Both ways work only when you are at a menu, not when you are at a value entry.

Using Shortcut Numbers

Once you become familiar with the structure of the CLI—which parallels the HTML-based VPN Concentrator Manager—you can quickly access any level by entering a series of numbers separated by periods. For example, suppose you want to change the General Parameters for the Base Group. The series of menus that gets to that level from the main menu is:
1) Configuration
2) Administration
3) Monitoring
4) Save changes to Config file
5) Help Information
6) Exit
Main -> 1 (Configuration)
1) Interface Configuration
2) System Management
3) User Management
4) Policy Management
5) Tunneling and Security
6) Back
Config -> 3 (User Management)
1) Base Group
2) Groups
3) Users
4) Back
User Management -> 1 (Base Group)
1) General Parameters
2) Server Parameters
3) IPSec Parameters
4) VPN Client Firewall Parameters
5) Hardware Client Parameters
6) PPTP/L2TP Parameters
7) WebVPN Parameters
8) Back
Base Group -> 1 (General Parameters)
1) Access Parameters
2) Tunneling Protocols
3) SEP Config
4) Set DHCP Network Scope
5) Back
Base Group -> _
As a shortcut, you can just enter 1.3.1.1 at the Main-> prompt, and move directly to the Base Group General Parameters menu:
1) Configuration
2) Administration
3) Monitoring
4) Save changes to Config file
5) Help Information
6) Exit
Main -> 1.3.1.1
1) Access Parameters
2) Tunneling Protocols
3) SEP Config
4) Set DHCP Network Scope
5) Back
Base Group -> _
The prompt always shows the current context in the menu structure.

Using Back and Home

Most menus include a numbered Back choice. Instead of entering a number, you can just enter b or B to move back to the previous menu.

Also, at any menu level, you can just enter h or H to move home to the main menu.

Getting Help Information

To display a brief help message, enter 5 at the main menu prompt. The CLI explains how to navigate through menus and enter values. This help message is available only at the main menu.
Cisco Systems. Help information for the Command Line Interface
From any menu except the Main menu.
-- 'B' or 'b' for Back to previous menu.
-- 'H' or 'h' for Home back to the main menu.
For Data entry
-- Current values are in '[ ]'s. Just hit 'Enter' to accept value.
1) View Help Again
2) Back
Help -> _
To return to the main menu from this help menu, enter h (for home), or 2 or b (for back) at the prompt.

Saving the Configuration File

Configuration and administration entries take effect immediately and are included in the active, or running, configuration. However, if you reboot the VPN Concentrator without saving the active configuration, you lose all changes.

To save changes to the system configuration (CONFIG) file, navigate to the main menu. At the prompt, enter 4 for Save changes to Config file.
1) Configuration
2) Administration
3) Monitoring
4) Save changes to Config file
5) Help Information
6) Exit
Main -> 4
The system writes the active configuration to the CONFIG file and redisplays the main menu.

Stopping the CLI

To stop the CLI, navigate to the main menu and enter 6 for Exit at the prompt:
1) Configuration
2) Administration
3) Monitoring
4) Save changes to Config file
5) Help Information
6) Exit
Main -> 6
Done
Make sure you save any configuration changes before you exit from the CLI.

Understanding CLI Access Rights

What you see and can configure with the CLI depends on administrator access rights. If you don't have permission to configure an option, you see the designation "-)" (rather than a number) in menus.

For example, here is the main menu for the default User administrator:
-) Configuration
-) Administration
3) Monitoring
-) Save changes to Config file
5) Help Information
6) Exit
Main -> _
The default user administrator can only monitor the VPN Concentrator, not configure system parameters or administer the system.

See the "Administrators" section for more information.

CLI Menu Reference

This section of the documentation shows all the menus in the first three levels below the CLI main menu. (There are many additional menus below the third level; and within the first three levels, there are some non-menu parameter settings. To keep this chapter at a reasonable size, we show only the menus here.)

The numbers in each heading are the keyboard shortcut to reach that menu from the main menu. For example, entering 1.3.1 at the main menu prompt takes you to the Configuration > User Management> Base Group menu.

Note The CLI menus and options—and thus the keyboard shortcuts—may change with new software versions. Please check familiar shortcuts carefully when using a new release.

Note Models 3015-3080 have more interfaces than the Model 3005. They also have additional SEP capacity. Therefore, CLI menu shortcuts differ by model where they involve interface and expansion card selections. We note some differences here, but please note carefully the system you are using.

Main Menu
1) Configuration
2) Administration
3) Monitoring
4) Save changes to Config file
5) Help Information
6) Exit
Main -> _
1 Configuration
1) Interface Configuration
2) System Management
3) User Management
4) Policy Management
5) Tunneling and Security
6) Back
Config -> _
1.1 Configuration > Interface Configuration
This table shows current IP addresses.
.
.
.
Note The following menu appears on models 3015-3080 only.
1) Configure Ethernet #1 (Private)
2) Configure Ethernet #2 (Public)
3) Configure Ethernet #3 (External)
4) Configure Power Supplies
5) Back
Interfaces -> _
Note The following menu appears on model 3005 only.
1) Configure Ethernet #1 (Private)
2) Configure Ethernet #2 (Public)
3) Configure Power Supplies
4) Back
Interfaces -> _
1.1.1, 1.1.2, or 1.1.3 Configuration > Interface Configuration > Configure Ethernet #1 or #2 or #3

Note The Configuration > Interface Configuration > Configure Ethernet #3 menu appears only on models 3015-3080. It does not appear on model 3005.
1) Interface Setting (Disable, DHCP or Static IP)
2) Set Public Interface
3) Select IP Filter
4) Select Ethernet Speed
5) Select Duplex
6) Set MTU
7) Set Port Routing Config
8) Set Bandwidth Management
9) Set Public Interface IPSec Fragmentation Policy
10) Set Interface WebVPN Parameters
11) Back
Ethernet Interface 1 -> _
1.1.3 Configuration > Interface Configuration > Configure Power Supplies

Note The following menu appears on model 3005 only.
Alarm Thresholds in centivolts (e.g. 361 = 3.61V)
Voltages will be adjusted to conform to the hardware.
1) Configure CPU voltage thresholds
2) Configure Board voltage thresholds
3) Back
Interfaces -> _
1.1.4 Configuration > Interface Configuration > Configure Power Supplies

Note The following menu appears on models 3015-3080 only.
Alarm Thresholds in centivolts (e.g. 361 = 3.61V)
Voltages will be adjusted to conform to the hardware.
1) Configure CPU voltage thresholds
2) Configure Power Supply 1 voltage thresholds
3) Configure Power Supply 2 voltage thresholds
4) Configure Board voltage thresholds
5) Back
Interfaces -> _
1.2 Configuration > System Management
1) Servers (Authentication, Authorization, Accounting, DNS, DHCP, etc.)
2) Address Management
3) IP Routing (static routes, OSPF, etc.)
4) Management Protocols (Telnet, TFTP, FTP, etc.)
5) Event Configuration
6) General Config (system name, time, etc.)
7) Client Update
8) Load Balancing Configuration
9) Back
System -> _
1.2.1 Configuration > System Management > Servers
1) Authentication Servers
2) Authorization Servers
3) Accounting Servers
4) DNS Servers
5) DHCP Servers
6) Firewall Servers
7) NTP Servers
8) NBNS Servers
9) Back
Servers -> _
1.2.2 Configuration > System Management > Address Management
1) Address Assignment
2) Address Pools
3) Back
Address -> _
1.2.3 Configuration > System Management > IP Routing
1) Static Routes
2) Default Gateways
3) OSPF
4) OSPF Areas
5) DHCP Parameters
6) Redundancy
7) Reverse Route Injection
8) DHCP Relay
9) Back
Routing -> _
1.2.4 Configuration > System Management > Management Protocols
1) Configure FTP
2) Configure HTTP
3) Configure TFTP
4) Configure Telnet
5) Configure SNMP
6) Configure SNMP Community Strings
7) Configure XML
8) Back
Network -> _
1.2.5 Configuration > System Management > Event Configuration
1) General
2) FTP Backup
3) Classes
4) Trap Destinations
5) Syslog Servers
6) SMTP Servers
7) E-mail Recipients
8) Back
Event -> _
1.2.6 Configuration > System Management > General Config
1) System Identification
2) System Time and Date
3) Session Configuration
4) Global Authentication Parameters
5) Back
General -> _
1.2.7 Configuration > System Management > Client Update
1) Client Update Enable
2) Client Update Entries
3) Back
Client Update -> _
1.2.8 Configuration > System Management > Load Balancing
1) Cluster Configuration
2) Device Configuration
3) Back
Load Balancing -> _
1.3 Configuration > User Management
1) Base Group
2) Groups
3) Users
4) Back
User Management -> _
1.3.1 Configuration > User Management > Base Group
1) General Parameters
2) Server Parameters
3) IPSec Parameters
4) VPN Client Firewall Parameters
5) Hardware Client Parameters
6) PPTP/L2TP Parameters
7) WebVPN Parameters
8) Back
Base Group -> _
1.3.2 Configuration > User Management > Groups
Current User Groups
.
.
.
1) Add a Group
2) Modify a Group
3) Delete a Group
4) Back
Groups -> _
1.3.3 Configuration > User Management > Users
Current Users
.
.
.
1) Add a User
2) Modify a User
3) Delete a User
4) Back
Users -> _
1.4 Configuration > Policy Management
1) Access Hours
2) Traffic Management
3) Group Matching
4) Back
Policy -> _
1.4.1 Configuration > Policy Management > Access Hours
Current Access Hours
.
.
.
1) Add Access Hours
2) Modify Access Hours
3) Delete Access Hours
4) Back
Access Hours -> _
1.4.2 Configuration > Policy Management > Traffic Management
1) Network Lists
2) Rules
3) Security Associations (SAs)
4) Filters
5) Network Address Translation (NAT) Rules
6) Bandwidth Policies
7) Back
Traffic -> _
1.4.3 Configuration > Policy Management > Group Matching
1) Rules
2) Matching Policy
3) Back
Certificate Group Matching ->_
1.5 Configuration > Tunneling and Security
1) PPTP
2) L2TP
3) IPSec
4) SSH
5) SSL
6) WebVPN
7) Back
Tunneling and Security ->_
1.5.1 Configuration > Tunneling and Security > PPTP
1) Enable/Disable PPTP
2) Configure PPTP Tunnel Parameters
3) Configure PPTP Time/Delay Parameters
4) Back
PPTP ->_
1.5.2 Configuration > Tunneling and Security > L2TP
1) Enable/Disable L2TP
2) Configure L2TP Control Parameters
3) Configure L2TP Tunnel Parameters
4) Configure Additional L2TP Parameters
5) Back
L2TP ->_
1.5.3 Configuration > Tunneling and Security > IPSec
1) IKE Proposals
2) NAT Transparency
3) Alerts (System Reboot, Idle Timeout, Administrator Cut-off, etc.)
4) Back
IPSec ->_
1.5.4 Configuration > Tunneling and Security > SSH
1) Enable/Disable SSH
2) Set SSH Port Number
3) Set the Number of SSH Sessions Allowed
4) Set SSH Encryption
5) Set SSH Server Key Regeneration
6) Enable/Disable SCP
7) Back
SSH ->_
1.5.5 Configuration > Tunneling and Security > SSL
1) HTTPS
2) Encryption
3) Back
SSL ->_
1.5.6 Configuration > Tunneling and Security > WebVPN
1) HTTPS Proxy
2) Home Page
3) Logo
4) Servers and URLs
5) E-mail Proxy
6) Port Forwarding
7) Back
WebVPN ->_
2 Administration
1) Administer Sessions
2) Software Update
3) System Reboot
4) Reboot Status
5) Ping
6) Traceroute
7) Access Rights
8) File Management
9) Certificate Management
10) Back
Admin -> _
2.1 Administration > Administer Sessions
Active Sessions
.
.
.
1) Refresh Session Statistics
2) Reset Session Statistics
3) Restore Session Statistics
4) Logoff Sessions
5) Session Details
6) Filter Sessions on Group
7) Back
Admin -> _
2.2 Administration > Software Update
1) Concentrator
2) Clients
3) Bootloader
4) Back
Admin -> _
2.2.2 Administration > Software Update > Clients
1) Update a Group
2) Back
Admin ->_
2.3 Administration > System Reboot
1) Cancel Scheduled Reboot/Shutdown
2) Schedule Reboot
3) Schedule Shutdown
4) Back
Admin -> _
2.3.2 Administration > System Reboot > Schedule Reboot
1) Save active Configuration and use it at Reboot
2) Reboot without saving active Configuration file
3) Reboot ignoring the Configuration file
4) Back
Admin -> _
2.3.3 Administration > System Reboot > Schedule Shutdown
1) Save active configuration and use it at next reboot
2) Shutdown without saving active Configuration file
3) Shutdown, ignoring the Configuration file at next reboot
4) Back
Admin -> _
2.4 Administration > Reboot Status
Reboot Status
-------------
No reboot is scheduled.
1) Refresh Reboot Status
2) Skip Notifications/Reboot Now
3) Logout
4) Back
Admin -->
2.7 Administration > Access Rights
1) Administrators
2) Access Control List
3) Access Settings
4) Admin AAA Servers
5) Back
Admin -> _
2.7.1 Administration > Access Rights > Administrators
Administrative Users
.
.
.
1) Modify Administrator
2) Back
Admin -> _
2.7.2 Administration > Access Rights > Access Control List
This is the Current Access List
.
.
.
1) Add Manager Workstation
2) Modify Manager Workstation
3) Delete Manager Workstation
4) Move Manager Workstation Up
5) Move Manager Workstation Down
6) Back
Admin -> _
2.7.3 Administration > Access Rights > Access Settings
1) Set Session Timeout
2) Set Session Limit
3) Set Config File Encryption
4) Zeroize/Regenerate DES Config File Encryption Key
5) Back
Admin -> _
2.7.4 Administration > Access Rights > Admin AAA Servers
1) Authentication Servers
2) Back
Admin -> _

2.8 Administration > File Management
List of Files
.
.
.
1) Delete File
2) Copy File
3) View File
4) Put File via TFTP
5) Get File via TFTP
6) Swap Config Files
7) Export XML File
8) Import XML File
9) Back
File -> _
2.8.6 Administration > File Management > Swap Configuration File
Every time the active configuration is saved,...
.
.
.
1) Swap
2) Back
Admin -> _
2.9 Administration > Certificate Management
1) Enrollment
2) Installation
3) Certificate Authorities
4) Identity Certificates
5) SSL Certificates
6) Enrollment Status
7) SSH Host Key
8) Back
Certificates -> _
2.9.1 Administration > Certificate Management > Enrollment
1) Identity Certificate Enrollment
2) SSL Certificate Enrollment
3) Back
Certificates ->
2.9.2 Administration > Certificate Management > Installation
1) Install CA Certificate
2) Install SSL Certificate with private key
3) Install Certificate obtained via enrollment
4) Back
Certificates -> _
2.9.3 Administration > Certificate Management > Certificate Authorities
Certificate Authorities
.
.
.
1) View Certificate
2) Delete Certificate
3) Configure Certificate
4) View CRL Cache
5) Clear CRL Cache
6) Back
Certificates -> _
2.9.4 Administration > Certificate Management > Identity Certificates
Identity Certificates
.
.
.
1) View Certificate
2) Delete Certificate
3) Renew Certificate
4) Back
Certificates -> _
2.9.5 Administration > Certificate Management > SSL Certificate
Subject
.
.
.
1) Private SSL Certificate
2) Public SSL Certificate
3) External SSL Certificate
4) Load Balancing SSL Certificate
5) Back
Certificates ->
2.9.6 Administration > Certificate Management > Enrollment Status
Enrollment Requests
1) View Enrollment Request
2) Install/Activate Enrollment Request
3) Resubmit Enrollment Request
4) Delete/Cancel Enrollment Request
5) Back
Certificates ->
2.9.7 Administration > Certificate Management > SSH Host Key
SSH Host Key...
1) Generate SSH Host Key
2) Back
3 Monitoring
1) Routing Table
2) Event Log
3) System Status
4) Sessions
5) General Statistics
6) Dynamic IPSec Filters
7) Back
Monitor -> _
3.1 Monitoring > Routing Table
Routing Table
.
.
.
1) Refresh Routing Table
2) Clear Routing Table
3) Back
Routing -> _
3.2 Monitoring > Event Log
1) Configure Log viewing parameters
2) View Event Log
3) Save Log
4) Clear Log
5) Back
Log -> _
3.2.2 Monitoring > Event Log > View Event Log
[Event Log entries]
.
.
.
1) First Page
2) Previous Page
3) Next Page
4) Last Page
5) Back
Log -> _
3.3 Monitoring > System Status

Note The following menu appears on models 3015-3080 only.
System Status
.
.
.
1) Refresh System Status
2) View Card Status
3) View LED Status
4) View Memory Status
5) Back
Status -> _
Note The following menu appears on model 3005 only.
System Status
.
.
.
1) Refresh System Status
2) View Card Status
3) View Memory Status
4) Back
Status ->
3.3.2 Monitoring > System Status > View Card Status

Note The following menu appears on models 3015-3080 only.
1) Card in Slot 1
2) Card in Slot 2
3) Card in Slot 3
4) Card in Slot 4
5) Back
Card Status -> _
Note The following menu appears on model 3005 only.
1) Card in Slot 1
2) Back
Card Status -> _
3.3.3 Monitoring > System Status > View LED Status

Note The following menu appears on models 3015-3080 only.
LED Status
.
.
.
1) Refresh LED Status
2) Back
LED Status ->_
3.3.4 (3.3.3 on Model 3005) Monitoring > System Status > View Memory Status
System Memory Summary
.
.
.
1) Refresh Memory Status
2) Detailed Memory Report
3) Back
3.4 Monitoring > Sessions

Note The following menu appears on models 3015-3080 only.
1) View Session Statistics
2) View Top Ten Lists
3) View Session Protocols
4) View Session SEPs
5) View Session Encryption
6) Filter Sessions on Group
7) Back
Sessions -> _
Note The following menu appears on model 3005 only.
1) View Session Statistics
2) View Top Ten Lists
3) View Session Protocols
4) View Session Encryption
5) Filter Sessions on Group
6) Back
Sessions -> _
3.4.1 Monitoring > Sessions > View Session Statistics
Active Sessions
.
.
.
1) Refresh Session Statistics
2) Reset Session Statistics
3) Restore Session Statistics
4) Session Details
5) Back
Sessions -> _
3.4.2 Monitoring > Sessions > View Top Ten Lists
1) Top 10 Users based on Data
2) Top 10 Users based on Duration
3) Top 10 Users based on Throughput
4) Back
Sessions -> _
3.4.3 Monitoring > Sessions > View Session Protocols
Session Protocols
.
.
.
1) Refresh Session Protocols
2) Back
Sessions -> _
3.4.4 View Session SEPS

Note The following menu appears on models 3015-3080 only.
Session SEPs
.
.
.
1) Refresh Session SEPs
2) Back
Session ->
3.4.4 (3.4.5 on Models 3015-3080) Monitoring > Sessions > View Session Encryption
Session Encryption
.
.
.
1) Refresh Session Encryption
2) Back
Sessions -> _
3.4.5 (3.4.6 on Models 3015-3080) Monitoring > Sessions > Filter Sessions on Group
Current User Groups
.
.
.
> Group to view (-1 for All Groups, 0 for Base Group)
Sessions ->
3.5 Monitoring > General Statistics
1) Protocol Statistics
2) Server Statistics
3) Event Statistics
4) MIB II Statistics
5) Back
General -> _
3.5.1 Monitoring > General Statistics > Protocol Statistics
1) PPTP Statistics
2) L2TP Statistics
3) IPSec Statistics
4) HTTP Statistics
5) Telnet Statistics
6) DNS Statistics
7) VRRP Statistics
8) SSL Statistics
9) SSH Statistics
10) NAT Statistics
11) Back
General -> _
3.5.2 Monitoring > General Statistics > Server Statistics
1) Authentication Statistics
2) Authorization Statistics
3) Accounting Statistics
4) Filtering Statistics
5) DHCP Statistics
6) Address Pool Statistics
7) Load Balancing Statistics
8) Compression Statistics
9) Admin AAA Authentication Statistics
10) Bandwidth Management Statistics
11) Back
General -> _
3.5.3 Monitoring > General Statistics > Event Statistics
Event Statistics
.
.
.
1) Refresh Event Statistics
2) Reset Event Statistics
3) Restore Event Statistics
4) Back
General -> _
3.5.4 Monitoring > General Statistics > MIB II Statistics
1) Interface-based
2) System-level
3) Back
MIB2 -> _
3.6 Monitoring > Dynamic IPSec Filters
Current Dynamic Filters
.
.
.
1) View Dynamic IPSec Filter Rules
2) Back
Dynamic IPSec Filters ->

	VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release 4.7
	Using the Comand-Line Interface
VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release 4.7 A PDF Version of the Entire Book Preface Administration Administer Sessions Software Update System Reboot Reboot Status Ping Traceroute Monitoring Refresh Access Rights File Management Certificate Management Monitoring Routing Table Dynamic Filters Filterable Event Log System Status Sessions Statistics Using the Comand-Line Interface Troubleshooting and System Errors Copyrights, Licenses, and Notices Index	Download this chapter Using the Comand-Line Interface Table Of Contents Using the Command-Line Interface Accessing the CLI Console Access Telnet Access SSH Access Starting the CLI Using the CLI Choosing Menu Items Entering Values Specifying Configured Items Navigating Quickly through the CLI Using Shortcut Numbers Using Back and Home Getting Help Information Saving the Configuration File Stopping the CLI Understanding CLI Access Rights CLI Menu Reference Main Menu 1 Configuration 1.1 Configuration > Interface Configuration 1.1.1, 1.1.2, or 1.1.3 Configuration > Interface Configuration > Configure Ethernet #1 or #2 or #3 1.1.3 Configuration > Interface Configuration > Configure Power Supplies 1.1.4 Configuration > Interface Configuration > Configure Power Supplies 1.2 Configuration > System Management 1.2.1 Configuration > System Management > Servers 1.2.2 Configuration > System Management > Address Management 1.2.3 Configuration > System Management > IP Routing 1.2.4 Configuration > System Management > Management Protocols 1.2.5 Configuration > System Management > Event Configuration 1.2.6 Configuration > System Management > General Config 1.2.7 Configuration > System Management > Client Update 1.2.8 Configuration > System Management > Load Balancing 1.3 Configuration > User Management 1.3.1 Configuration > User Management > Base Group 1.3.2 Configuration > User Management > Groups 1.3.3 Configuration > User Management > Users 1.4 Configuration > Policy Management 1.4.1 Configuration > Policy Management > Access Hours 1.4.2 Configuration > Policy Management > Traffic Management 1.4.3 Configuration > Policy Management > Group Matching 1.5 Configuration > Tunneling and Security 1.5.1 Configuration > Tunneling and Security > PPTP 1.5.2 Configuration > Tunneling and Security > L2TP 1.5.3 Configuration > Tunneling and Security > IPSec 1.5.4 Configuration > Tunneling and Security > SSH 1.5.5 Configuration > Tunneling and Security > SSL 1.5.6 Configuration > Tunneling and Security > WebVPN 2 Administration 2.1 Administration > Administer Sessions 2.2 Administration > Software Update 2.2.2 Administration > Software Update > Clients 2.3 Administration > System Reboot 2.3.2 Administration > System Reboot > Schedule Reboot 2.3.3 Administration > System Reboot > Schedule Shutdown 2.4 Administration > Reboot Status 2.7 Administration > Access Rights 2.7.1 Administration > Access Rights > Administrators 2.7.2 Administration > Access Rights > Access Control List 2.7.3 Administration > Access Rights > Access Settings 2.7.4 Administration > Access Rights > Admin AAA Servers 2.8 Administration > File Management 2.8.6 Administration > File Management > Swap Configuration File 2.9 Administration > Certificate Management 2.9.1 Administration > Certificate Management > Enrollment 2.9.2 Administration > Certificate Management > Installation 2.9.3 Administration > Certificate Management > Certificate Authorities 2.9.4 Administration > Certificate Management > Identity Certificates 2.9.5 Administration > Certificate Management > SSL Certificate 2.9.6 Administration > Certificate Management > Enrollment Status 2.9.7 Administration > Certificate Management > SSH Host Key 3 Monitoring 3.1 Monitoring > Routing Table 3.2 Monitoring > Event Log 3.2.2 Monitoring > Event Log > View Event Log 3.3 Monitoring > System Status 3.3.2 Monitoring > System Status > View Card Status 3.3.3 Monitoring > System Status > View LED Status 3.3.4 (3.3.3 on Model 3005) Monitoring > System Status > View Memory Status 3.4 Monitoring > Sessions 3.4.1 Monitoring > Sessions > View Session Statistics 3.4.2 Monitoring > Sessions > View Top Ten Lists 3.4.3 Monitoring > Sessions > View Session Protocols 3.4.4 View Session SEPS 3.4.4 (3.4.5 on Models 3015-3080) Monitoring > Sessions > View Session Encryption 3.4.5 (3.4.6 on Models 3015-3080) Monitoring > Sessions > Filter Sessions on Group 3.5 Monitoring > General Statistics 3.5.1 Monitoring > General Statistics > Protocol Statistics 3.5.2 Monitoring > General Statistics > Server Statistics 3.5.3 Monitoring > General Statistics > Event Statistics 3.5.4 Monitoring > General Statistics > MIB II Statistics 3.6 Monitoring > Dynamic IPSec Filters Using the Command-Line Interface The VPN 3000 Concentrator Series Command-Line Interface (CLI) is a menu- and command-line-based configuration, administration, and monitoring system built into the VPN Concentrator. You use it via the system console, an SSH session, or Telnet (including SSL Telnet). You can use the CLI to completely manage the system. You can access and configure the same parameters as the HTML-based VPN 3000 Concentrator Series Manager, except for IPSec LAN-to-LAN configuration. Note LAN-to-LAN configuration is not supported via the CLI. New features in Release 4.7 are not supported via the CLI. Note Certificate upload is available only via SSH. This chapter describes general features of the CLI and how to access and use it. It does not describe the individual menu items and parameter entries. For information on specific parameters and options, see the corresponding section of the VPN Concentrator Manager in the VPN 3000 Series Concentrator Reference. For example, to understand Ethernet interface configuration parameters and choices, see Configuration \| Interfaces \| Ethernet in the "Interfaces" chapter of VPN 3000 Series Concentrator Reference Volume I: Configuration. Accessing the CLI You can access the CLI in three ways: •Via the system console. •Via a Telnet (or Telnet over SSL) client. •Via SSH. Console Access To access the CLI via console: Step 1 Connect a PC to the VPN Concentrator via a straight-through RS-232 serial cable (which Cisco supplies with the system) between the Console port on the VPN Concentrator and the serial port on the PC. For more information, see the VPN Concentrator Getting Started manual. Step 2 Start a terminal emulator (e.g., HyperTerminal) on the PC. Configure a connection to COM1 with port settings of: •Bits per second = 9600. •Data bits= 8. •Parity = None. •Stop bit = 1. •Flow control = None. Step 3 Set the emulator for VT100 emulation, or let it auto-detect the emulation type. Step 4 Press Enter on the PC keyboard until you see the login prompt. (You might see a password prompt and error messages as you press Enter; ignore them and stop at the login prompt.) Login: _ Telnet Access To access the CLI via a Telnet client: Step 1 Enable the Telnet server on the VPN Concentrator. (It is enabled by default.) See the Configuration \| System \| Management Protocols \| Telnet screen on the VPN Concentrator Manager. Step 2 Start the Telnet client, and connect to the remote system using these parameters: •Host Name or Session Name = The IP address on the VPN Concentrator Ethernet 1 (Private) interface; for example, 10.10.147.2 •Port = Telnet (The default Telnet port is 23.) •Terminal Type = VT100 or ANSI Step 3 The VPN Concentrator displays a login prompt: Login: _ SSH Access To access the CLI via an SSH client: Step 1 Enable the SSH server on the VPN Concentrator. (It is enabled by default.) See the Configuration \| System \| Management Protocols \| SSH screen on the VPN Concentrator Manager. Step 2 Start the SSH client, and connect to the remote system using these parameters: •Host Name or Session Name = The IP address on the VPN Concentrator Ethernet 1 (Private) interface; for example, 10.10.147.2 •Port = SSH (The default SSH port is 22.) •Terminal Type = VT100 or ANSI •User name = admin Step 3 A security warning might appear stating: "There is no entry for this server in your list of know hosts." If this warning appears, continue. Step 4 Enter your administrative password, and connect to the VPN Concentrator. When your connection is established, you are already logged in. Starting the CLI You start the CLI by logging in. CLI login usernames and passwords for console, Telnet, and SSH access are the same as those configured and enabled for administrators. See the Administration \| Access Rights \| Administrators screen. By default, only admin is enabled. This example uses the factory-supplied default admin login and password. If you have changed them, use your entries. At the prompts, enter the administrator login name and password. Entries are case-sensitive. (The CLI does not show your password entry.) Login: admin Password: admin The CLI displays the opening welcome message, the main menu, and the Main -> prompt: Welcome to Cisco Systems VPN 3000 Concentrator Series Command Line Interface Copyright (C) 1998-2004 Cisco Systems, Inc. 1) Configuration 2) Administration 3) Monitoring 4) Save changes to Config file 5) Help Information 6) Exit Main -> _ Using the CLI This section explains how to: •Choose menu items. •Enter values for parameters and options. •Specify configured items by number or name. •Navigate quickly—using shortcuts—through the menus. •Display a brief help message. •Save entries to the system configuration file. •Stop the CLI. •Understand CLI administrator access rights. The CLI displays menus or prompts at every level to guide you in choosing configurable options and setting parameters. The prompt always shows the menu context. Choosing Menu Items To use the CLI, enter a number at the prompt that corresponds to the desired menu item, and press Enter. For example, this is the Configuration > System Management> General Config> System Identification menu: 1) Set System Name 2) Set Contact 3) Set Location 4) Back General -> _ Enter 1 to set the system name. Entering Values The CLI shows any current or default value for a parameter in brackets [ ]. To change the value, enter a new value at the prompt. To leave the value unchanged, just press Enter. Continuing the example above, this is the prompt to enter a value for the system name: > Host Name General -> [ Lab VPN ] _ You can enter a new name at the prompt, or just press Enter to keep the current name. Specifying Configured Items Many menus give choices that act on configured items—such as groups, users, filter rules, etc.—and the CLI lists those items with a number and their name. To specify an item, you can usually enter either its number or its name. The CLI indicates when you must use a specific identifier (usually the item's number). For example, the Configuration > User Management > Groups menu lists configured groups: Current User Groups --------------------------------------------------------------- \| 1. QuickGroup \| 2. IPSecGroup --------------------------------------------------------------- 1) Add a Group 2) Modify a Group 3) Delete a Group 4) Back Groups -> _ To delete QuickGroup, enter 3 at the prompt. The CLI displays: > Enter the Group to Delete Groups -> _ At the prompt you can enter either its number (1) or its name (QuickGroup). However, this next example shows the prompt for a specific identifier. The Configuration > System Management > Servers > Authentication Servers menu lists configured servers: Authentication Server Summary Table Num \| Server \| Type \| Port ------------------------------------------------------------- 1 \| Internal \| Internal \| 0 2 \| 192.168.34.56 \| RADIUS \| 0 ------------------------------------------------------------- 1) Add Authentication Server 2) Modify Authentication Server 3) Delete Authentication Server 4) Move Server Up 5) Move Server Down 6) Test Server 7) Back Authentication -> _ To delete the RADIUS server, enter 3 at the prompt. The CLI displays: > Delete Server (number) Authentication -> _ At the prompt, you must enter 2 for the RADIUS server. Navigating Quickly through the CLI There are two ways to move quickly through the CLI: shortcut numbers, and the Back/Home options. Both ways work only when you are at a menu, not when you are at a value entry. Using Shortcut Numbers Once you become familiar with the structure of the CLI—which parallels the HTML-based VPN Concentrator Manager—you can quickly access any level by entering a series of numbers separated by periods. For example, suppose you want to change the General Parameters for the Base Group. The series of menus that gets to that level from the main menu is: 1) Configuration 2) Administration 3) Monitoring 4) Save changes to Config file 5) Help Information 6) Exit Main -> 1 (Configuration) 1) Interface Configuration 2) System Management 3) User Management 4) Policy Management 5) Tunneling and Security 6) Back Config -> 3 (User Management) 1) Base Group 2) Groups 3) Users 4) Back User Management -> 1 (Base Group) 1) General Parameters 2) Server Parameters 3) IPSec Parameters 4) VPN Client Firewall Parameters 5) Hardware Client Parameters 6) PPTP/L2TP Parameters 7) WebVPN Parameters 8) Back Base Group -> 1 (General Parameters) 1) Access Parameters 2) Tunneling Protocols 3) SEP Config 4) Set DHCP Network Scope 5) Back Base Group -> _ As a shortcut, you can just enter 1.3.1.1 at the Main-> prompt, and move directly to the Base Group General Parameters menu: 1) Configuration 2) Administration 3) Monitoring 4) Save changes to Config file 5) Help Information 6) Exit Main -> 1.3.1.1 1) Access Parameters 2) Tunneling Protocols 3) SEP Config 4) Set DHCP Network Scope 5) Back Base Group -> _ The prompt always shows the current context in the menu structure. Using Back and Home Most menus include a numbered Back choice. Instead of entering a number, you can just enter b or B to move back to the previous menu. Also, at any menu level, you can just enter h or H to move home to the main menu. Getting Help Information To display a brief help message, enter 5 at the main menu prompt. The CLI explains how to navigate through menus and enter values. This help message is available only at the main menu. Cisco Systems. Help information for the Command Line Interface From any menu except the Main menu. -- 'B' or 'b' for Back to previous menu. -- 'H' or 'h' for Home back to the main menu. For Data entry -- Current values are in '[ ]'s. Just hit 'Enter' to accept value. 1) View Help Again 2) Back Help -> _ To return to the main menu from this help menu, enter h (for home), or 2 or b (for back) at the prompt. Saving the Configuration File Configuration and administration entries take effect immediately and are included in the active, or running, configuration. However, if you reboot the VPN Concentrator without saving the active configuration, you lose all changes. To save changes to the system configuration (CONFIG) file, navigate to the main menu. At the prompt, enter 4 for Save changes to Config file. 1) Configuration 2) Administration 3) Monitoring 4) Save changes to Config file 5) Help Information 6) Exit Main -> 4 The system writes the active configuration to the CONFIG file and redisplays the main menu. Stopping the CLI To stop the CLI, navigate to the main menu and enter 6 for Exit at the prompt: 1) Configuration 2) Administration 3) Monitoring 4) Save changes to Config file 5) Help Information 6) Exit Main -> 6 Done Make sure you save any configuration changes before you exit from the CLI. Understanding CLI Access Rights What you see and can configure with the CLI depends on administrator access rights. If you don't have permission to configure an option, you see the designation "-)" (rather than a number) in menus. For example, here is the main menu for the default User administrator: -) Configuration -) Administration 3) Monitoring -) Save changes to Config file 5) Help Information 6) Exit Main -> _ The default user administrator can only monitor the VPN Concentrator, not configure system parameters or administer the system. See the "Administrators" section for more information. CLI Menu Reference This section of the documentation shows all the menus in the first three levels below the CLI main menu. (There are many additional menus below the third level; and within the first three levels, there are some non-menu parameter settings. To keep this chapter at a reasonable size, we show only the menus here.) The numbers in each heading are the keyboard shortcut to reach that menu from the main menu. For example, entering 1.3.1 at the main menu prompt takes you to the Configuration > User Management> Base Group menu. Note The CLI menus and options—and thus the keyboard shortcuts—may change with new software versions. Please check familiar shortcuts carefully when using a new release. Note Models 3015-3080 have more interfaces than the Model 3005. They also have additional SEP capacity. Therefore, CLI menu shortcuts differ by model where they involve interface and expansion card selections. We note some differences here, but please note carefully the system you are using. Main Menu 1) Configuration 2) Administration 3) Monitoring 4) Save changes to Config file 5) Help Information 6) Exit Main -> _ 1 Configuration 1) Interface Configuration 2) System Management 3) User Management 4) Policy Management 5) Tunneling and Security 6) Back Config -> _ 1.1 Configuration > Interface Configuration This table shows current IP addresses. . . . Note The following menu appears on models 3015-3080 only. 1) Configure Ethernet #1 (Private) 2) Configure Ethernet #2 (Public) 3) Configure Ethernet #3 (External) 4) Configure Power Supplies 5) Back Interfaces -> _ Note The following menu appears on model 3005 only. 1) Configure Ethernet #1 (Private) 2) Configure Ethernet #2 (Public) 3) Configure Power Supplies 4) Back Interfaces -> _ 1.1.1, 1.1.2, or 1.1.3 Configuration > Interface Configuration > Configure Ethernet #1 or #2 or #3 Note The Configuration > Interface Configuration > Configure Ethernet #3 menu appears only on models 3015-3080. It does not appear on model 3005. 1) Interface Setting (Disable, DHCP or Static IP) 2) Set Public Interface 3) Select IP Filter 4) Select Ethernet Speed 5) Select Duplex 6) Set MTU 7) Set Port Routing Config 8) Set Bandwidth Management 9) Set Public Interface IPSec Fragmentation Policy 10) Set Interface WebVPN Parameters 11) Back Ethernet Interface 1 -> _ 1.1.3 Configuration > Interface Configuration > Configure Power Supplies Note The following menu appears on model 3005 only. Alarm Thresholds in centivolts (e.g. 361 = 3.61V) Voltages will be adjusted to conform to the hardware. 1) Configure CPU voltage thresholds 2) Configure Board voltage thresholds 3) Back Interfaces -> _ 1.1.4 Configuration > Interface Configuration > Configure Power Supplies Note The following menu appears on models 3015-3080 only. Alarm Thresholds in centivolts (e.g. 361 = 3.61V) Voltages will be adjusted to conform to the hardware. 1) Configure CPU voltage thresholds 2) Configure Power Supply 1 voltage thresholds 3) Configure Power Supply 2 voltage thresholds 4) Configure Board voltage thresholds 5) Back Interfaces -> _ 1.2 Configuration > System Management 1) Servers (Authentication, Authorization, Accounting, DNS, DHCP, etc.) 2) Address Management 3) IP Routing (static routes, OSPF, etc.) 4) Management Protocols (Telnet, TFTP, FTP, etc.) 5) Event Configuration 6) General Config (system name, time, etc.) 7) Client Update 8) Load Balancing Configuration 9) Back System -> _ 1.2.1 Configuration > System Management > Servers 1) Authentication Servers 2) Authorization Servers 3) Accounting Servers 4) DNS Servers 5) DHCP Servers 6) Firewall Servers 7) NTP Servers 8) NBNS Servers 9) Back Servers -> _ 1.2.2 Configuration > System Management > Address Management 1) Address Assignment 2) Address Pools 3) Back Address -> _ 1.2.3 Configuration > System Management > IP Routing 1) Static Routes 2) Default Gateways 3) OSPF 4) OSPF Areas 5) DHCP Parameters 6) Redundancy 7) Reverse Route Injection 8) DHCP Relay 9) Back Routing -> _ 1.2.4 Configuration > System Management > Management Protocols 1) Configure FTP 2) Configure HTTP 3) Configure TFTP 4) Configure Telnet 5) Configure SNMP 6) Configure SNMP Community Strings 7) Configure XML 8) Back Network -> _ 1.2.5 Configuration > System Management > Event Configuration 1) General 2) FTP Backup 3) Classes 4) Trap Destinations 5) Syslog Servers 6) SMTP Servers 7) E-mail Recipients 8) Back Event -> _ 1.2.6 Configuration > System Management > General Config 1) System Identification 2) System Time and Date 3) Session Configuration 4) Global Authentication Parameters 5) Back General -> _ 1.2.7 Configuration > System Management > Client Update 1) Client Update Enable 2) Client Update Entries 3) Back Client Update -> _ 1.2.8 Configuration > System Management > Load Balancing 1) Cluster Configuration 2) Device Configuration 3) Back Load Balancing -> _ 1.3 Configuration > User Management 1) Base Group 2) Groups 3) Users 4) Back User Management -> _ 1.3.1 Configuration > User Management > Base Group 1) General Parameters 2) Server Parameters 3) IPSec Parameters 4) VPN Client Firewall Parameters 5) Hardware Client Parameters 6) PPTP/L2TP Parameters 7) WebVPN Parameters 8) Back Base Group -> _ 1.3.2 Configuration > User Management > Groups Current User Groups . . . 1) Add a Group 2) Modify a Group 3) Delete a Group 4) Back Groups -> _ 1.3.3 Configuration > User Management > Users Current Users . . . 1) Add a User 2) Modify a User 3) Delete a User 4) Back Users -> _ 1.4 Configuration > Policy Management 1) Access Hours 2) Traffic Management 3) Group Matching 4) Back Policy -> _ 1.4.1 Configuration > Policy Management > Access Hours Current Access Hours . . . 1) Add Access Hours 2) Modify Access Hours 3) Delete Access Hours 4) Back Access Hours -> _ 1.4.2 Configuration > Policy Management > Traffic Management 1) Network Lists 2) Rules 3) Security Associations (SAs) 4) Filters 5) Network Address Translation (NAT) Rules 6) Bandwidth Policies 7) Back Traffic -> _ 1.4.3 Configuration > Policy Management > Group Matching 1) Rules 2) Matching Policy 3) Back Certificate Group Matching ->_ 1.5 Configuration > Tunneling and Security 1) PPTP 2) L2TP 3) IPSec 4) SSH 5) SSL 6) WebVPN 7) Back Tunneling and Security ->_ 1.5.1 Configuration > Tunneling and Security > PPTP 1) Enable/Disable PPTP 2) Configure PPTP Tunnel Parameters 3) Configure PPTP Time/Delay Parameters 4) Back PPTP ->_ 1.5.2 Configuration > Tunneling and Security > L2TP 1) Enable/Disable L2TP 2) Configure L2TP Control Parameters 3) Configure L2TP Tunnel Parameters 4) Configure Additional L2TP Parameters 5) Back L2TP ->_ 1.5.3 Configuration > Tunneling and Security > IPSec 1) IKE Proposals 2) NAT Transparency 3) Alerts (System Reboot, Idle Timeout, Administrator Cut-off, etc.) 4) Back IPSec ->_ 1.5.4 Configuration > Tunneling and Security > SSH 1) Enable/Disable SSH 2) Set SSH Port Number 3) Set the Number of SSH Sessions Allowed 4) Set SSH Encryption 5) Set SSH Server Key Regeneration 6) Enable/Disable SCP 7) Back SSH ->_ 1.5.5 Configuration > Tunneling and Security > SSL 1) HTTPS 2) Encryption 3) Back SSL ->_ 1.5.6 Configuration > Tunneling and Security > WebVPN 1) HTTPS Proxy 2) Home Page 3) Logo 4) Servers and URLs 5) E-mail Proxy 6) Port Forwarding 7) Back WebVPN ->_ 2 Administration 1) Administer Sessions 2) Software Update 3) System Reboot 4) Reboot Status 5) Ping 6) Traceroute 7) Access Rights 8) File Management 9) Certificate Management 10) Back Admin -> _ 2.1 Administration > Administer Sessions Active Sessions . . . 1) Refresh Session Statistics 2) Reset Session Statistics 3) Restore Session Statistics 4) Logoff Sessions 5) Session Details 6) Filter Sessions on Group 7) Back Admin -> _ 2.2 Administration > Software Update 1) Concentrator 2) Clients 3) Bootloader 4) Back Admin -> _ 2.2.2 Administration > Software Update > Clients 1) Update a Group 2) Back Admin ->_ 2.3 Administration > System Reboot 1) Cancel Scheduled Reboot/Shutdown 2) Schedule Reboot 3) Schedule Shutdown 4) Back Admin -> _ 2.3.2 Administration > System Reboot > Schedule Reboot 1) Save active Configuration and use it at Reboot 2) Reboot without saving active Configuration file 3) Reboot ignoring the Configuration file 4) Back Admin -> _ 2.3.3 Administration > System Reboot > Schedule Shutdown 1) Save active configuration and use it at next reboot 2) Shutdown without saving active Configuration file 3) Shutdown, ignoring the Configuration file at next reboot 4) Back Admin -> _ 2.4 Administration > Reboot Status Reboot Status ------------- No reboot is scheduled. 1) Refresh Reboot Status 2) Skip Notifications/Reboot Now 3) Logout 4) Back Admin --> 2.7 Administration > Access Rights 1) Administrators 2) Access Control List 3) Access Settings 4) Admin AAA Servers 5) Back Admin -> _ 2.7.1 Administration > Access Rights > Administrators Administrative Users . . . 1) Modify Administrator 2) Back Admin -> _ 2.7.2 Administration > Access Rights > Access Control List This is the Current Access List . . . 1) Add Manager Workstation 2) Modify Manager Workstation 3) Delete Manager Workstation 4) Move Manager Workstation Up 5) Move Manager Workstation Down 6) Back Admin -> _ 2.7.3 Administration > Access Rights > Access Settings 1) Set Session Timeout 2) Set Session Limit 3) Set Config File Encryption 4) Zeroize/Regenerate DES Config File Encryption Key 5) Back Admin -> _ 2.7.4 Administration > Access Rights > Admin AAA Servers 1) Authentication Servers 2) Back Admin -> _ 2.8 Administration > File Management List of Files . . . 1) Delete File 2) Copy File 3) View File 4) Put File via TFTP 5) Get File via TFTP 6) Swap Config Files 7) Export XML File 8) Import XML File 9) Back File -> _ 2.8.6 Administration > File Management > Swap Configuration File Every time the active configuration is saved,... . . . 1) Swap 2) Back Admin -> _ 2.9 Administration > Certificate Management 1) Enrollment 2) Installation 3) Certificate Authorities 4) Identity Certificates 5) SSL Certificates 6) Enrollment Status 7) SSH Host Key 8) Back Certificates -> _ 2.9.1 Administration > Certificate Management > Enrollment 1) Identity Certificate Enrollment 2) SSL Certificate Enrollment 3) Back Certificates -> 2.9.2 Administration > Certificate Management > Installation 1) Install CA Certificate 2) Install SSL Certificate with private key 3) Install Certificate obtained via enrollment 4) Back Certificates -> _ 2.9.3 Administration > Certificate Management > Certificate Authorities Certificate Authorities . . . 1) View Certificate 2) Delete Certificate 3) Configure Certificate 4) View CRL Cache 5) Clear CRL Cache 6) Back Certificates -> _ 2.9.4 Administration > Certificate Management > Identity Certificates Identity Certificates . . . 1) View Certificate 2) Delete Certificate 3) Renew Certificate 4) Back Certificates -> _ 2.9.5 Administration > Certificate Management > SSL Certificate Subject . . . 1) Private SSL Certificate 2) Public SSL Certificate 3) External SSL Certificate 4) Load Balancing SSL Certificate 5) Back Certificates -> 2.9.6 Administration > Certificate Management > Enrollment Status Enrollment Requests 1) View Enrollment Request 2) Install/Activate Enrollment Request 3) Resubmit Enrollment Request 4) Delete/Cancel Enrollment Request 5) Back Certificates -> 2.9.7 Administration > Certificate Management > SSH Host Key SSH Host Key... 1) Generate SSH Host Key 2) Back 3 Monitoring 1) Routing Table 2) Event Log 3) System Status 4) Sessions 5) General Statistics 6) Dynamic IPSec Filters 7) Back Monitor -> _ 3.1 Monitoring > Routing Table Routing Table . . . 1) Refresh Routing Table 2) Clear Routing Table 3) Back Routing -> _ 3.2 Monitoring > Event Log 1) Configure Log viewing parameters 2) View Event Log 3) Save Log 4) Clear Log 5) Back Log -> _ 3.2.2 Monitoring > Event Log > View Event Log [Event Log entries] . . . 1) First Page 2) Previous Page 3) Next Page 4) Last Page 5) Back Log -> _ 3.3 Monitoring > System Status Note The following menu appears on models 3015-3080 only. System Status . . . 1) Refresh System Status 2) View Card Status 3) View LED Status 4) View Memory Status 5) Back Status -> _ Note The following menu appears on model 3005 only. System Status . . . 1) Refresh System Status 2) View Card Status 3) View Memory Status 4) Back Status -> 3.3.2 Monitoring > System Status > View Card Status Note The following menu appears on models 3015-3080 only. 1) Card in Slot 1 2) Card in Slot 2 3) Card in Slot 3 4) Card in Slot 4 5) Back Card Status -> _ Note The following menu appears on model 3005 only. 1) Card in Slot 1 2) Back Card Status -> _ 3.3.3 Monitoring > System Status > View LED Status Note The following menu appears on models 3015-3080 only. LED Status . . . 1) Refresh LED Status 2) Back LED Status ->_ 3.3.4 (3.3.3 on Model 3005) Monitoring > System Status > View Memory Status System Memory Summary . . . 1) Refresh Memory Status 2) Detailed Memory Report 3) Back 3.4 Monitoring > Sessions Note The following menu appears on models 3015-3080 only. 1) View Session Statistics 2) View Top Ten Lists 3) View Session Protocols 4) View Session SEPs 5) View Session Encryption 6) Filter Sessions on Group 7) Back Sessions -> _ Note The following menu appears on model 3005 only. 1) View Session Statistics 2) View Top Ten Lists 3) View Session Protocols 4) View Session Encryption 5) Filter Sessions on Group 6) Back Sessions -> _ 3.4.1 Monitoring > Sessions > View Session Statistics Active Sessions . . . 1) Refresh Session Statistics 2) Reset Session Statistics 3) Restore Session Statistics 4) Session Details 5) Back Sessions -> _ 3.4.2 Monitoring > Sessions > View Top Ten Lists 1) Top 10 Users based on Data 2) Top 10 Users based on Duration 3) Top 10 Users based on Throughput 4) Back Sessions -> _ 3.4.3 Monitoring > Sessions > View Session Protocols Session Protocols . . . 1) Refresh Session Protocols 2) Back Sessions -> _ 3.4.4 View Session SEPS Note The following menu appears on models 3015-3080 only. Session SEPs . . . 1) Refresh Session SEPs 2) Back Session -> 3.4.4 (3.4.5 on Models 3015-3080) Monitoring > Sessions > View Session Encryption Session Encryption . . . 1) Refresh Session Encryption 2) Back Sessions -> _ 3.4.5 (3.4.6 on Models 3015-3080) Monitoring > Sessions > Filter Sessions on Group Current User Groups . . . > Group to view (-1 for All Groups, 0 for Base Group) Sessions -> 3.5 Monitoring > General Statistics 1) Protocol Statistics 2) Server Statistics 3) Event Statistics 4) MIB II Statistics 5) Back General -> _ 3.5.1 Monitoring > General Statistics > Protocol Statistics 1) PPTP Statistics 2) L2TP Statistics 3) IPSec Statistics 4) HTTP Statistics 5) Telnet Statistics 6) DNS Statistics 7) VRRP Statistics 8) SSL Statistics 9) SSH Statistics 10) NAT Statistics 11) Back General -> _ 3.5.2 Monitoring > General Statistics > Server Statistics 1) Authentication Statistics 2) Authorization Statistics 3) Accounting Statistics 4) Filtering Statistics 5) DHCP Statistics 6) Address Pool Statistics 7) Load Balancing Statistics 8) Compression Statistics 9) Admin AAA Authentication Statistics 10) Bandwidth Management Statistics 11) Back General -> _ 3.5.3 Monitoring > General Statistics > Event Statistics Event Statistics . . . 1) Refresh Event Statistics 2) Reset Event Statistics 3) Restore Event Statistics 4) Back General -> _ 3.5.4 Monitoring > General Statistics > MIB II Statistics 1) Interface-based 2) System-level 3) Back MIB2 -> _ 3.6 Monitoring > Dynamic IPSec Filters Current Dynamic Filters . . . 1) View Dynamic IPSec Filter Rules 2) Back Dynamic IPSec Filters ->
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.