VPN 3002 Hardware Client Getting Started, Release 4.1
Installing and Powering Up the VPN 3002
Download this chapter
Installing and Powering Up the VPN 3002Installing and Powering Up the VPN 3002
give_us_feedback

Table of Contents

Installing and Powering Up the VPN 3002
 Preparing to Install
 Configuring and Managing the VPN 3002
 Unpacking
 Installing the VPN 3002
 Powering Up
 VPN 3002 Reset Button
 Beginning Quick Configuration

Installing and Powering Up the VPN 3002

This chapter tells you how to prepare for, unpack, install, and power up the VPN 3002, and how to begin quick configuration.

Preparing to Install

To install the VPN 3002, you need the following skills:

  • Familiarity with Windows configuration and management, and with Microsoft Internet Explorer or Netscape Navigator browsers.
  • Normal computing-equipment power. For maximum protection, we recommend connecting the VPN 3002 to a conditioned power source or uninterruptible power supply (UPS). Be sure that the power source provides a reliable Earth ground.
  • At least 3 inches (75 mm) of unobstructed space on all sides to accommodate cooling intake vents on the sides and top.
  • Standard UTP/STP twisted-pair network cables, Category 5, with RJ-45 8-pin modular connectors. Cisco supplies two with the system.
  • A standard straight-through RJ-45 serial cable with a female DB-9 connector, which Cisco supplies with the system.

Configuring and Managing the VPN 3002

You can configure and manage the VPN 3002 using the command-line interface from the console or a Telnet or SSH client. However, for ease of use, we strongly recommend using the VPN 3002 hardware Client Manager, which is HTML-based, from a PC and browser.

The PC must be able to run the recommended browser. The console can be the same PC that runs the browser.

Browser Requirements

The VPN Hardware Client Manager requires either Microsoft Internet Explorer version 4.0 or higher, or Netscape Navigator version 4.5-4.7 or 6.0. For best results, we recommend Internet Explorer. Whatever browser and version you use, install the latest patches and service packs for it.

JavaScript and Cookies

Be sure JavaScript and Cookies are enabled in the browser. Refer to the documentation for your browser.

Navigation Toolbar

Do not use the browser navigation toolbar buttons Back, Forward, or Refresh / Reload with the VPN 3002 Hardware Client Manager unless instructed to do so. To protect access security, clicking Refresh / Reload automatically logs out the Manager session. Clicking Back or Forward may display stale Manager screens with incorrect data or settings.

We recommend that you hide the browser navigation toolbar to prevent mistakes while using the VPN 3002 Hardware Client Manager.

Recommended PC Monitor / Display Settings

For ease of use, we recommend setting your monitor or display:

  • Desktop area—1024 x 768 pixels or greater. Minimum = 800 x 600 pixels.
  • Color palette—256 colors or higher.

Unpacking

The VPN 3002 Hardware Client ships with the listed in Table 2-1 . Carefully unpack your device and check your contents against this list:

Table 2-1   VPN 3002 Hardware Client Packing List

Quantity  Item 

1

CVPN 3002

1

External 15W power supply and power cord

1

RJ-45 to RJ-45 console cable (black)

1

RJ45 to DB9 console port adapter

1

RJ45 to DB25 console port adapter

4

Self-adhesive rubber feet

1

Wall mount kit 2 10-16x1 & 2 10-16x1.5 screws and 2 wall anchors

1

Power cord retention bracket and instructions

1

6' RJ-45 to RJ-45 Ethernet cable (yellow)

1

VPN 3000 Concentrator Series Software CD

1

VPN 3002 Basic Information label

1

VPN 3002 Quick Start card

1

VPN Client Software License Agreement

1

VPN 3002 Hardware Client Release Notes

1

Export Compliance Information document

1

Warranty card and product information packet

1

Hard copy documentation ordering flyer

Installing the VPN 3002

You can place the VPN 3002 on a table or shelf, or you can hang it on the wall.

Connecting the PC/Console

Connect the RJ45 straight-through serial cable between the console port on the back of the VPN 3002 and the COM1 or serial port on the PC.

If you are using a PC with a browser to manage the VPN 3002, be sure the PC is connected to the same private LAN as the VPN 3002.

If you are using a PC with a browser to manage the VPN 3002-8E, be sure the PC is connected to a switch port that is configured on the same private LAN as the VPN 3002-8E.

Connecting Network Cables

Connect network cables between the Ethernet interface on the back of the VPN 3002 and their respective public and private network hub, switch, or device.

The interfaces are (left to right):

  • Public = the VPN 3002 interface to the public network.
  • Private = the VPN 3002 interface to your private network (internal LAN).

Powering Up

Power up the PC/console and the VPN 3002 in the following sequence:

Step 1   Turn on the PC/console.

Step 2   If you want to use the command-line interface, start a terminal emulator (HyperTerminal) on the PC. Configure a connection to COM1, with the following port settings:

  • 9600 bits per second
  • 8 data bits
  • No parity
  • 1 stop bit

Set the emulator for VT100 emulation, or let it autodetect the emulation type.

Step 3   Plug in the VPN 3002, which turns on the VPN 3002.

Step 4   The LED(s) on the front panel will blink and change color as the system executes diagnostics.

Step 5   Watch for these LEDs on the VPN 3002 front panel to stabilize and display as follows:

  • PWR = green when unit is on.
  • SYS = flashes amber when unit is performing diagnostics, flashes green until either the DHCP or PPPoE session is up (if you are using DHCP or PPPoE), and solid green when operational.
  • VPN = green when tunnel is established.

Step 6   Watch for LEDs on the private and public interface ports on the back of the device to display as follows:

  • Green = the interface is connected to the network.
  • Flashing amber = data is traveling across the network.

If LEDs that should be green are amber or off, see "Troubleshooting and System Errors."

Step 7   If connected, the console displays initialization and boot messages such as:

Boot-ROM Initializing...
Boot configured 16 MB of RAM.
...
Loading image ..........
Verifying image checksum ...........
Active image loaded and verified...
Starting loaded image...

Image Loader Initializing...
Decompressing & loading image ............
Verifying image checksum ...........
Active image loaded and verified...
Starting loaded image...

Starting power-up diagnostics...

pSH+ Copyright (c) Integrated Systems, Inc., 1992.
Cisco Systems, Inc./VPN 3002 Hardware Client Version 4.0(REL) Apr 06 2003 09:53:35
Features:
Initializing VPN 3002 Hardware Client ...
Initialization Complete...Waiting for Network...

Login:_



VPN 3002 Reset Button

The VPN 3002 includes a Reset button, so labelled, on the back of the unit. When used carefully, the Reset button resets the VPN 3002 configuration file to factory default values. That is, it eliminates both the configuration (config) file and the backup configuration (config.bak) file, and you have to perform the configuration process from the beginning.

To reset the VPN 3002 to factory default values, perform the following steps:

Step 1   Connect the VPN 3002 to a PC using the console cable, and use a hyperterminal to view the command line interface.

Step 2   Disconnect the VPN 3002 power supply cord.

Step 3   Reconnect the power supply cord.

Step 4   Immediately insert a thin, pointed object, such as an untwisted paper clip, into the reset button.

Step 5   The VPN 3002 displays messages like those below. In particular, notice the three dots (...) on the line prior to Loading with default configuration.

Resetting System...

Boot-ROM Initializing
Boot configured 16Mb of RAM.

...
Loading with default configuration.

Loading image........
Verifying image checksum.......
Active image loaded and verified...
Starting loaded image...

Image Loader Initializing...
Decompressing & load image...........

Step 6   Keep the paper clip in the reset button until the system displays the line, Loading with default configuration, just after the line with the three dots.

The VPN 3002 is rest to factory defaults.

Beginning Quick Configuration

You are now ready to begin quick configuration: configuring minimal parameters to make the VPN 3002 operational. You can use a browser for quick configuration with the VPN 3002 Hardware Client Manager (see "Using the VPN 3002 Hardware Client Manager for Quick Configuration"). While you can use the console instead (see "Using the Command-Line Interface for Quick Configuration"), we recommend using a browser.

Quick configuration consists of these steps:

Step 1   Set the system time, date, time zone, and Daylight Savings Time (DST) support.

Step 2   Optionally upload an already existing configuration file.

Step 3   Configure the VPN 3002 private interface. To use Network Extension mode, you must configure an IP address other than the default, which is 192.168.10.1. For Client mode, you do not need to change this address.

Step 4   Configure the DHCP server to assign IP addresses for PCs located on the private network. The default IP address pool is 192.168.10.2-192.168.10.128. For Client mode, you do not need to modify this parameter.

Step 5   Configure the VPN 3002 public interface, using DHCP, PPPoE, or static address assignment. Note that the DHCP client is enabled by default on the public interface.

Step 6   Configure the IPSec parameters with group and usernames and passwords and the IP address of the central-site VPN Concentrator, also known as the IKE peer.

Step 7   Set the VPN 3002 to use either Client or Network Extension mode. Client mode is enabled by default, using Port Address Translation (PAT).

Step 8   If you are using DNS, configure local ISP DNS information for the VPN 3002.

Step 9   Configure static routes.

Step 10   Change the admin password for security.

You are done!




Quick Configuration Using Default Values

The easiest way to configure the VPN 3002 is to accept default values for all parameters that have default values. The next sections on PAT mode and Network Extension mode list the information you need if you use default values for quick configuration.

PAT Mode

For PAT mode, if you accept default values for all parameters, you need:

  • The IKE peer address, which is the public IP address of the VPN Concentrator to which this VPN 3002 connects.
  • Group and usernames and passwords. The group and usernames and passwords must also be configured on the VPN Concentrator to which this VPN 3002 connects. On the central-site VPN Concentrator, see Configuration | User Management | Groups, and Configuration | User
    Management | Users.

Network Extension Mode

For Network Extension mode, if you accept default values for all parameters, you need:

  • An IP address for the VPN 3002 private interface (supplied by your network administrator).
  • The IKE peer address, which is the public IP address of the VPN Concentrator to which the VPN 3002 connects.
  • Group and usernames and passwords. The group and usernames and passwords must also be configured on the VPN Concentrator to which this VPN 3002 connects. On the central-site VPN Concentrator, see Configuration | User Management | Groups, and Configuration | User
    Management | Users.
  • Disable PAT.

Quick Configuration Using Nondefault Values

Table 2-2 provides the information you need to set all the parameters for quick configuration. Write your entries here now to save time as you enter data.

Table 2-2   VPN 3002 Quick Configuration Parameters

Parameter Name  Information You Need to Enter  Your Entries 

Upload Config

If you want to upload an already existing configuration file, the path to and name of the file.

 

Private Interface

Both of the following:

  • The IP address and subnet mask for the VPN 3002 interface to your private network. The default IP address is 192.168.10.1. Note that to use Network Extension mode, you must configure this private interface IP address to something other than the default.
  • The IP address pool range to assign, if you use DHCP for address assignment, and you do not want to accept default values.

The default range is 192.168.10.2 to 192.168.10.128. If you change the IP address for the private interface, the default is <Private IP address> + 1 to <Private IP address> + 127.

 

Public Interface

One of the following:

  • If statically assigned, the IP address, subnet mask, and default gateway for the VPN 3002 interface to the public network.
  • If you use DHCP to obtain an IP address, a system name (also called a hostname).
  • If you use PPPoE to connect to a public network, a PPPoE username and password.

 

IPSec

If you use digital certificates, you do not need to enter this information.

Both of the following:

  • The IKE peer address, that is, the IP address for the public interface of the central-site VPN Concentrator to which this VPN 3002 connects.
  • IPSec group names, usernames, and passwords. These must match the group names, usernames, and passwords configured on the central-site VPN Concentrator.

 

PAT

If you want to use Network Extension mode, an IP address for the private interface other than the default.

 

DNS

If you use DNS, both of the following:

  • The IP address of your local Internet Service Provider's DNS server.
  • The registered Internet domain name to use with DNS (such as cisco.com), obtained from your Internet Service Provider (ISP).

 

Static Routes

If you want to configure one or more static routes, the IP address(es), subnet mask(s), and metric(s) that apply to the static route(s), and destination router address(es).