Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

CiscoWorks VPN/Security Management Solution

CiscoWorks2000 VPN/Security Management Solution 2.0 Quick Start Guide

Downloads

Table of Contents

Quick Start Guide
 CiscoWorks2000
VPN/Security Management Solution
Quick Start Guide
1   Overview
 2   Install Security Management CDs
 3   Install VPN Monitoring CDs
 4   Where to Go Next

Quick Start Guide

CiscoWorks2000
VPN/Security Management Solution
Quick Start Guide

1   Overview

This quick start guide provides basic requirements and procedures for installing, upgrading, and setting up CiscoWorks2000 VPN/Security Management Solution (VMS) 2.0 so you can get your server up and running as quickly as possible.

Note   This guide contains quick start typical installation instructions. For custom installation instructions, see the installation guides available in PDF in the Documentation directory on the product CDs. To read the PDF files, Adobe Acrobat Reader 4.0 must be installed.

This section contains the following:

About the VMS Bundle

The CiscoWorks2000 VMS 2.0 provides the following:

  • Security management applications for configuring and monitoring Firewall security and network and host-based Intrusion Detection Systems (IDS)

  • Web-based interface for configuring, monitoring, and troubleshooting enterprise Virtual Private Networks (VPNs)

VMS Bundle Contents

The VMS bundle contains seven CDs:

  • Cisco Secure Policy Manager (CSPM) 3.0f (for Firewalls and VPNs)

  • Cisco Secure Policy Manager (CSPM) 2.3.3i (for network-based IDS)

  • Cisco IDS Host Sensor 2.0 (for host-based IDS)

  • CD One, 4th Edition (for base CiscoWorks2000 server)

  • CD Two, 3rd Edition (for base inventory management)

  • VPN Monitor 1.1

  • Resource Manager Essentials (Essentials) 3.3

The following table provides information about the product CDs and lists the contents of each sub-box in the bundle.

Product CD Provides this functionality... Sub-box consists of...

Cisco Secure Policy Manager 3.0f1

Configuration and management of Firewalls and VPNs
  • CSPM product CD

  • Printed Documentation

    • Cisco Secure Policy Manager Installation Guide

    • Release Notes

  • CSPM License Disk—Provides the license to use CSPM. For information about the number of supported devices, see the device license label on the disk.

  • Cisco Secure VPN Client CD—Provides IPSec authentication and encryption solutions for Windows 95/98 and Windows NT 4.0 users.

Cisco Secure Policy Manager 2.3.3i1

Configuration and monitoring of network-based IDS
  • CSPM product CD

  • Printed Documentation

    • Release Notes

  • CSPM License Disk—Provides the license to use CSPM. For information about the number of supported devices, see the device license label on the disk.

  • Cisco Secure VPN Client CD—Provides IPSec authentication and encryption solutions for Windows 95/98 and Windows NT 4.0 users.

Cisco IDS Host Sensor 2.02

Configuration and monitoring of host-based IDS
  • Cisco IDS Host Sensor product CD

  • Printed Documentation

    • Cisco Intrusion Detection System Host Sensor Registration

    • Cisco Intrusion Detection System Host Sensor Quick Start

    • Release Notes

CD One, 4th Edition

CiscoWorks2000 desktop environment, login access, and CiscoView
  • CD One product CD

  • Printed Documentation

    • Installing and Setting Up CD One on Windows 2000 and Windows NT

    • Installing and Setting Up CD One on Solaris

    • Release Notes

CD Two, 3rd Edition

Inventory and device management functions required by VPN Monitor
  • CD Two product CD

  • Printed Documentation

    • Installing and Setting Up CD Two, 3rd Edition on Windows 2000 and Windows NT

    • Installing and Setting Up CD Two, 3rd Edition on Solaris

    • Release Notes

VPN Monitor 1.1

Head-end monitoring of IPSec, IKE, L2TP, and PPTP protocols
  • VPN Monitor product CD

  • Printed Documentation

    • Installing VPN Monitor on Windows 2000, Windows NT, and Solaris

    • Release Notes

Resource Manager Essentials 3.3

Basic syslog and config reporting and software and inventory management for VPN devices
  • Essentials product CD

  • Printed Documentation

    • Installing and Setting Up Resource Manager Essentials on Windows 2000 and Windows NT

    • Installing and Setting Up Resource Manager Essentials on Solaris

    • Release Notes
1CSPM can be installed only on Windows NT.
2The Cisco IDS Host Sensor Console can be installed on Windows 2000 and Windows NT servers. The Cisco IDS Host evaluation Agents can be installed on Windows 2000, Windows NT, and Solaris.


What's New?

VMS 2.0 includes the following new features:

  • The following security management CDs have been added:

    • CSPM 3.0f—Provides configuration and management of Firewalls and VPNs

    • CSPM 2.3.3i—Provides configuration and monitoring of network-based IDS

    • Cisco IDS Host Sensor 2.0—Provides configuration and monitoring of host-based IDS

  • The following product CDs have been upgraded:

    • CD One

    • CD Two

    • VPN Monitor

    • Resource Manager Essentials

      • Note   For information about new features, see the product release notes.

Server Requirements

This section provides the server requirements for installing all of the VMS bundle CDs on one server. If you choose to install only a subset of the VMS bundled CDs, then these server requirements might not apply.

CSPM 3.0f and CSPM 2.3.3i cannot be installed on a single system. Cisco recommends that separate machines be deployed for network configuration and monitoring. Therefore, one machine can be used for all the monitoring components: CSPM 2.3.3i, Cisco IDS Host Sensor, and VPN Monitor. A separate machine can then be used for CSPM 3.0f.

For server requirement information for specific products, see the product installation guides. The installation guides are available in PDF in the Documentation directory on the product CDs. To read the PDF files, Adobe Acrobat Reader 4.0 must be installed.

You can install the VMS bundle CDs on:

  • Windows

  • Solaris

    • Note   CSPM can be installed only on Windows NT.
    Note   The Cisco IDS Host Sensor Console can be installed on Windows 2000 and Windows NT servers. The Cisco IDS Host evaluation Agents can be installed on Windows 2000, Windows NT, and Solaris.

Server Requirements for Windows 2000 and Windows NT

Hardware
  • IBM PC-compatible computer with 600 MHz or faster Pentium processor

  • Color monitor with video card capable of 256 colors or more

  • CD-ROM drive

  • 10BaseT or faster (10 Mbps or faster network connection)

Available memory (RAM)
  • 1 GB minimum

Available disk drive space
  • 9 GB minimum

  • 2 GB virtual memory

  • NTFS file system recommended (required for CSPM)

Software for Windows 2000
  • ODBC Driver Manager 3.510 or later

  • One of the following:

    • Windows 2000 Professional

    • Windows 2000 Server

    • Windows 2000 Advanced Server

    • Service Pack 2

Software for Windows NT
  • One of the following:

    • Windows NT Workstation 4.0

    • Windows NT Server 4.0

  • Service Pack 6a


Note   The download and installation programs for these required Windows software packages are sensitive to your system configuration and are subject to change by Microsoft at any time. Therefore, it is not possible to provide step-by-step procedures. Installation instructions are provided in the Windows installation documentation for the prerequisite products.

Server Requirements for Solaris

Hardware
  • Sun Ultra 60 or later with 440 MHz or faster processor (dual processor required for hosting multiple management solutions)

  • Color monitor with video card capable of 256 colors or more

  • CD-ROM drive

  • 10BaseT or faster (10 Mbps or faster network connection)

Available memory (RAM)
  • 1 GB minimum

Available disk drive space
  • 9 GB on the partition on which you install the CDs
    (the default is /opt)

  • 2 GB swap space

Software
  • Solaris 2.6

  • Solaris 2.7

See "Solaris Patches" section for a list of required and recommended patches.


Solaris Patches

Operating System Required Recommended

Solaris 2.6
  • 105181-19 Kernel Update Patch

  • 105210-27 Libaio, Libc, and Watchmalloc Patch

  • 105490-07 (or 107733-01) Linker Patch

  • 105568-16 /usr/lib/libthread.so.1.Patch

  • 105591-06 Shared Library Patch for C++

  • 105633-36 Xsun Patch (Asian only)

  • 106040-13 X Input and Output Method Patch (Japanese only)

  • 106409-01 Traditional Chinese True Type Fonts Patch

  • 108091-03 ISO8859-01 Locales Patch
  • 105284-31 Runtime Library Patch

  • 105669-10 LibdtSvc Patch

Solaris 2.7
  • 106327-05 Shared Library Patch for C++

  • 106980-10 Libthread Patch

  • 107636-03 X Input and Output Method Patch

  • 107081-11 Motif 1.2.7 and 2.1.1: Runtime Library Patch

  • 108376-03 (1) Open Windows 3.6.1 Xsun Patch



Client Requirements

Hardware and Software

Hardware/software

One of the following:

  • IBM PC-compatible computer with 300 MHz or faster Pentium processor running one of the following:

    • Windows 98

    • Windows NT 4.0 Workstation or Server with Service Pack 6a

    • Windows 2000 Server or Professional edition with Service Pack 2

  • Solaris SPARCstation or Sun Ultra 10 with 333 MHz processor running Solaris 2.6 or Solaris 2.7

Available disk drive space
  • One of the following:

    • 400 MB virtual memory (for Windows)

    • 512 MB swap space (for Solaris)

Available memory (RAM)
  • 256 MB minimum


Browser Requirements

Use one of the following:

Browser JVM1 Version Platform

Internet Explorer (recommended)

5.0.3186 or later

5.5 with Service Pack 2

Windows 2000, Windows NT 4.0, Windows 98, Solaris 2.6, and Solaris 2.7

Navigator

4.75 or later

Windows 2000, Windows NT 4.0, Windows 98, Solaris 2.6, and Solaris 2.7
1JVM = Java Virtual Machine


Installation Sequence

The following table provides the installation sequence and features.

Installation Sequence Features/Comments
  • For security management, install:

    • a. CSPM 3.0f (for Firewalls and VPNs)

    or
    CSPM 2.3.3i (for network-based IDS)

    b. Cisco IDS Host
    Sensor 2.0 (for host-based IDS)

  • For VPN monitoring, install:

    • a. CD One, 4th Edition

    b. CD Two, 3rd Edition

    c. VPN Monitor 1.1

The security management CDs provide configuration and monitoring of Firewall security and network and host-based IDS.

You can install the security management CDs in any sequence.

Caution   CSPM 3.0f and CSPM 2.3.3i cannot be installed on the same system.


The VPN monitoring CDs provide the CiscoWorks2000 desktop, login access, inventory, and monitoring features.

You must install the VPN monitoring CDs in the sequence provided.


Note   If you choose to install Resource Manager Essentials 3.3 instead of CD Two, install CD One, then Resource Manager Essentials, and then VPN Monitor. For Essentials installation instructions, see the installation guides shipped with the product CD.
Note   VPN Monitor requires the specified versions of CD One, 4th Edition and CD Two, 3rd Edition or Resource Manager Essentials 3.3. If you try to install VPN Monitor 1.1 on previous versions of these products, you will get an error message.
Note   Installation of CD One, 4th Edition will disable the existing VPN Monitor 1.0. To use VPN Monitor, you must upgrade to VPN Monitor 1.1.

Upgrade Options

The following table provides information about upgrading from VMS 1.0 to VMS 2.0.

If you are installing VMS 2.0 on a machine that... Do the following...

Currently has the following VMS 1.0 products:

  • CD One, 3rd Edition

  • CD Two, 2nd Edition

or

Resource Manager Essentials 3.21

  • VPN Monitor 1.0

  • CSPM Lite 2.3
  • For VPN monitoring, install:

    • a. CD One, 4th Edition

    b. CD Two, 3rd Edition

    or
    Resource Manager Essentials 3.31

    c. VPN Monitor 1.1

  • For security management, install:

    • a. CSPM 3.0f2 (for Firewalls and VPNs)

    or
    CSPM 2.3.3i2 (for network-based IDS)

    b. Cisco IDS Host Sensor 2.0 (for host-based IDS)
1If you have Resource Manager Essentials 3.2 installed on your system, you must upgrade to Resource Manager Essentials 3.3.
2CSPM 3.0f and CSPM 2.3.3i can neither reside on the same host nor be used to manage the same network. Depending on what you are managing, Firewalls and VPNs or network-based IDS, you should choose to install CSPM 3.0f or CSPM 2.3.3i.


Note   You can upgrade from an existing VPN Monitor 1.0 or 1.1 evaluation version to a permanent VPN Monitor 1.1 version without uninstalling VPN Monitor.
Note   When you are upgrading from an existing VPN Monitor 1.0 or 1.1 evaluation version to a permanent VPN Monitor 1.1 version, you will get the following message: CiscoWorks2000 is already installed on this system. Are you sure you want to reinstall this software and any required patches? (y/n). Enter y.

2   Install Security Management CDs

For security and VPN management, do the following:

  • Install CSPM 3.0f—For configuration and management of Firewalls and VPNs

or

Install CSPM 2.3.3i—For configuration and monitoring of network-based IDS

  • Install Cisco IDS Host Sensor—For configuration and monitoring of host-based IDS

    • Note   CSPM 3.0f and CSPM 2.3.3i cannot be installed on a single system. Cisco recommends that separate machines be deployed for network configuration and monitoring. Therefore, one machine can be used for all the monitoring components: CSPM 2.3.3i, Cisco IDS Host Sensor, and VPN Monitor. A separate machine can then be used for CSPM 3.0f.

Install CSPM 3.0f—For Firewalls and VPN Configuration

Before you install CSPM 3.0f, review the following information:

  • For security reasons, CSPM can only be installed on a drive formatted for NTFS file system.

  • Cisco recommends that you install CSPM on a server with a static IP address.

  • You must have administrative privileges.

  • Ensure that any supported devices you plan to manage are installed on the network and that you can telnet from the target host to the managed device. If you intend to use AAA servers or certificate servers, you must ensure that those hosts are installed on the network. You must also backup any configurations running on the managed devices.

For information on how to prepare the network, see Cisco Secure Policy Manager Installation Guide, version 3.0.

This section contains:

Install Cisco Secure VPN Client

To securely configure a remote device that is managed by the outside interface such as the PIX Firewall, you must install Cisco Secure VPN Client.

The Cisco Secure VPN Client cannot be installed after CSPM is installed. Therefore, you must install the Cisco Secure VPN Client before installing CSPM.

Installation takes approximately 10 minutes.

Step 1   With Microsoft Windows running, make sure you close all other programs.

Step 2   Insert the Cisco Secure VPN Client CD into the CD-ROM drive.

  • If autorun is enabled in your system, the installation wizard starts.

  • If autorun is not enabled in your system:

Select Start > Run...
The Run dialog box appears.
Enter e:\setup.exe
where e is your CD-ROM drive.
Click OK.
The installation shield wizard starts.

Step 3   Follow the instructions on your screen.

Step 4   When setup is finished, click Yes, I want to restart my computer now.

Step 5   Click Finish.

Your computer will automatically restart.

Step 6   The SafeNet icon now appears in the status area of the Windows taskbar, which is usually located in the lower right corner of the screen.

The SafeNet icon changes color and image as you begin and end communications. For more information, search for SafeNet icon in the Cisco Secure VPN Client help file

For additional information about Cisco Secure VPN Client, see the CD booklet Cisco Secure VPN Client Quick Start Guide shipped with the product CD.

Install CSPM 3.0f on Windows NT

This procedure assumes that you have already installed Cisco Secure VPN Client. Installation takes approximately 10 minutes.

Step 1   Insert the CSPM 3.0 CD into the CD-ROM drive.

  • If autorun is enabled in your system, the Cisco Secure Policy Manager Installation window opens.

  • If autorun is not enabled in your system:

Select Start > Run...
The Run dialog box appears.
Enter e:\setup.exe
where e is your CD-ROM drive.
The Cisco Secure Policy Manager Installation window opens. The Install Product option is preselected.

Step 2   Click Next to begin installing.

The License Agreement dialog box appears.

Step 3   Select I accept the agreement and click Next.

The License Disk dialog box appears.

Step 4   To specify the location of the CSPM license disk, enter the directory path in the Location field, or click Browse to find the correct path. Then, enter the corresponding password in the Password field.

Note   The password is printed on the license disk label. However, if you downloaded the software from Cisco.com, the password is located in the Readme file in the downloaded directory. For more information, see Cisco Secure Policy Manager Installation Guide, version 3.0.

Step 5   Click Next.

The Installation Options dialog box appears. The default option, Standalone CSPM, is preselected.

Step 6   To specify where to install CSPM, enter the directory path to the installation folder in the Installation Folder field, or click Browse to find the correct path.

By default, CSPM installs in c:\Program Files\Cisco Systems\Cisco Secure Policy Manager.
Note   If the folder you specify for the directory path does not exist, the setup program offers to create it for you. In the Confirm New Directory dialog box, click Yes to create the folder and proceed with the setup program; click No to return to the Installation Options dialog box.

Step 7   Click Next.

The Account Information dialog box appears.

Step 8   Enter the following information in the fields provided:

  • Username—User name appears in the field by default.

  • Password—Enter the Windows NT password for the corresponding user name.

  • Confirm Password—Re-enter the password.

Step 9   Click Next

The Information pop-up window appears.

Step 10   Click OK.

The Settings dialog box appears.

Step 11   Select the IP address from the Local IP Address list. This IP address must be the one that is configured on the target host for all inbound and outbound CSPM communications.

The CSPM Server port number 2567 appears by default in the Service Port field. This port number is IANA-assigned.

Step 12   Click Next.

The Verify Install Settings dialog box appears.

Step 13   Verify the settings, then click Copy Files.

Note   If you find an incorrect setting, click Back until you arrive at the proper dialog box. Make the necessary changes, and then click Next to return to the Verify Install Settings dialog box.
The setup program copies all files to the specified installation folder and creates the necessary registry keys.
The Setup is Complete dialog box appears.

Step 14   Click Finish.

For more information about CSPM installation, see Cisco Secure Policy Manager Installation Guide, version 3.0.

Install CSPM 2.3.3i—For Network-Based IDS Management

Note   CSPM 3.0f and CSPM 2.3.3i can neither reside on the same host nor be used to manage the same network. Depending on what you are managing, Firewalls and VPNs or network-based IDS, you must choose to install either CSPM 3.0f or CSPM 2.3.3i.

Before you install CSPM 2.3.3i, review the following information:

  • For security reasons, CSPM can only be installed on a drive formatted for NTFS file system.

  • Cisco recommends that you install CSPM on a server with a static IP address.

  • You must have administrative privileges.

  • You must bootstrap the sensors that you plan to manage.

Ensure that any sensors you plan to manage are installed on the network and that you can telnet from the target host to the sensor.

For information on how to bootstrap a sensor, see Cisco Secure Policy Manager Installation Guide, version 2.3.1i.

This section contains:

Install Cisco Secure VPN Client

To securely configure a remote device that is managed by the outside interface such as the Cisco Secure IDS Sensor, you must install Cisco Secure VPN Client.

The Cisco Secure VPN Client cannot be installed after CSPM is installed. Therefore, you must install the Cisco Secure VPN Client before installing CSPM.

Installation takes approximately 10 minutes.

Step 1   With Microsoft Windows running, make sure you close all other programs.

Step 2   Insert the Cisco Secure VPN Client CD into the CD-ROM drive.

  • If autorun is enabled in your system, the installation wizard starts.

  • If autorun is not enabled in your system:

Select Start > Run...
The Run dialog box appears.
Enter e:\setup.exe
where e is your CD-ROM drive.
Click OK.
The installation shield wizard starts.

Step 3   Follow the instructions on the screen.

Step 4   When setup is finished, click Yes, I want to restart my computer now.

Step 5   Click Finish.

Your computer will automatically restart.

Step 6   The SafeNet icon now appears in the status area of the Windows taskbar, which is usually located in the lower right corner of the screen.

The SafeNet icon changes color and image as you begin and end communications. For more information, search for SafeNet icon in the Cisco Secure VPN Client help file

For additional information about Cisco Secure VPN Client, see the CD booklet Cisco Secure VPN Client Quick Start Guide shipped with the product CD.

Install CSPM 2.3.3i on Windows NT

This procedure assumes that you have already installed Cisco Secure VPN Client. Installation takes approximately 10 minutes.

Step 1   Insert the CSPM 2.3.3i CD into the CD-ROM drive.

  • If autorun is enabled in your system, the Cisco Secure Policy Manager Installation window opens.

  • If autorun is not enabled in your system:

Select Start > Run...
The Run dialog box appears.
Enter e:\setup.exe
where e is your CD-ROM drive.
The Cisco Secure Policy Manager Installation window opens. The Install Product option is preselected.

Step 2   Click Next to begin installing.

The License Agreement dialog box appears.

Step 3   Select I accept the agreement and click Next.

The License Disk dialog box appears.

Step 4   To specify the location of the CSPM license disk, enter the directory path in the Location field, or click Browse to find the correct path. Then, enter the corresponding password in the Password field.

Note   The password is printed on the license disk label. However, if you downloaded the software from Cisco.com, the password is located in the Readme file in the downloaded directory. For more information, see Cisco Secure Policy Manager Installation Guide, version 2.3.1i.

Step 5   Click Next.

The Installation Options dialog box appears. The default option, Standalone CSPM, is preselected.

Step 6   To specify where to install CSPM, enter the directory path to the installation folder in the Installation Folder field, or click Browse to find the correct path.

By default, CSPM is installed in c:\Program Files\Cisco Systems\Cisco Secure Policy Manager.
Note   If the folder you specify for the directory path does not exist, the setup program offers to create it for you. In the Confirm New Directory dialog box, click Yes to create the folder and proceed with the setup program; click No to return to the Installation Options dialog box.

Step 7   Click Next.

The Account Information dialog box appears.

Step 8   Enter the following information in the fields provided:

  • Username—User name appears in the field by default.

  • Password—Enter the Windows NT password for the corresponding user name.

  • Confirm Password—Re-enter the password.

Step 9   Click Next

The Information pop-up window appears.

Step 10   Click OK.

The Settings dialog box appears.

Step 11   Select the IP address from the Local IP Address list. This IP address must be the one that is configured on the target host for all inbound and outbound CSPM communications.

The Primary Policy Database port number 2567 appears by default in the Service Port field. This port number is IANA-assigned.

Step 12   Click Next.

The Configure Communications Properties dialog box appears.

Step 13   To submit the communication properties for this host, type a unique host ID, organization ID, IP address, host name, and organization name into the appropriate fields.

Step 14   Click Next.

The Verify Install Settings dialog box appears.

Step 15   Verify the settings, then click Copy Files.

Note   If you find an incorrect setting, click Back until you arrive at the proper dialog box. Make the necessary changes, and then click Next to return to the Verify Install Settings dialog box.
The TechSmith Screen Capture Codec Installation dialog box appears.

Step 16   Click Install in the TechSmith Screen Capture Codec Installation dialog box to install the compression software required for viewing videos.

The TSCC Installation Complete dialog box appears.

Step 17   Click OK.

CSPM installation continues, and the setup program copies all files to the specified installation folder and creates the necessary registry keys.
The Setup is Complete dialog box appears.

Step 18   Click Finish.

For login instructions, see Cisco Secure Policy Manager Installation Guide, version 2.3.1i. After you login to the GUI client, you can view the Getting Started videos for guidance on using CSPM.

Install Cisco IDS Host Sensor

Note   For performance and security operation, Cisco recommends that you install CSPM and the Cisco IDS Host Sensor Console on separate servers.

The Cisco IDS Host Sensor CD contains the following two software components:

  • Console software—Provides management of IDS Host Agents

  • Agent software—Provides security protection for critical operating systems and web servers

Both the Console software and Agent software operate for 90 days in evaluation mode. To extend use of the console beyond the 90 days, you must register at Cisco.com and obtain a license key.

After you register, Cisco Systems will send you an e-mail notification with the license key for the Console without additional payment. The Agent installed on the Console server does not need a license key. For all other Agents, you must purchase and register for the license keys separately. See the ordering information for the Agents at the following website: http://www.cisco.com/go/id s

Entering the Console license key disables nonlicensed Agents. To avoid disabling nonlicensed Agents, you must do one of the following within the 90 day evaluation period:

  • Enter the license keys for the Console and Agents at the same time.

  • Enter the license key for the Console after you have completed evaluating the Agents.

Buying an Agent license key allows you to have your Agents updated from Cisco.com, which offers protection against the latest threats. For details about registration, see Cisco Intrusion Detection System Host Sensor Registration document shipped with the product.

You must install the Console software before installing the Agent software. Once the Console is in place, you can proceed with installation of the Agent.

This section contains:

Install Cisco IDS Host Sensor Console on Windows 2000 or Windows NT

Note   The Cisco IDS Host Console can be installed on Windows 2000 and Windows NT servers.

The Cisco IDS Host Sensor allows you to use either Local or Domain installation.

  • Use a Local installation if you are operating in a workgroup environment.

  • Use a Domain installation if you are using a Windows NT Domain architecture or Windows 2000 Active Directory and want to retrieve user group information from the domain controllers on your network.

Installation takes approximately 15 minutes.

Step 1   Log into the computer on which you want to install the Console.

  • Log in as local administrator if you are going to use a Local installation of Host Sensor.

  • Log in as domain administrator if you are going to use a Domain installation of Host Sensor.

Step 2   Close any open applications.

Caution   The Cisco IDS Host Sensor Console installation cannot proceed while components of CSPM are running. To install the Cisco IDS Host Sensor Console, exit the installation, close CSPM, manually stop the Windows service Cisco Controlled Host Component in the Services Control Panel, and restart the console installation.

Step 3   Stop any antivirus software.

Step 4   Insert the Cisco IDS Host Sensor CD into the CD-ROM drive.

  • If autorun is enabled in your system, the Installation window opens and displays several options.

  • If autorun is not enabled in your system:

Select Start > Run...
The Run dialog box appears.
Enter e:\setup.exe
where e is your CD-ROM drive.
The Installation window opens and displays several options.

Step 5   Select the Install Console option.

The Welcome screen appears.

Step 6   Click Next.

The Software License Agreement dialog box appears.

Step 7   Read the software license and click Accept.

The Information dialog box appears.

Step 8   Read the information page and click Next.

The Choose Destination Location dialog box appears.

Step 9   Select a destination directory for the installation and click Next.

The default directory is c:\Program Files\Cisco IDS\Console.
The Installation Type dialog box appears.

Step 10   Select either Local or Domain.

The Select Program Folder dialog box appears.

Step 11   Select a folder in which you want to install the Console and click Next.

The Start Copying Files dialog box appears showing the current settings.

Step 12   Click Next to start installing components.

The Question message box appears recommending that you install the Cisco HIDS Agent after the Console.

Step 13   Click Yes or No to install the Agent after your next reboot.

The Information message box appears recommending that you back up the publickey and serverkey files.

Step 14   Click OK.

The Setup Complete dialog box appears. The Yes, I want to restart my computer now option is preselected.

Step 15   Click Finish.

The computer automatically restarts.

After the Host Sensor Console has been successfully installed and your computer has been restarted, the publickey and serverkey files are created in the Console installation directory. Copy these files to a secure location.

You need the publickey file if you decide to copy it manually to the Agent installation directory folders after you install the Agents. If you have to remove and reinstall the Console on the same computer, you must copy the original serverkey file into the Console installation directory so that the Agents already installed on computers in your network are able to communicate with the new Console.

Install Cisco IDS Host Sensor Agent on Windows 2000 or Windows NT

Note   The Cisco IDS Host evaluation Agent can be installed on Windows 2000, Windows NT, and Solaris. This guide contains Windows installation instructions only, for Solaris installation instructions, see Cisco Intrusion Detection System Host Sensor Quick Start.

This procedure assumes that you have already installed the Console software.

Installation takes approximately 15 minutes.

Step 1   Log in as local administrator.

Step 2   Close any open applications.

Step 3   Stop any antivirus software.

Step 4   Insert the Cisco IDS Host Sensor CD into the CD-ROM drive.

  • If autorun is enabled in your system, the Installation window opens and displays several options.

  • If autorun is not enabled in your system:

Select Start > Run...
The Run dialog box appears.
Enter e:\setup.exe
where e is your CD-ROM drive.
The Installation window opens and displays several options.

Step 5   Select the Install Agent option.

The Welcome screen appears.

Step 6   Click Next.

The User Information dialog box appears.

Step 7   Enter the appropriate information in the Name and Company fields and click Next.

The Agent Name dialog box appears.

Step 8   Choose an Agent name and click Next.

Step 9   Choose the Agent type (if you are on a Windows NT/2000 Server) and click Next.

The Choose Destination Location dialog box appears.

Step 10   Select a destination directory for the Cisco HIDS Agent software and click Next.

The default destination directory is c:\Program Files\Cisco IDS\Agent.
The Communication dialog box appears.

Step 11   Enter the following information in the fields provided:

  • IP/Host Name—Enter the IP address or host name of the computer on which the Console is installed.

    • Note   If the Agent is being installed on the computer hosting the Console, you can accept the default address of 127.0.0.1.
  • Port Number—Enter the port on the server through which the Agent will communicate. The default is 5000.

    • Note   The communication port for the Agent and the Console must be the same port number so they can communicate with each other.

Step 12   Click Next.

Note   If your computer is not configured to dump memory in case of a crash, the Debugging Information dialog box appears asking you to allow the installation program to configure the computer to dump memory in case of a crash. Select Enable or Disable and click Next.
The Start Copying Files dialog box appears showing the current settings.

Step 13   Click Next.

The Publickey Options dialog box appears.

Step 14   Select one of the following options:

  • Specify publickey location now

Selecting this option and then clicking Next opens the Public key location dialog box. From this dialog box you can browse to the folder in which you have installed the Host Sensor.
Note   If you are installing the Agent on a computer other than the one hosting the Console, the publickey file must be in a folder that is shared over the network for the InstallShield to have access to the file.
After you have provided the location of the Console installation folder, click Next to continue installation of the Agent and have the publickey file automatically copied to the Agent installation folder. When the installation is complete, the server recognizes the Agent and the Agent appears in the Console.
  • Copy publickey manually later

Selecting this option and then clicking Next allows the installation of the Agent to continue, and then the Information dialog box appears, which contains a message reminding you to copy the publickey file to the Agent installation folder.
Note   The publickey file must be present in the Agent installation folder for the Agent to facilitate encrypted communication with the server.
The Information message box appears and lets you know that the Host Sensor Agent was activated.

Step 15   Click OK.

The Setup Complete dialog box appears.

Step 16   Click Finish.

Step 17   If you chose the option Copy publickey manually later, do the following:

a. Copy the publickey file from the folder in which you have installed the Host Sensor or from the backup location you have chosen for the files.

b. Paste the publickey file into the Agent installation folder.

c. After pasting the publickey file into the Agent installation folder, do one of the following:

  • Restart the computer to start the Cisco HIDS Agent service (named enterceptAgent).

  • Start the service manually by clicking Start > Settings > Control Panel > Services for Windows NT Agents, or by clicking Start > Programs > Administrative Tools > Services for Windows 2000 Agents to open the Services dialog box, and then selecting the Cisco HIDS Agent service (named enterceptAgent) from the list and clicking Start.

For more information, see Cisco Intrusion Detection System Host Sensor Quick Start.

3   Install VPN Monitoring CDs

For VPN monitoring, do the following:

1. Install CD One

2. Install CD Two

3. Install VPN Monitor

4. Add Devices

Note   You must install the VPN monitoring CDs in sequence.

Install CD One

This procedure assumes you are doing a typical installation and are not integrating with a third-party network management system (NMS) during installation. For custom installation and third-party NMS integration instructions, see Installing and Setting Up CD One on Windows 2000 and Windows NT.

Install CD One on Windows 2000 and Windows NT

Installation takes approximately 30 minutes.

Note   If you have a previous version of CD One installed in you system and you are upgrading to CD One, 4th Edition, you might require a patch. See the "Performing an Upgrade Installation" section in the installation guide for additional information.
Caution   If you are running Windows NT, make sure Service Pack 6a is installed. If you are running Windows 2000, make sure Service Pack 2 is installed. Without the appropriate service pack installed, CD One will install with a warning to proceed at your own risk.

Step 1   Log in as the local administrator on the system on which you want to install CD One.

Step 2   Insert the CD One CD into the CD-ROM drive.

  • If autorun is enabled in your system, the Installer window opens.

  • If autorun is not enabled in your system:

Select Start > Run...
The Run dialog box appears.
Enter e:\autorun.exe
where e is your CD-ROM drive.
The Installer window opens.

Step 3   Click Install to continue.

The Welcome screen appears.

Step 4   Click Next to continue.

The Setup Type dialog box appears.

Step 5   Select Typical to install all CD One components in the default location, then click Next.

The Start Copying File dialog box appears, verifying current settings.

Step 6   Click Next to continue.

The Requirements Verification dialog box appears.

Step 7   Click OK.

The installation script checks dependencies.
The User casuser creation dialog box appears.

Step 8   Click Yes.

The Integration Utility dialog box appears.

Step 9   Select Later to integrate with a third-party NMS after installation.

Later is the recommended choice to complete the installation quickly and to avoid third-party installation errors.
Note   For information about the Integration Utility, see Using CiscoView.

Step 10   Click Next to continue.

A dialog box might display services that are running. To stop the services and continue with the installation, click Yes.
When the installation is complete, the Restart Windows dialog box appears, asking if you want to restart your system. You must restart your system when installation is complete to restart the processes.
Note   If you are installing CD One on Windows 2000, the Restart Windows dialog box might not appear. To complete the installation, you must restart your system manually.

Step 11   Select Yes, then click Finish.

CD One is installed in the default directory, c:\Program Files\CSCOpx.

Step 12   Configure the web browser on the client system for use with CiscoWorks2000.

For information about configuring the web browser on the client system, see the "Preparing to Use CD One" chapter in Installing and Setting Up CD One on Windows 2000 and Windows NT.

Step 13   Install CD Two.

For information about installing CD Two, see the "Install CD Two on Windows 2000 and Windows NT" section.

Tip If errors occurred during installation, view the installation log located in the root directory on the drive where the operating system is installed. The default is c:\cw2000_inXXX.log, where XXX is a three-digit number. Each installation creates a new log that is saved as a different file, for example, c:\cw2000_in001.log. View the most recent log file for error messages.
Tip For troubleshooting information or to verify the directories installed on your system, see the "Troubleshooting the Installation" appendix in Installing and Setting Up CD One on Windows 2000 and Windows NT.

Install CD One on Solaris

Installation takes approximately 30 minutes.

Step 1   As root, mount the CD-ROM using either of the following:

  • Mount the CD-ROM on the local CiscoWorks2000 Server system.

  • Mount the CD-ROM on a remote Solaris system, then access the CD-ROM from the CiscoWorks2000 Server system.

For mounting instructions, see the "Mounting and Unmounting on Solaris" appendix in Installing and Setting Up CiscoWorks2000 CD One on Solaris.

Step 2   Start the installation program.

  • For a local installation, enter:

    # cd /cdrom/cdrom0/

# ./setup.sh
  • For a remote installation, enter:

    # cdremotedir

# ./setup.sh
where remotedir is the remote location where the CD-ROM is mounted.
Press Enter if you receive the casuser message. The installation program adds the new user casuser and the new group casusers to the system.
Note   If CD One has previously been installed on the machine, the product will automatically be installed on the same location where CD One was previously installed.
A message displays:
    Enter the location where the product will be installed or q to quit. Default 
location (PKGROOT)? [/opt/CSCOpx]
    Note   CD One requires a directory named /opt/CSCOpx. If you select a different installation directory, the /opt/CSCOpx directory will be created and will be a link to the directory you selected.

Step 3   Press Enter to accept the default directory for product installation, or enter a different directory.

The following options are displayed:
    1) NMS Integration Utility to install only the Integration Utility
(For information about the Integration Utility and third-party NMS integration, 
refer to Using CiscoView.)
2) Common Management Foundation (CMF) Base Desktop to install a subset of CMF
(Select this option only if the application you'll be installing next requires the 
CMF Base Desktop and you do not want CiscoView or NMS Integration Utility 
installed.)
3) CiscoView
4) CiscoView, NMS Integration Utility and CMF to install all CD One components 
(Recommended for most systems)
    Note   If CD One has previously been installed on this machine, the list of components will be different.

Step 4   Enter the number corresponding to the CiscoView, NMS Integration Utility and CMF option in the field provided, or enter q to quit.

Note   You must select the CiscoView, NMS Integration Utility and CMF option to support this bundle.
The installation program performs several preinstallation and dependency checks on your machine, such as TCP/IP address resolution, TCP/IP port use, disk space, and RAM. These checks cause some text to appear on the screen.
After the checks are complete, a message displays:
    The Integration Utility will be installed now. The Integration Utility 
integrates Cisco device packages and Cisco applications into third-party SNMP 
management platforms. You can choose to integrate with a third-party SNMP 
management platform during this install or later.

 
Do you want to integrate with the third-party product now (y/n)? [n]

Step 5   Enter n to integrate with a third-party NMS after installation.

Note   For information about the Integration Utility, see Using CiscoView.

Step 6   After installation is complete, unmount the CD-ROM.

For unmounting instructions, see the "Mounting and Unmounting on Solaris" appendix in Installing and Setting Up CiscoWorks2000 CD One on Solaris.
Note   A warning message is displayed if obsolete Solaris patches are present on your system. Before running CD One, 4th Edition, download and install the latest recommended patches from www.sunsolve.sun.com.

Step 7   Configure the web browser on the client system for use with CiscoWorks2000.

For information about configuring the web browser on the client system, see the "Preparing to Use CD One" chapter in Installing and Setting Up CD One on Solaris.

Step 8   Install CD Two.

For information about installing CD Two, see the "Install CD Two on Solaris" section.

Tip If errors occurred during installation, view the installation log file /var/tmp/ciscoinstall.log. Each installation appends to this file.
Tip For troubleshooting information, see Installing and Setting Up CiscoWorks2000 CD One for Solaris.

Install CD Two

This procedure assumes that you have already installed CD One.

Install CD Two on Windows 2000 and Windows NT

Installation takes approximately 10 minutes.

You can cancel the installation at any time by clicking Cancel at the bottom of any installation screen.

The installation program installs CD Two in the same location as CD One (c:\Program Files\ CSCOpx) by default and starts CiscoWorks2000.

Step 1   Log in as the local administrator on the system on which you installed CD One.

Step 2   Insert the CD Two CD into the CD-ROM drive.

  • If autorun is enabled in your system, the Installer window opens.

  • If autorun is not enabled in your system:

Select Start > Run...
The Run dialog box appears.
Enter e:\autorun.exe
where e is your CD-ROM drive.
The Installer window opens, displaying:
    Do you want to Install CiscoWorks2000 CD Two?
Click Yes to begin installing.
The Unpacking CiscoWorks2000 CD Two screen appears, and the InstallShield Wizard is prepared.
The Welcome screen appears.

Step 3   Click Next to continue.

The Start Copying Files dialog box appears.

Step 4   Click Next.

The installation program checks dependencies and system requirements.

Step 5   Do one of the following:

  • If the minimum recommended requirements are met, click OK.

The Setup screen appears, displaying installation progress while files are copied and applications are configured. Then the Setup Complete dialog box appears. Go to Step 7.
  • If the minimum recommended requirements are not met, an error message appears. To cancel the installation, click OK. Ensure that the minimum requirements are met, then restart the installation.

Step 6   Click Finish.

Step 7   If you did not restart the computer after installing CD One, restart it now.

Step 8   Install VPN Monitor.

For information about installing VPN Monitor, see the "Install VPN Monitor on Windows 2000 and Windows NT" section.

Tip If errors occurred during installation, view the installation log located in the root directory on the drive where the operating system is installed.The default is c:\cw2000_inXXX.log, where XXX is a three-digit number. Each installation creates a new installation log that is saved as a different file, for example, c:\cw2000_in002.log. View the most recent log file for error messages.
Tip For troubleshooting information, see Installing and Setting Up CD Two, 3rd Edition on Windows 2000 and Windows NT.

Install CD Two on Solaris

Installation takes approximately 20 minutes.

You can press Ctrl-C at any time to end the installation. However, any changes to your system (for example, installation of new files or changes to system files) will not be undone.

The installation program installs CD Two in the same location as CD One (/opt/CSCOpx) by default and starts CiscoWorks2000.

Step 1   As root, mount the CD-ROM using either of the following:

  • Mount the CD-ROM on the local CiscoWorks2000 Server system.

  • Mount the CD-ROM on a remote Solaris system, then access the CD-ROM from the CiscoWorks2000 Server system.

For mounting instructions, see the "Mounting and Unmounting the CD-ROM" appendix in Installing and Setting Up CD Two, 3rd Edition on Solaris.

Step 2   Start the installation program.

  • For a local installation, enter:

    # cd /cdrom/cdrom0/
# ./setup.sh
  • For a remote installation, enter:

    # cd remotedir

# ./setup.sh
where remotedir is the remote location where the CD-ROM is mounted.
The installation program checks for required patches and other dependencies and displays:
    1) CD Two
2) Inventory Incremental Device Support
3) All of the above

Step 3   Enter the number corresponding to the All of the above option in the field provided, then press Return.

The installation program checks dependencies and system requirements and one of the following occurs:
  • If the minimum recommended requirements are not met, the installation program displays an error message.

  • If the minimum requirements are met, the installation is completed without displaying more questions, and the system prompt appears.

Step 4   Unmount the CD-ROM.

For unmounting instructions, see the "Mounting and Unmounting the CD-ROM" appendix in Installing and Setting Up CD Two, 3rd Edition on Solaris.

Step 5   Install VPN Monitor.

For information about installing VPN Monitor, see the "Install VPN Monitor on Solaris" section.

Tip If errors occurred during installation, view the installation log file /var/tmp/ciscoinstall.log.
Tip For troubleshooting information, see the "Troubleshooting the Installation" appendix in Installing and Setting Up CD Two, 3rd Edition on Solaris.

Install VPN Monitor

This procedure assumes that you have already installed CD One and CD Two or Essentials.

Install VPN Monitor on Windows 2000 and Windows NT

Installation takes approximately 10 minutes.

Step 1   Log in as the local administrator on the system on which you installed CD One and CD Two.

Step 2   Insert the VPN Monitor CD into the CD-ROM drive.

  • If autorun is enabled in your system, the Installer window opens.

  • If autorun is not enabled in your system:

Select Start > Run...
The Run dialog box appears.
Enter e:\autorun.exe
where e is your CD-ROM drive.
The Installer window opens.

Step 3   Click Install.

The InstallShield Wizard is prepared. The Welcome screen appears.

Step 4   Click Next.

The Start Copying Files dialog box appears.

Step 5   Click Next.

The installation program checks dependencies and system requirements. Installation progress is displayed while files are copied and applications are configured.
The Setup Complete dialog box appears.
Note   If minimum requirements are not met, an error message appears. To cancel the installation, click OK. Ensure that the minimum requirements are met, then restart the installation.

Step 6   Click Finish.

Step 7   Remove the CD-ROM from the drive.

Tip If errors occurred during installation, view the installation log located in the root directory on the drive where the operating system is installed. The default is c:\cw2000_inXXX.log, where XXX is a three-digit number. Each installation creates a new log that is saved as a different file, for example, c:\cw2000_in003.log. View the most recent log file for error messages.
Tip For troubleshooting information, see the Troubleshooting appendix in Installing VPN Monitor on Windows 2000, Windows NT, and Solaris.

Install VPN Monitor on Solaris

Installation takes approximately 10 minutes.

Step 1   Log in as root on the system on which you installed CD One and CD Two.

Step 2   Mount the VPN Monitor CD-ROM using either of the following methods:

  • Mount the CD-ROM on the CiscoWorks2000 Server system.

  • Mount the CD-ROM on a remote Solaris system, then access it from the CiscoWorks2000 Server system.

For mounting instructions, see the "Mounting and Unmounting on Solaris" appendix in Installing VPN Monitor on Windows 2000, Windows NT, and Solaris.

Step 3   Start the installation.

  • For a local installation, enter:

    # cd /cdrom/cdrom0/
# sh ./setup.sh
  • For a remote installation, enter:

    # cdremotedir
# sh ./setup.sh
where remotedir is the remote location where the CD-ROM is mounted.
The following message appears:
    Software Install Tool Started
The installation program checks dependencies and system requirements and one of the following occurs:
  • If the minimum recommended requirements are not met, the installation program displays an error message.

  • If the minimum recommended requirements are met, you are notified that the installation was successful.

Even though the installation is successful, the following warning message is displayed:
    Possible Errors Encountered
 
WARNING: a datasource with the name cmf was already present. It will be replaced.
Disregard this message.

Step 4   Unmount the CD-ROM.

For unmounting instructions, see the "Mounting and Unmounting on Solaris" appendix in Installing VPN Monitor on Windows 2000, Windows NT, and Solaris.

Tip If errors occurred during installation, view the installation log file /var/tmp/ciscoinstall.log. It is recommended that you save a copy of this log file for future reference.
Tip For troubleshooting information, see the troubleshooting appendix in Installing VPN Monitor on Windows 2000, Windows NT, and Solaris.
Log In

The CiscoWorks2000 Server desktop is the interface for CiscoWorks2000 network management applications, including VPN Monitor.

Before logging in do the following:

  • Make sure that your browser is configured correctly for CiscoWorks2000. See Installing and Setting Up CD One on Windows 2000 and Windows NT or Installing and Setting Up CD One on Solaris for details.

  • Make sure all daemon processes have started by entering the following commands:

    • For Solaris, enter:

      /opt/CSCOpx/bin/pdshow
    • For Windows, enter:

      <cw2kroot>\bin\pdshow
    where cw2kroot is the directory where CiscoWorks2000 is installed.

If you have installed the CiscoWorks2000 package and are logging in for the first time, you can use the reserved "admin" user name and password. To log in:

Step 1   Do one of the following:

  • Access the CiscoWorks2000 Server from your web browser by entering:

    http://  <qualified domain name of the server>:1741
  • Access the CiscoWorks2000 Server from your web browser by entering:

    http://  <IP address of the server>:1741
The CiscoWorks2000 Login screen opens.

Step 2   Enter admin in both the User Name and Password fields of the Login Manager.

Step 3   Click Connect or press Enter. You are now logged in.

Caution   When the system is installed initially, admin is the default password. To prevent all users from accessing privileged applications, change the password for admin immediately after installation. To change the password, select Server Configuration > Setup > Security > Modify My Profile.
Note   Login sessions time out after two hours of inactivity. If the session is not used for two hours, you will be prompted to log in again.
Verify Installation

To verify that the VPN monitoring CDs have been installed, make sure that the following drawers appear on the CiscoWorks2000 Server desktop:

  • Server Configuration

  • Management Connection

  • Device Manager

  • Resource Manager Essentials (appears with CD Two installation)

  • VPN Management Solution

Add Devices

After you have installed the required CDs and verified the installation, see:

Add or Update Devices in Inventory

Step 1   Verify that the devices you want to monitor have the correct Cisco IOS version. See the "Overview" section.

Step 2   Log into your CiscoWorks2000 Server. See the "Log In" section.

The CiscoWorks2000 Server desktop appears.

Step 3   To add or update a device, select one of the following:

Resource Manager Essentials > Administration > Inventory > Add Devices
or
Resource Manager Essentials > Administration > Inventory > Update Inventory
The Add a Single Device or the Update Device dialog box appears.

Step 4   Enter the access information and annotations for one device.

In the Device Name field, enter either the device name or the IP address. If you choose to enter the device name, you must also enter the domain name in the Domain Name field. All other fields are optional. For more information, see the Inventory online help.

Step 5   Click Next.

The Enter Login Authentication Information dialog box appears.
You must fill in the Read Community String field. All other fields are optional.
Note   If you have Essentials, it is recommended that you also fill in the Password field.
For more information, see the Inventory online help.

Step 6   Click Next.

Step 7   Click Finish.

The Single Device Add dialog box shows that the device has been added to the Pending list. After adding a device, you can click Add Another to add another device.

Add Devices to the Dashboard

Before you can use VPN Monitor, you must select the devices to monitor and add them to the device dashboard.

Note   You can monitor a maximum of 10 devices at once.

Step 1   Select VPN Management Solution > Administration > Monitor > Dashboard > Device List.

The Device List window opens.

Step 2   Select a device from Available Devices, then click Add.

The device is added to Dashboard Devices. Monitoring of the device starts immediately.

Step 3   To remove a device from the dashboard, select the device from Dashboard Devices, then click Remove.

The device is removed from Dashboard Devices and returned to Available Devices.

Tip If you have difficulty adding or importing devices, try the following:
  • Verify that the device is available in the VPN Devices dynamic view or the VPN Monitor static view.

  • Ping the device using the same name entered in the Inventory to identify the device.

If you used the IP address to identify the device, ping the device using the IP address. Otherwise, ping the device using <hostname>.<domain name>
where hostname is the name of the device entered in inventory and domain name is the name of the domain.
Use the default settings for packet size, packet count, and timeout interval.
  • Verify that you have entered the correct read community string. Open a Telnet session to the device to check its SNMP configuration.

  • If the device does not respond to the SNMP Get request packets from your server, make sure it has an SNMP Agent that is enabled and accessible using the community string you specified.

  • Increase the SNMP timeout setting to 60 seconds. See the inventory online help.

    • Note   For VPN Monitor to work correctly, you must increase the SNMP timeout setting to a maximum of 60 seconds.This applies only to devices running Cisco IOS release 12.1(7)E.
Tip For additional troubleshooting information, see the troubleshooting appendix in Installing VPN Monitor on Windows 2000, Windows NT, and Solaris.

4   Where to Go Next

This section contains the following:

Related Documentation

Note   Although every effort has been made to validate the accuracy of the information in the printed and electronic documentation, you should also review the VPN Monitor documentation on Cisco.com for any updates.
Note   The CSPM product has several other documents in addition to the ones listed in this section. You can access the most current CSPM documentation on the World Wide Web at the following URL: http://www.cisco.com.

For information about using, installing, and troubleshooting the products within the VMS bundle, see these sources of information.

To learn
more about... 		See this document Product Package (Printed Copy) Product CD1 (PDF2) Cisco.com
(PDF2 and HTML) 		Online
Help
(PDF2)

Features, tasks, and troubleshooting

 User Guides:
  • Using CiscoView 5.3 (Doc-787117=)3

  • Getting Started with the CiscoWorks2000 Server (Doc-787167=)3

  • Using VPN Monitor (Doc-7811619=)3

  • Using Resource Manager Essentials (Doc-781154=)3

  • Cisco Intrusion Detection System Host Sensor User Guide4

  • Cisco Secure Policy Manager Getting Started Guide4

No

Yes

Yes

Yes

Typical installation for the VMS bundle

 Quick Start Guide: (this document)
  • CiscoWorks2000 VPN/Security Management Solution Quick Start Guide4

Yes

No

Yes

No

Installation instructions (typical and custom)

 Installation Guides:
  • Installing and Setting Up CD One on Windows 2000 and Windows NT

  • Installing and Setting Up CD One on Solaris

  • Installing and Setting Up CD Two, 3rd Edition on Windows 2000 and Windows NT

  • Installing and Setting Up CD Two, 3rd Edition on Solaris

  • Installing VPN Monitor on Windows 2000, Windows NT, and Solaris

  • Installing and Setting Up Resource Manager Essentials on Windows NT and Windows 2000

  • Installing and Setting Up Resource Manager Essentials on Solaris

  • Cisco Intrusion Detection System Host Sensor Quick Start

  • Cisco Secure VPN Client Quick Start Guide5

  • Cisco Secure Policy Manager Installation Guide (version 3.0f)

Yes

Yes

Yes

No

  • Cisco Secure Policy Manager Installation Guide4 (version 2.3.1i)

No

Yes

Yes

No

Product's known severity 1, 2, and 3 bugs

 Release Notes:
  • Release Notes for CD One 4th Edition on Windows 2000, Windows NT

  • Release Notes for CD One 4th Edition on Solaris

  • Release Notes for CD Two, 3rd Edition on Windows 2000 Server and Windows NT

  • Release Notes for CD Two, 3rd Edition on Solaris

  • Release Notes for VPN Monitor 1.1 on Windows 2000, Windows NT, and Solaris

  • Release Notes for Resource Manager Essentials 3.3 on Windows NT and Windows 2000 Server

  • Release Notes for Resource Manager Essentials 3.3 on Solaris

  • Release Notes for Cisco Intrusion Detection System Host Sensor

  • Release Notes for Cisco Secure Policy Manager (version 3.0f)

  • Release Notes for Cisco Secure Policy Manager (version 2.3.3i)

Yes

No

PDF

No
1PDFs available in the Documentation directory of the product CD.
2Requires Adobe Acrobat Reader 4.0.
3To order printed copies of documents not shipped with the product, use the document numbers.
4Not orderable.
5CD booklet.


Obtaining Documentation

The following sections explain how to obtain documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at the following URL:

http://www.cisco.com

Translated documentation is available at the following URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

Cisco documentation is available in the following ways:

  • Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace:

http://www.cisco.com/public/ordsum.html

  • Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

  • Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, in North America, by calling 800 553-NETS(6387).

Documentation Feedback

If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Feedback at the top of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:

Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to

  • Streamline business processes and improve productivity

  • Resolve technical issues with online support

  • Download and test software packages

  • Order Cisco learning materials and merchandise

  • Register for online skill assessment, training, and certification programs

You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL: http://www.cisco.com

Technical Assistance Center

The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.

Inquiries to Cisco TAC are categorized according to the urgency of the issue:

  • Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.

  • Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

  • Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.

  • Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web Site

The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:

http://www.cisco.com/register/

If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:

http://www.cisco.com/tac/caseopen

If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.