cc/td/doc/product/vpn/vpn3000/vpn3kco/vcoug
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Client update

Client update

Updating VPN3002 Hardware Client software in an environment with a large number of devices in different locations can be a formidable task. For this reason, the VPN 3000 Series Concentrator lets administrators at a central location automatically update software/firmware for VPN 3002 Hardware Clients deployed in diverse locations.

When you enable Client Update, upon connection the Concentrator sends an IKE packet that contains an encrypted, user-defined message that notifies VPN 3002 hardware clients about acceptable versions of executable system software and their locations. If the VPN 3002 is not running an acceptable version, its software is automatically updated via TFTP.

To use client update, you need to have an TFTP server that can handle the volume and frequency of updates that your network requires. We recommend that you locate this server inside your network. The client update facility sends notify messages in batches of 10 at 5-minutes intervals.

You configure parameters that specify the acceptable versions of software and their locations. Updates are supported per group. This means that all members of a group can obtain the same updates from the same server at approximately the same time.

The Concentrator logs event messages at the start of the update. When the update completes, the client reboots automatically.

Note   The VPN client stores image files in two locations: the active location, which stores the image currently running on the system; and the backup location. Updating the image overwrites the stored image file in the backup location and makes it the active location for the next reboot. The client update process includes a test to validate the updated image. In the unlikely event that a client update is unsuccessful, the client does not reboot, and the invalid image does not become active. The update facility retries up to twenty times at 3-minute intervals. If an update is unsuccessful, the log files contain information indicating TFTP failures.

Configuration | System | Client Update

This section of the VPN 3000 Concentrator Series Manager lets you configure the client update feature (for the VPN 3002 Hardware Client only).


Figure 1: Configuration | System | Client Update screen

Configuration | System | Client Update | Enable

This screen let you disable or enable client update.


Figure 2: Configuration | System | Client Update | Enable screen

Enable

Uncheck or check the box to disable or enable client update (by default, client update is enabled).

Apply or Cancel

To apply your change to client update, click Apply. This action includes your entry in the active configuration. The Manager returns to the Configuration | System | Client Update screen.

Reminder:

To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.

To discard your entries, click Cancel. The Manager returns to the Configuration | System |Client Update screen, and the settings are unchanged.

Configuration | System | Client Update | Entries

This screen lets you add, modify, or delete client update entries.


Figure 3: Configuration | System | Client Update | Entries screen

Update Entry

The update entry list shows the configured client update entries. Each entry shows the platform and acceptable software/firmware versions. If no updates have been configured, the list shows --Empty--.

Actions

To configure and add a new client update entry, click Add. The Manager opens the Configuration | System | Client Update | Entries | Add screen.

To modify parameters for a client update entry that has been configured, select the entry from the list and click Modify. The Manager opens the Configuration | System | Client Update | Modify screen.

To remove a client update entry that has been configured, select the entry from the list and click Delete. There is no confirmation or undo. The Manager refreshes the screen and shows the remaining entries in the list.

Reminder:

To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.

Configuration | System | Client Update | Entries | Add or Modify

These screens let you configure and change client update parameters.


Figure 4: Configuration | System | Client Update | Entries | Add or Modify screens

Client Type

Enter the client type you want to update. Your entry must be vpn3002, including case and spacing.

URL

Enter the URL for the software/firmware image. This URL must point to a file appropriate for this client.The format of the URL is: TFTP://server_address:port/directory/filename. All parts of the URL are optional except the protocol (TFTP), and the server address.

Revisions

Enter a comma separated list of software or firmware images appropriate for this client. These caveats apply:

Add or Apply / Cancel

To add this client update entry to the list of configured update entries, click Add. Or, to apply your changes, click Apply. Both actions include your entry in the active configuration. The Manager returns to the Configuration | System | Client Update screen. Any new entry appears at the bottom of the Update Entries list.

Reminder:

To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.

To discard your entries, click Cancel. The Manager returns to the Configuration | System | Client Update screen, and the Update Entries list is unchanged.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Wed May 2 09:38:37 PDT 2001
All contents are Copyright © 1992--2001 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.