Table of Contents
CiscoWorks2000VPN/Security Management Solution
Quick Start Guide
Install CD One
Install CD Two
Install VPN Monitor
Tips
Installing VPN Monitor on Solaris
Tips
Logging In for the First Time
Verifying Installation
Install CSPM Lite (Optional)
CiscoWorks2000
VPN/Security Management Solution
Quick Start Guide
VPN/Security Management Solution Overview
The CiscoWorks2000 VPN/Security Management Solution (VMS) provides a web-based interface for monitoring and troubleshooting enterprise Virtual Private Networks (VPNs) and an application for configuring and monitoring firewall security.
The VMS supports monitoring of VPNs on the following:
- Cisco VPN 3000 Concentrator running the 2.5.2f image or later
- Cisco 7100 and 7200 series routers running Cisco IOS version 12.1(5a)E or later
The VMS also supports security management on the following:
- Cisco PIX Firewall
- Cisco Intrusion Detection Sensor (IDS) devices
The VMS supports monitoring of the following protocols:
- IPSec
- IKE
- L2TP
- PPTP
VMS Bundle CDs
The VMS bundle consists of:
- CD One, 3rd Edition—Provides the CiscoWorks2000 desktop environment and login access.
- CD Two, 2nd Edition—Provides the inventory and device management functions required by VPN Monitor.
- Resource Manager Essentials (Essentials) 3.2—Provides basic syslog and config reporting and software and inventory management for VPN devices.
- VPN Monitor 1.0—Provides head-end monitoring of IPSec, IKE, L2TP, and PPTP protocols.
- Cisco Secure Policy Manager (CSPM) Lite 2.2—Provides configuration and monitoring of firewall security.
There are two options for installing the VMS bundle CDs as described in the "Installation Options" section. This guide contains quick start typical installation instructions. For custom installation instructions, see the installation guides shipped with each CD.
Note The installation guides are also available in PDF format in the Documentation directory on the product CDs. To read the PDF files, Adobe Acrobat 4.0 must be installed.
Installation Options
After you install CD One, you must install either CD Two or Resource Manager Essentials. Then install VPN Monitor and, optionally, CSPM Lite for firewall security management.
Note VPN Monitor requires the specified versions of CD One, 3rd Edition and CD Two, 2nd Edition or Resource Manager Essentials 3.2. If you try to install VPN Monitor on previous or later versions of these products, you will get an error message prompting you to upgrade. You must upgrade to the required software version and restart the installation.
The following table provides the installation options and sequence and the features available with each option.
| Installation Options | Features/Comments |
|---|---|
| Option One |
Provides the CiscoWorks2000 desktop, login access, inventory, and monitoring features. Quick start typical installation instructions provided in this guide. |
| Option Two
1. CD One, 3rd Edition 2. Resource Manager Essentials 3.2 3. VPN Monitor 1.0 4. CSPM Lite (Optional)1 |
Provides same features as Option One, but with additional components such as basic syslog reporting, config reporting, and software management. |
| 1If installed, provides the firewall security configuration and monitoring feature. CSPM Lite can be installed only on Windows NT. |
Server Requirements
You can install the VMS bundle CDs on:
- Windows 2000 and Windows NT
- Solaris
Server Requirements for Windows 2000 and Windows NT
|
Hardware |
|
|---|---|
|
Available memory (RAM) |
|
|
Available disk drive space |
|
|
Software for Windows 2000 |
|
|
Software for Windows NT |
|
Server Requirements for Solaris
|
Hardware |
|
|---|---|
|
Available memory (RAM) |
|
|
Available disk drive space |
|
|
Software |
|
Client Requirements
Hardware and Software
|
Hardware/Software |
One of the following:
|
|---|---|
|
Available disk drive space |
|
|
Available memory (RAM) |
|
Browser
One of the following:
| Browser | JVM1 | Version | Platform |
|---|---|---|---|
|
Internet Explorer (recommended) |
5.0.3186 or later |
5.1 |
Windows 2000, Windows NT 4.0, Windows 95/98, Solaris 2.7 |
|
Navigator |
4.7 |
Windows 2000, Windows NT 4.0, Windows 95/98, Solaris 2.7 |
| 1JVM = Java Virtual Machine |
Install CD One
Installing CD One on Windows 2000 and Windows NT
Installation takes approximately 30 minutes.
Note This procedure assumes you are doing a typical installation and are not integrating with a third-party network management system (NMS) during installation. For custom installation and third-party NMS integration instructions, see Installing and Setting Up CD One on Windows 2000 and Windows NT.
Step 1 Log in as the local administrator on the system on which you want to install CD One.
Step 2 Insert the CD-ROM into the CD-ROM drive.
- If autorun is enabled in your system, the Installer window opens.
- If autorun is not enabled in your system:
-
- Select Start > Run...
- Select Start > Run...
- The Run dialog box appears.
-
- Enter: e:\autorun.exe
- Enter: e:\autorun.exe
- where e is your CD-ROM drive.
The Installer window opens.
Step 3 Click Install to continue.
The Welcome screen appears.
Step 4 Click Next.
The Setup Type dialog box appears.
Step 5 Select Typical, then click Next.
Note You must select Typical to support this bundle.
The installation script checks dependencies and verifies your available disk space. Then the Start Copying File dialog box appears.
Step 6 Click Next.
The installation proceeds and the Integration Utility dialog box appears.
Step 7 Select Later.
Note For information about the Integration Utility, see Using CiscoView.
Step 8 Click Next to continue.
The Requirements Verification screen appears.
Step 9 Click OK.
When the installation is complete, the Restart Windows dialog box appears, asking if you want to restart your system.
Note If you are installing CD One on Windows 2000, the Restart Windows dialog box might not appear. To complete the installation, you must restart your system manually.
Step 10 Select Yes, then click OK.
CD One is installed in the default directory, c:\Program Files\CSCOpx.
Step 11 Configure the web browser on the client system for use with CiscoWorks2000.
For information about configuring the web browser on the client system, see Installing and Setting Up CD One on Windows 2000 and Windows NT.
Step 12 Install CD Two.
For information about installing CD Two, see the "Installing CD Two on Windows 2000 and Windows NT" section.
Tips
- If errors occurred during installation, view the installation log located in the root directory on the drive where the operating system is installed. The default is c:\cw2000_inXXX.log, where XXX is a three digit number.
- Each installation creates a new log that is saved as a different file; for example, c:\cw2000_in001.log. View the most recent log file for error messages.
- For troubleshooting information or to verify the directories installed on your system, see Installing and Setting Up CD One on Windows 2000 and Windows NT.
Installing CD One on Solaris
Installation takes approximately 30 minutes.
Note This procedure assumes you are doing a typical installation and are not integrating with a third-party NMS during installation. For custom installation and third-party NMS integration instructions, see Installing and Setting Up CiscoWorks2000 CD One on Solaris.
Step 1 As root, mount the CD-ROM using either of the following:
- Mount it on the local CiscoWorks2000 Server system.
- Mount it on a remote Solaris system, then access it from the CiscoWorks2000 Server system.
For detailed instructions, see the appendix "Mounting and Unmounting on Solaris" in Installing and Setting Up CiscoWorks2000 CD One on Solaris.
Step 2 Start the installation program.
- For a local installation, enter:
#cd /cdrom/cdrom0/#./setup.sh
- For a remote installation, enter:
#cdremotedir#./setup.sh
where remotedir is the remote location where the CD-ROM is mounted.
A message is displayed:
# q#
Step 3 Press Enter to accept the default directory, or enter a different directory.
The program performs several preinstallation checks on your machine, such as TCP/IP address resolution, TCP/IP port use, disk space, and RAM. These checks cause some text to appear on the screen.
After the checks are complete, a message is displayed with several options.
Step 4 Enter 4 in the field provided to select the Typical Installation (all of the above) option, or enter q to quit.
Note You must select option 4 to support this bundle.
The program performs system checks and lists dependencies, then displays a message:
#
#
Step 5 Enter n.
Note For information about the Integration Utility, see Using CiscoView.
Step 6 After installation is complete, unmount the CD-ROM.
For unmounting information, see Installing and Setting Up CiscoWorks2000 CD One on Solaris.
Step 7 Configure the web browser on the client for use with CiscoWorks2000.
For configuration information, see Installing and Setting Up CiscoWorks2000 CD One on Solaris.
Step 8 Install CD Two.
For information about installing CD Two, see the "Installing CD Two on Solaris" section.
Tips
- If errors occurred during installation, view the installation log file /var/tmp/ciscoinstall.log. Each installation appends to this file.
- For troubleshooting information or to verify the directories installed on your system, see Installing and Setting Up CiscoWorks2000 CD One for Solaris.
Install CD Two
Installing CD Two on Windows 2000 and Windows NT
Installation takes approximately 10 minutes.
Note This procedure assumes that you have already installed CD One.
You can cancel the installation at any time by clicking Cancel at the bottom of any installation screen.
The program installs CD Two in the same location as CD One (c:\Program Files\ CSCOpx) by default and starts CiscoWorks2000.
Step 1 Log in as the local administrator on the system on which you installed CD One.
Step 2 Insert the CD-ROM into the CD-ROM drive.
- If autorun is enabled in your system, the Installer window opens.
- If autorun is not enabled in your system:
-
- Select Start > Run...
- Select Start > Run...
- The Run dialog box appears.
-
- Enter: e:\autorun.exe
- Enter: e:\autorun.exe
- where e is your CD-ROM drive.
The Installer window opens.
Step 3 Click Install to continue.
The Welcome screen appears.
Step 4 Click Next to continue.
The Start Copying Files dialog box appears.
Step 5 Click Next.
The installation program checks dependencies and system requirements.
The Requirements Verification dialog box displays the results of the requirements checking and indicates whether the installation can continue.
Step 6 Do one of the following:
- If the minimum recommended requirements are met, click OK.
- The Setup screen appears, displaying installation progress while files are copied and applications are configured. Then the Setup Complete dialog box appears. Go to Step 7.
- If the minimum recommended requirements are not met, an error message appears. To cancel the installation, click OK. Ensure that the minimum requirements are met, then restart the installation.
Step 7 Click Finish.
Step 8 Remove the CD-ROM from the drive.
Step 9 If you did not restart the computer after installing CD One, restart it now.
Step 10 Install VPN Monitor.
For information about installing VPN Monitor, see the "Installing VPN Monitor on Windows 2000 and Windows NT" section.
Tips
- If errors occurred during installation, view the installation log located in the root directory on the drive where the operating system is installed.The default is c:\cw2000_inXXX.log, where XXX is a three digit number.
- Each installation creates a new installation log that is saved as a different file. For example, c:\cw2000_in002.log. View the most recent log file for error messages.
- For troubleshooting information, see Installing and Setting Up CD Two 2nd Edition on Windows 2000 and Windows NT.
Installing CD Two on Solaris
Installation takes approximately 10 minutes.
Note This procedure assumes that you have already installed CD One.
You can press Ctrl-C at any time to end the installation. However, any changes to your system (for example, installation of new files or changes to system files) will not be undone.
The program installs CD Two in the same location as CD One (/opt/CSCOpx) by default and starts CiscoWorks2000.
Step 1 As root, mount the CD-ROM using either of the following:
- Mount the CD-ROM on the local CiscoWorks2000 Server system.
- Mount the CD-ROM on a remote Solaris system, then access the CD-ROM from the CiscoWorks2000 Server system.
Step 2 Start the installation program.
- For a local installation, enter:
# cd /cdrom/cdrom0/ # ./setup.sh
- For a remote installation, enter:
# cd remotedir # ./setup.sh
where remotedir is the remote location where the CD-ROM is mounted.
The program checks for required patches and other dependencies and displays:
Enter the location where the product will be installed or
to quit. Default location (PKGROOT)? [/opt/CSCOpx]
The Integration Utility will be installed now. The Integration Utility integrates Cisco device packages and Cisco applications into third-party SNMP management platforms. You can choose to integrate with a third-party SNMP management platform.
Step 3 Enter 3, then press Return.
The program checks dependencies and system requirements and one of the following occurs:
- If the minimum recommended requirements are not met, the installation program displays an error message.
- If the minimum requirements are met, the installation is completed without displaying more questions, and the system prompt appears.
Step 4 Unmount the CD-ROM.
Step 5 Install VPN Monitor.
For information about installing VPN Monitor, see the "Installing VPN Monitor on Solaris" section.
Tips
- If errors occurred during installation, view the installation log file /var/tmp/ciscoinstall.log.
- For troubleshooting information, see Installing and Setting Up CD Two Second Edition on Solaris.
Install VPN Monitor
Installing VPN Monitor on Windows 2000 and Windows NT
Installation takes approximately 10 minutes.
Note This procedure assumes that you have already installed CD One and CD Two.
Step 1 Log in as the local administrator on the system on which you installed CD One and CD Two.
Step 2 Insert the VPN Monitor CD-ROM into the CD-ROM drive.
- If autorun is enabled in your system, the Installer window opens.
- If autorun is not enabled in your system:
-
- Select Start > Run...
- Select Start > Run...
- The Run dialog box appears.
-
- Enter: e:\autorun.exe
- Enter: e:\autorun.exe
- where e is your CD-ROM drive.
- The Installer window opens.
Step 3 Click Install.
The InstallShield Wizard is prepared. The Welcome screen appears.
Step 4 Click Next.
The Start Copying Files dialog box appears.
Step 5 Click Next.
The installation program checks dependencies and system requirements. The Requirements Verification dialog box displays the results of the requirements checking and shows whether the installation can continue.
Note If minimum requirements are not met, an error message appears. To cancel the installation, click OK. Ensure that the minimum requirements are met, then restart the installation.
Step 6 Click OK.
Installation progress is displayed while files are copied and applications are configured. Then the Setup Complete dialog box appears.
Step 7 Click Finish.
Step 8 Remove the CD-ROM from the drive.
Tips
- If errors occurred during installation, view the installation log located in the root directory on the drive where the operating system is installed. The default is c:\cw2000_inXXX.log, where XXX is a three-digit number.
- Each installation creates a new log that is saved as a different file, for example, c:\cw2000_in003.log. View the most recent log file for error messages.
- For troubleshooting information, see the troubleshooting appendix in Installing VPN Monitor on Windows 2000, Windows NT, and Solaris.
Installing VPN Monitor on Solaris
Installation takes approximately 10 minutes.
Note This procedure assumes that you have already installed CD One and CD Two.
Step 1 Log in as root on the system on which you installed CD One and CD Two.
Step 2 Mount the VPN Monitor CD-ROM using either of the following methods:
- Mount the CD-ROM on the CiscoWorks2000 Server system.
- Mount the CD-ROM on a remote Solaris system, then access it from the CiscoWorks2000 Server system.
Step 3 Start the installation.
- For a local installation, enter:
# cd /cdrom/cdrom0/
# sh ./setup.sh
- For a remote installation, enter:
#cdremotedir#sh ./setup.sh
where remotedir is the remote location where the CD-ROM is mounted.
The following message appears:
Do you want to integrate with the third-party product now (y/n)? [n]
The installation program performs several preinstallation checks such as verifying prerequisite products and disk space availability. These checks can generate two types of results:
- Errors that cause the installation to stop before system changes are made.
- Prompts that you must answer to continue.
Step 4 Respond to the prompts.
If all the requirements are met, you are notified that the installation was successful.
Step 5 Unmount the CD-ROM.
Tips
- If errors occurred during installation, view the installation log file /var/tmp/ciscoinstall.log.
- For troubleshooting information, see the troubleshooting appendix in Installing VPN Monitor on Windows 2000, Windows NT, and Solaris.
Logging In for the First Time
The CiscoWorks2000 Server desktop is the interface for CiscoWorks2000 network management applications, including VPN Monitor.
Before logging in, make sure that your browser is configured correctly for CiscoWorks2000. See Installing and Setting Up CD One on Windows 2000 and Windows NT or Installing and Setting Up CD One on Solaris for details.
If you have installed the CiscoWorks2000 package and are logging in for the first time, you can use the reserved "admin" user name and password. To log in:
Step 1 Connect to the CiscoWorks2000 Server from your web browser.
Step 2 Enter admin in both the User Name and Password fields of the Login Manager.
Step 3 Click Connect or press Enter. You are now logged in.
 |
Caution When the system is installed initially, admin is the default password. To prevent all users from accessing privileged applications, change the password for admin immediately after installation. To change the password, select Server Configuration > Setup > Security > Modify My Profile. |
Note Login sessions time out after 2 hours of inactivity. If the session is not used for 2 hours, you will be prompted to log in again.
Verifying Installation
To verify that all the CDs in the bundle have been installed, make sure that the following drawers appear on the CiscoWorks2000 desktop:
- Server Configuration
- Management Connection
- Device Manager
- Resource Manager Essentials (appears with CD Two installation)
- VPN Management Solution
Add Devices
After you have installed the required CDs and verified the installation, see:
Note You can add a maximum of 10 devices at once.
Adding or Updating
Devices in Inventory
Step 1 Verify that the devices you want to monitor have the correct Cisco IOS version. See the "VPN/Security Management Solution Overview" section.
Step 2 Log in to your CiscoWorks2000 server. See the "Logging In for the First Time" section.
The CiscoWorks2000 Server desktop appears.
Step 3 To add or update a device, select Resource Manager Essentials > Administration > Inventory > Add Devices or select Resource Manager Essentials > Administration > Inventory > Update Inventory.
The Add a Single Device or the Update Device dialog box appears.
Step 4 Enter the access information and annotations for one device.
You must fill in the Device Name field with the device name or IP address. All other fields are optional. For more information, see the inventory online help.
Step 5 Click Next.
The Enter Login Authentication Information dialog box appears.
You must fill in the Read Community String field. All other fields are optional.
For more information, see the inventory online help.
Step 6 Click Next.
Step 7 Click Finish.
The Single Device Add dialog box shows that the device has been added to the Pending list. After adding a device, you can click Add Another to add another device.
For information about verifying that device information was added, see Installing and Setting Up CD Two, 2nd Edition on Windows 2000 and Windows NT or Installing and Setting Up CD Two, 2nd Edition on Solaris and the inventory online help.
Adding Devices to the Dashboard
Before you can use VPN Monitor, you must select the devices to monitor and add them to the device dashboard.
Note You can monitor a maximum of 10 devices at once.
Step 1 Select VPN Management Solution > Administration > Monitor > Dashboard > Device List.
The Device List window opens.
Step 2 Select a device from Available Devices, then click Add.
The device is added to Dashboard Devices. Monitoring of the device starts immediately.
Step 3 To remove a device from the dashboard, select the device from Dashboard Devices, then click Remove.
The device is removed from Dashboard Devices and returned to Available Devices.
Tips
- If you have difficulty adding or importing devices, try the following:
-
- Ping the device. If you know the IP address of the nonresponding device, ping that IP address. Otherwise, send the request to the fully qualified hostname. Use the default settings for packet size, packet count, and timeout interval.
- Verify that you have entered the correct read community string. Open a Telnet session to the device to check its SNMP configuration.
- If the device does not respond to the SNMP Get request packets from your server, make sure it has an SNMP agent that is enabled and accessible using the community string you specified.
- Increase the SNMP timeout setting to 60 seconds. See the inventory online help.
- Use etherfind or snoop (for UNIX systems), Network Monitor (for Windows systems), or another packet analyzer on your server to investigate the SNMP packet exchange between your server and the SNMP agent on the device. If the device does not support RFC 1213 (SNMP MIB II) attributes, it cannot be managed by Essentials.
- Ping the device. If you know the IP address of the nonresponding device, ping that IP address. Otherwise, send the request to the fully qualified hostname. Use the default settings for packet size, packet count, and timeout interval.
- After you correct your device specification, network connectivity, or both, retry adding the device.
Where to Go Next
After you have installed the required CDs, added devices to inventory and the device dashboard, you are ready to monitor and troubleshoot your VPN environment.
For information about VPN Monitor, see Using VPN Monitor. You can access this document:
- In PDF format in the Documentation directory on the VPN Monitor product CD.
- From the VPN Monitor online help.
- From the CiscoWorks2000 desktop, click Help. Select VPN Management Solution > VPN Monitor > PDF.
Install CSPM Lite (Optional)
Installing CSPM Lite on Windows NT
For firewall security management, install CSPM Lite. CSPM Lite can be installed only on Windows NT.
For installation instructions, see the CSPM installation guide shipped with the CD. The installation guide is also available in PDF format in the Documentation directory on the product CD. To read the PDF file, Adobe Acrobat 4.0 must be installed.