Cisco VPN 3000 Betriebsanweisung

170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comCisco Systems, Inc.Corporate HeadquartersTel:800 553-NETS (6387)408 526-4000Fax: 40

Contents—9 Management ProtocolsxVPN 3000 Concentrator Series User GuideTunnel Default Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5 Servers5-4VPN 3000 Concentrator Series User GuideFind your selected Server Type below.Server Type = RADIUSConfigure these parameters for a RADIUS (R

Configuration | System | Servers | Authentication | Add or Modify5-5VPN 3000 Concentrator Series User GuideServer SecretEnter the RADIUS server secret

5 Servers5-6VPN 3000 Concentrator Series User GuideServer PortEnter the TCP port number by which you access the server. Enter 0 (the default) to have

Configuration | System | Servers | Authentication | Add or Modify5-7VPN 3000 Concentrator Series User GuideFigure 5-5: Configuration | System | Serve

5 Servers5-8VPN 3000 Concentrator Series User GuideServer Type = Internal ServerThe VPN Concentrator internal authentication server lets you enter a m

Configuration | System | Servers | Authentication | Test5-9VPN 3000 Concentrator Series User GuideYes / NoTo delete the internal authentication server

5 Servers5-10VPN 3000 Concentrator Series User GuideTo cancel the test and discard your entries, click Cancel. The Manager returns to the Configuratio

Configuration | System | Servers | Accounting5-11VPN 3000 Concentrator Series User GuideThe server may be improperly configured or out of service, the

5 Servers5-12VPN 3000 Concentrator Series User GuideThe VPN Concentrator communicates with RADIUS accounting servers per RFC 2139 and currently includ

Configuration | System | Servers | Accounting | Add or Modify5-13VPN 3000 Concentrator Series User GuideTo remove a configured user authentication ser

Contents—10 EventsxiVPN 3000 Concentrator Series User GuidePort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5 Servers5-14VPN 3000 Concentrator Series User GuideRetriesEnter the number of times to retry sending a query to the accounting server after the timeo

Configuration | System | Servers | DNS5-15VPN 3000 Concentrator Series User GuideFigure 5-14: Configuration | System | Servers | DNS screen EnabledTo

5 Servers5-16VPN 3000 Concentrator Series User GuideTimeout PeriodEnter the initial time in seconds to wait for a response to a DNS query before sendi

Configuration | System | Servers | DHCP5-17VPN 3000 Concentrator Series User GuideFigure 5-15: Configuration | System | Servers | DHCP screen DHCP Se

5 Servers5-18VPN 3000 Concentrator Series User GuideConfiguration | System | Servers | DHCP | Add or ModifyThese screens let you:Add: Configure and ad

Configuration | System | Servers | NTP | Parameters5-19VPN 3000 Concentrator Series User GuideTo make the NTP function operational, you must configure

5 Servers5-20VPN 3000 Concentrator Series User GuideConfiguration | System | Servers | NTP | HostsThis section of the Manager lets you add, modify, an

Configuration | System | Servers | NTP | Hosts | Add or Modify5-21VPN 3000 Concentrator Series User GuideConfiguration | System | Servers | NTP | Host

6-1VPN 3000 Concentrator Series User GuideCHAPTER6Address ManagementIP addresses make internetworking connections possible. They are like telephone nu

Contents—10 EventsxiiVPN 3000 Concentrator Series User GuideConfiguration | System | Events | FTP Backup . . . . . . . . . . . . . . . . . . . . . .

6 Address Management6-2VPN 3000 Concentrator Series User GuideConfiguration | System | Address Management | AssignmentThis screen lets you select prio

Configuration | System | Address Management | Pools6-3VPN 3000 Concentrator Series User GuideUse Address PoolsCheck this box to have the VPN Concentra

6 Address Management6-4VPN 3000 Concentrator Series User GuideAdd / Modify / DeleteTo configure a new IP address pool, click Add. The Manager opens th

Configuration | System | Address Management | Pools | Add or Modify6-5VPN 3000 Concentrator Series User GuideAdd or Apply / CancelTo add this IP addre

7-1VPN 3000 Concentrator Series User GuideCHAPTER7Tunneling ProtocolsTunneling protocols are the heart of virtual private networking. The tunnels make

7 Tunneling Protocols7-2VPN 3000 Concentrator Series User GuideConfiguration | System | Tunneling ProtocolsThis section of the Manager lets you config

Configuration | System | Tunneling Protocols | PPTP7-3VPN 3000 Concentrator Series User GuideFigure 7-2: Configuration | System | Tunneling Protocols

7 Tunneling Protocols7-4VPN 3000 Concentrator Series User GuidePacket Window SizeEnter the maximum number of received but unacknowledged PPTP packets

Configuration | System | Tunneling Protocols | L2TP7-5VPN 3000 Concentrator Series User GuideApply / CancelTo apply your PPTP settings and to include

Contents—11 GeneralxiiiVPN 3000 Concentrator Series User Guide11 GeneralConfiguration | System | General . . . . . . . . . . . . . . . . . . . . . .

7 Tunneling Protocols7-6VPN 3000 Concentrator Series User GuideEnabledCheck the box to enable L2TP system-wide functions on the VPN Concentrator, or c

Configuration | System | Tunneling Protocols | IPSec7-7VPN 3000 Concentrator Series User GuideHello IntervalEnter the time in seconds to wait when the

7 Tunneling Protocols7-8VPN 3000 Concentrator Series User Guide• Extended Authentication (XAuth)• Mode Configuration (also known as ISAKMP Configurati

Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN7-9VPN 3000 Concentrator Series User GuideFigure 7-5: Configuration | System | Tunneli

7 Tunneling Protocols7-10VPN 3000 Concentrator Series User GuideConfiguration | System | Tunneling Protocols | IPSec LAN-to-LAN | No Public Interfaces

Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN | Add or Modify7-11VPN 3000 Concentrator Series User GuideFigure 7-7: Configuration |

7 Tunneling Protocols7-12VPN 3000 Concentrator Series User GuideAll of the rules, SAs, filters, and group have default parameters or those specified o

Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN | Add or Modify7-13VPN 3000 Concentrator Series User GuideDigital CertificateThis para

7 Tunneling Protocols7-14VPN 3000 Concentrator Series User GuideIKE ProposalThis parameter specifies the set of attributes for Phase 1 IPSec negotiati

Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN | Add or Modify7-15VPN 3000 Concentrator Series User Guide Note: An IP address is used

Contents—12 User ManagementxivVPN 3000 Concentrator Series User GuideConfiguration | User Management | Groups . . . . . . . . . . . . . . . . . . . .

7 Tunneling Protocols7-16VPN 3000 Concentrator Series User GuideWildcard MaskEnter the wildcard mask for the private remote network. Use dotted decima

Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN | Add | Local or Remote Network List7-17VPN 3000 Concentrator Series User GuideFigure

7 Tunneling Protocols7-18VPN 3000 Concentrator Series User GuideGenerate Local ListOn the Local Network List screen, click this button to have the Man

Configuration | System | Tunneling Protocols | IPSec | IKE Proposals7-19VPN 3000 Concentrator Series User GuideFigure 7-9: Configuration | System | T

7 Tunneling Protocols7-20VPN 3000 Concentrator Series User GuideFigure 7-10: Configuration | System | Tunneling Protocols | IPSec | IKE Proposals scr

Configuration | System | Tunneling Protocols | IPSec | IKE Proposals7-21VPN 3000 Concentrator Series User GuideActive ProposalsThe field shows the nam

7 Tunneling Protocols7-22VPN 3000 Concentrator Series User GuideModifyTo modify a configured IKE proposal, select it from either Active Proposals or I

Configuration | System | Tunneling Protocols | IPSec | IKE Proposals | Add, Modify, or Copy7-23VPN 3000 Concentrator Series User GuideFigure 7-11: Co

7 Tunneling Protocols7-24VPN 3000 Concentrator Series User GuideAuthentication AlgorithmThis parameter specifies the data, or packet, authentication a

Configuration | System | Tunneling Protocols | IPSec | IKE Proposals | Add, Modify, or Copy7-25VPN 3000 Concentrator Series User GuideData LifetimeIf

Contents—13 Policy ManagementxvVPN 3000 Concentrator Series User GuideConfiguration | User Management | Groups | Modify (External) . . . . . . . . .

8-1VPN 3000 Concentrator Series User GuideCHAPTER8IP RoutingIn a typical installation, the VPN Concentrator is connected to the public network through

8 IP Routing8-2VPN 3000 Concentrator Series User GuideConfiguration | System | IP RoutingThis section of the Manager lets you configure system-wide IP

Configuration | System | IP Routing | Static Routes | Add or Modify8-3VPN 3000 Concentrator Series User GuideStatic RoutesThe Static Routes list shows

8 IP Routing8-4VPN 3000 Concentrator Series User GuideNetwork AddressEnter the destination network IP address that this static route applies to. Packe

Configuration | System | IP Routing | Default Gateways8-5VPN 3000 Concentrator Series User GuideReminder: To save the active configuration and make it

8 IP Routing8-6VPN 3000 Concentrator Series User GuideTunnel Default GatewayEnter the IP address of the default gateway for tunneled data. Use dotted

Configuration | System | IP Routing | OSPF8-7VPN 3000 Concentrator Series User GuideFigure 8-5: Configuration | System | IP Routing | OSPF screen Ena

8 IP Routing8-8VPN 3000 Concentrator Series User GuideApply / CancelTo apply your OSPF settings, and to include your settings in the active configurat

Configuration | System | IP Routing | OSPF Areas | Add or Modify8-9VPN 3000 Concentrator Series User GuideReminder: The Manager immediately includes y

Contents—13 Policy ManagementxviVPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic Management | Network Lists | Add, M

8 IP Routing8-10VPN 3000 Concentrator Series User GuideExternal LSA ImportClick the drop-down menu button and select whether to bring in LSAs from nei

Configuration | System | IP Routing | DHCP8-11VPN 3000 Concentrator Series User GuideLease TimeoutEnter the timeout in minutes for addresses that are

8 IP Routing8-12VPN 3000 Concentrator Series User GuideConfiguration | System | IP Routing | RedundancyThis screen lets you configure parameters for V

Configuration | System | IP Routing | Redundancy8-13VPN 3000 Concentrator Series User GuideEnable VRRPCheck this box to enable VRRP functions. The box

8 IP Routing8-14VPN 3000 Concentrator Series User Guide2 (Public)The IP address for the Ethernet 2 (Public) interface shared by the virtual routers in

9-1VPN 3000 Concentrator Series User GuideCHAPTER9Management ProtocolsThe VPN 3000 Concentrator Series includes various built-in servers, using variou

9 Management Protocols9-2VPN 3000 Concentrator Series User GuideConfiguration | System | Management Protocols | FTPThis screen lets you configure and

Configuration | System | Management Protocols | HTTP/HTTPS9-3VPN 3000 Concentrator Series User GuideConfiguration | System | Management Protocols | HT

9 Management Protocols9-4VPN 3000 Concentrator Series User GuideEnable HTTPSCheck the box to enable the HTTPS server. The box is checked by default. H

Configuration | System | Management Protocols | TFTP9-5VPN 3000 Concentrator Series User GuideFigure 9-4: Configuration | System | Management Protoco

Contents—13 Policy ManagementxviiVPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic Management | Filters . . . . . .

9 Management Protocols9-6VPN 3000 Concentrator Series User GuideConfiguration | System | Management Protocols | TelnetThis screen lets you configure a

Configuration | System | Management Protocols | SNMP9-7VPN 3000 Concentrator Series User GuideTelnet/SSL PortEnter the port number that Telnet over SS

9 Management Protocols9-8VPN 3000 Concentrator Series User GuideEnableCheck the box to enable the SNMP server. The box is checked by default. Disablin

Configuration | System | Management Protocols | SNMP Communities9-9VPN 3000 Concentrator Series User GuideFigure 9-7: Configuration | System | Manage

9 Management Protocols9-10VPN 3000 Concentrator Series User GuideConfiguration | System | Management Protocols | SNMP Communities | Add or ModifyThese

Configuration | System | Management Protocols | SSL9-11VPN 3000 Concentrator Series User Guideissued in a PKI context. This certificate must then be i

9 Management Protocols9-12VPN 3000 Concentrator Series User GuideEncryption ProtocolsCheck the boxes for the encryption algorithms that the VPN Concen

Configuration | System | Management Protocols | SSL9-13VPN 3000 Concentrator Series User GuideTLS V1 with SSL V2 Hello = The server insists on TLS Ver

10-1VPN 3000 Concentrator Series User GuideCHAPTER10EventsAn event is any significant occurrence within or affecting the VPN 3000 Concentrator such as

Contents—14 AdministrationxviiiVPN 3000 Concentrator Series User Guide14 AdministrationAdministration . . . . . . . . . . . . . . . . . . . . . . . .

10 Events10-2VPN 3000 Concentrator Series User GuideDNSDBGDNS debugging*DNSDECODEDNS decoding*EVENTEvent subsystem*EVENTDBGEvent subsystem debugging*E

Event class10-3VPN 3000 Concentrator Series User Guide Note: The Cisco-specific event classes provide information that is meaningful only to Cisco eng

10 Events10-4VPN 3000 Concentrator Series User GuideEvent severity levelSeverity level indicates how serious or significant the event is; i.e., how li

Event log10-5VPN 3000 Concentrator Series User GuideEvent logThe VPN Concentrator records events in an event log, which is stored in nonvolatile memor

10 Events10-6VPN 3000 Concentrator Series User GuideConfiguration | System | Events | GeneralThis Manager screen lets you configure the general, or de

Configuration | System | Events | General10-7VPN 3000 Concentrator Series User GuideYou can manage saved log files with options on this screen and on

10 Events10-8VPN 3000 Concentrator Series User GuideSeverity to ConsoleClick the drop-down menu button and select the range of event severity levels t

Configuration | System | Events | FTP Backup10-9VPN 3000 Concentrator Series User GuideApply / CancelTo include your settings for default event handli

10 Events10-10VPN 3000 Concentrator Series User GuideVerifyRe-enter the FTP password to verify it. The field displays only asterisks.Apply / CancelTo

Configuration | System | Events | Classes | Add or Modify10-11VPN 3000 Concentrator Series User Guideorder by class number and name. If no classes hav

Contents—14 AdministrationxixVPN 3000 Concentrator Series User GuideAdministration | Monitoring Refresh . . . . . . . . . . . . . . . . . . . . . . .

10 Events10-12VPN 3000 Concentrator Series User GuideClass NameAdd screen:Click the drop-down menu button and select the event class you want to add a

Configuration | System | Events | Classes | Add or Modify10-13VPN 3000 Concentrator Series User GuideSeverity to EmailClick the drop-down menu button

10 Events10-14VPN 3000 Concentrator Series User GuideConfiguration | System | Events | Trap DestinationsThis section of the Manager lets you configure

Configuration | System | Events | Trap Destinations | Add or Modify10-15VPN 3000 Concentrator Series User GuideReminder: The Manager immediately inclu

10 Events10-16VPN 3000 Concentrator Series User GuidePortEnter the UDP port number by which you access the destination SNMP server. Use a decimal numb

Configuration | System | Events | Syslog Servers | Add or Modify10-17VPN 3000 Concentrator Series User GuideSyslog ServersThe Syslog Servers list show

10 Events10-18VPN 3000 Concentrator Series User GuidePortEnter the UDP port number by which you access the syslog server. Use a decimal number from 0

Configuration | System | Events | SMTP Servers10-19VPN 3000 Concentrator Series User GuideFigure 10-10: Configuration | System | Events | SMTP Server

10 Events10-20VPN 3000 Concentrator Series User GuideConfiguration | System | Events | SMTP Servers | Add or ModifyThese screens let you:Add an SMTP s

Configuration | System | Events | Email Recipients10-21VPN 3000 Concentrator Series User GuideTo configure default event handling, click the highlight

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMM

Contents—14 AdministrationxxVPN 3000 Concentrator Series User GuideAdministration | File Management | TFTP Transfer . . . . . . . . . . . . . . . .

10 Events10-22VPN 3000 Concentrator Series User GuideConfiguration | System | Events | Email Recipients |Add or ModifyThese screens let you:Add and co

Configuration | System | Events | Email Recipients | Add or Modify10-23VPN 3000 Concentrator Series User GuideAdd or Apply / CancelTo add this recipie

11 - 1VPN 3000 Concentrator Series User GuideCHAPTER11GeneralGeneral configuration parameters include VPN 3000 Concentrator environment items: system

11 General11- 2VPN 3000 Concentrator Series User GuideConfiguration | System | General | IdentificationThis screen lets you configure system identif

Configuration | System | General | Time and Date11 - 3VPN 3000 Concentrator Series User GuideConfiguration | System | General | Time and DateThis scre

12-1VPN 3000 Concentrator Series User GuideCHAPTER12User ManagementGroups and users are core concepts in managing the security of VPNs and in configur

12 User Management12-2VPN 3000 Concentrator Series User GuideSome additional points to note:• Base-group parameters are the default, or system-wide, p

Configuration | User Management12-3VPN 3000 Concentrator Series User GuideConfiguration | User ManagementThis section of the Manager lets you configur

Contents—15 MonitoringxxiVPN 3000 Concentrator Series User GuideSubject Alternative Name (Fully Qualified Domain Name) . . . . . . . . . . . . . . .

12 User Management12-4VPN 3000 Concentrator Series User GuideFigure 12-2: Configuration | User Management | Base Group screen, General tab General Pa

Configuration | User Management | Base Group12-5VPN 3000 Concentrator Series User GuideSimultaneous LoginsEnter the number of simultaneous logins perm

12 User Management12-6VPN 3000 Concentrator Series User GuidePrimary DNSEnter the IP address, in dotted decimal notation, of the primary DNS server fo

Configuration | User Management | Base Group12-7VPN 3000 Concentrator Series User Guideclient specifically designed to work with the VPN Concentrator.

12 User Management12-8VPN 3000 Concentrator Series User GuideTo use IPSec with remote-access clients, you must assign an SA. With IPSec LAN-to-LAN con

Configuration | User Management | Base Group12-9VPN 3000 Concentrator Series User GuideAuthenticationClick the drop-down menu button and select the us

12 User Management12-10VPN 3000 Concentrator Series User GuideAllow Password Storage on ClientCheck the box to allow IPSec clients to store their logi

Configuration | User Management | Base Group12-11VPN 3000 Concentrator Series User GuideDefault Domain NameEnter the default domain name that the VPN

12 User Management12-12VPN 3000 Concentrator Series User GuideFigure 12-4: Configuration | User Management | Base Group screen, PPTP/L2TP tab PPTP/L2

Configuration | User Management | Base Group12-13VPN 3000 Concentrator Series User GuideThese choices specify the allowable authentication protocols i

Contents—15 MonitoringxxiiVPN 3000 Concentrator Series User GuideEvent IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

12 User Management12-14VPN 3000 Concentrator Series User GuideL2TP Authentication ProtocolsCheck the boxes for the authentication protocols that L2TP

Configuration | User Management | Base Group12-15VPN 3000 Concentrator Series User Guide40-bit = L2TP clients are allowed to use the RSA RC4 encryptio

12 User Management12-16VPN 3000 Concentrator Series User GuideConfiguration | User Management | GroupsThis section of the Manager lets you configure a

Configuration | User Management | Groups12-17VPN 3000 Concentrator Series User GuideAdd / Modify / DeleteTo configure and add a new group, click Add.

12 User Management12-18VPN 3000 Concentrator Series User GuideConfiguration | User Management | Groups | Add or Modify (Internal)These screens let you

Configuration | User Management | Groups | Add or Modify (Internal)12-19VPN 3000 Concentrator Series User GuideGroup NameEnter a unique name for this

12 User Management12-20VPN 3000 Concentrator Series User GuideFigure 12-7: Configuration | User Management | Groups | Add or Modify (Internal) screen

Configuration | User Management | Groups | Add or Modify (Internal)12-21VPN 3000 Concentrator Series User Guidesetting, clear the check box. If you cl

12 User Management12-22VPN 3000 Concentrator Series User GuideMaximum Connect TimeEnter the group’s maximum user connection time in minutes. At the en

Configuration | User Management | Groups | Add or Modify (Internal)12-23VPN 3000 Concentrator Series User GuidePrimary WINSEnter the IP address, in do

Contents—15 MonitoringxxiiiVPN 3000 Concentrator Series User GuidePackets Received . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

12 User Management12-24VPN 3000 Concentrator Series User GuideFigure 12-8: Configuration | User Management | Groups | Add or Modify (Internal) screen

Configuration | User Management | Groups | Add or Modify (Internal)12-25VPN 3000 Concentrator Series User GuideValue / Inherit?On this tabbed section:

12 User Management12-26VPN 3000 Concentrator Series User GuideTunnel TypeClick the drop-down menu button and select the type of IPSec tunnel that this

Configuration | User Management | Groups | Add or Modify (Internal)12-27VPN 3000 Concentrator Series User Guide Notes: IPSec uses Mode Configuration t

12 User Management12-28VPN 3000 Concentrator Series User GuideIPSec through NATCheck the box to allow the Cisco VPN 3000 Client (IPSec client) to conn

Configuration | User Management | Groups | Add or Modify (Internal)12-29VPN 3000 Concentrator Series User GuideValue / Inherit?On this tabbed section:

12 User Management12-30VPN 3000 Concentrator Series User Guideand compares—only encrypted passwords, rather than cleartext passwords as in CHAP. This

Configuration | User Management | Groups | Add or Modify (Internal)12-31VPN 3000 Concentrator Series User GuideCHAP = Challenge-Handshake Authenticati

12 User Management12-32VPN 3000 Concentrator Series User GuideConfiguration | User Management | Groups | Modify (External)This screen lets you change

Configuration | User Management | Users12-33VPN 3000 Concentrator Series User GuideApply / CancelWhen you finish changing these parameters, click Appl

Contents—15 MonitoringxxivVPN 3000 Concentrator Series User GuideMonitor | Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

12 User Management12-34VPN 3000 Concentrator Series User GuideCurrent UsersThe Current Users list shows configured users in alphabetical order. If no

Configuration | User Management | Users | Add or Modify12-35VPN 3000 Concentrator Series User GuideFigure 12-12: Configuration | User Management | Us

12 User Management12-36VPN 3000 Concentrator Series User GuideIP AddressEnter the IP address, in dotted decimal notation, assigned to this user. Enter

Configuration | User Management | Users | Add or Modify12-37VPN 3000 Concentrator Series User GuideValue / Inherit?On this tabbed section:• The Inheri

12 User Management12-38VPN 3000 Concentrator Series User GuideMaximum Connect TimeEnter this user’s maximum connection time in minutes. At the end of

Configuration | User Management | Users | Add or Modify12-39VPN 3000 Concentrator Series User Guidespecifically designed to work with the VPN Concentr

12 User Management12-40VPN 3000 Concentrator Series User Guide Note: The setting of the Inherit? check box takes priority over an entry in a Value fie

Configuration | User Management | Users | Add or Modify12-41VPN 3000 Concentrator Series User GuideFigure 12-15: Configuration | User Management | Us

12 User Management12-42VPN 3000 Concentrator Series User Guide Note: The setting of the Inherit? check box takes priority over an entry in a Value fie

Configuration | User Management | Users | Add or Modify12-43VPN 3000 Concentrator Series User GuideL2TP Authentication ProtocolsCheck the boxes for th

Contents—15 MonitoringxxvVPN 3000 Concentrator Series User GuideBar Graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13-1VPN 3000 Concentrator Series User GuideCHAPTER13Policy ManagementManaging a VPN, and protecting the integrity and security of network resources, i

13 Policy Management13-2VPN 3000 Concentrator Series User GuideConfiguration | Policy ManagementThis section of the Manager lets you configure policie

Configuration | Policy Management | Access Hours13-3VPN 3000 Concentrator Series User GuideCurrent Access HoursThe Current Access Hours list shows the

13 Policy Management13-4VPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Access Hours |Add or ModifyThese Manager screens le

Configuration | Policy Management | Traffic Management13-5VPN 3000 Concentrator Series User GuideAdd or Apply / CancelTo add this access time to the l

13 Policy Management13-6VPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic Management |Network ListsThis section of th

Configuration | Policy Management | Traffic Management | Network Lists | Add, Modify, or Copy13-7VPN 3000 Concentrator Series User Guideaction to take

13 Policy Management13-8VPN 3000 Concentrator Series User GuideList NameEnter a unique name for this network list. Maximum 48 characters, case-sensiti

Configuration | Policy Management | Traffic Management | Rules13-9VPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic M

Contents—15 MonitoringxxviVPN 3000 Concentrator Series User GuideMonitor | Statistics | L2TP . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13 Policy Management13-10VPN 3000 Concentrator Series User GuideFor all the default rules except VRRP In and Out, these parameters are identical: Acti

Configuration | Policy Management | Traffic Management | Rules13-11VPN 3000 Concentrator Series User Guide*For VRRP In and VRRP Out, the Destination A

13 Policy Management13-12VPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic Management | Rules | Add, Modify, or CopyT

Configuration | Policy Management | Traffic Management | Rules | Add, Modify, or Copy13-13VPN 3000 Concentrator Series User GuideFigure 13-8: Configu

13 Policy Management13-14VPN 3000 Concentrator Series User GuideRule NameEnter a unique name for this rule. Maximum is 48 characters.DirectionClick th

Configuration | Policy Management | Traffic Management | Rules | Add, Modify, or Copy13-15VPN 3000 Concentrator Series User GuideClick the drop-down m

13 Policy Management13-16VPN 3000 Concentrator Series User Guide Note: An IP address is used with a wildcard mask to provide the desired granularity.

Configuration | Policy Management | Traffic Management | Rules | Add, Modify, or Copy13-17VPN 3000 Concentrator Series User GuideAssigned Numbers Auth

13 Policy Management13-18VPN 3000 Concentrator Series User GuideRange = To specify a range of port numbers, or to specify a port not on the Cisco-supp

Configuration | Policy Management | Traffic Management | Rules | Delete13-19VPN 3000 Concentrator Series User GuideConfiguration | Policy Management |

Contents—15 MonitoringxxviiVPN 3000 Concentrator Series User GuideSystem Capability Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13 Policy Management13-20VPN 3000 Concentrator Series User GuideYou apply SAs to filter rules that are configured with an Apply IPSec action, for LAN-

Configuration | Policy Management | Traffic Management | Security Associations13-21VPN 3000 Concentrator Series User GuideIPSec SAsThe IPSec SAs list

13 Policy Management13-22VPN 3000 Concentrator Series User GuideTo delete a configured SA, select the SA from the list and click Delete.• If the SA ha

Configuration | Policy Management | Traffic Management | Security Associations | Add or Modify13-23VPN 3000 Concentrator Series User GuideFigure 13-11

13 Policy Management13-24VPN 3000 Concentrator Series User GuideIPSec ParametersThese parameters apply to IPSec SAs, which are Phase 2 SAs negotiated

Configuration | Policy Management | Traffic Management | Security Associations | Add or Modify13-25VPN 3000 Concentrator Series User GuidePerfect Forw

13 Policy Management13-26VPN 3000 Concentrator Series User GuideIKE ParametersThese parameters govern IKE SAs, which are Phase 1 SAs negotiated under

Configuration | Policy Management | Traffic Management | Security Associations | Add or Modify13-27VPN 3000 Concentrator Series User GuideIKE Proposal

13 Policy Management13-28VPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic Management | Security Associations | Delet

Configuration | Policy Management | Traffic Management | Filters13-29VPN 3000 Concentrator Series User GuideConfiguring a filter involves two steps: 1

Contents—15 MonitoringxxviiiVPN 3000 Concentrator Series User GuideTimeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13 Policy Management13-30VPN 3000 Concentrator Series User GuideFilter ListThe Filter List shows configured filters, listed in the order they are conf

Configuration | Policy Management | Traffic Management | Filters | Add, Modify, or Copy13-31VPN 3000 Concentrator Series User GuideCopy FilterTo creat

13 Policy Management13-32VPN 3000 Concentrator Series User GuideFigure 13-14: Configuration | Policy Management | Traffic Management | Filters | Add,

Configuration | Policy Management | Traffic Management | Filters | Add, Modify, or Copy13-33VPN 3000 Concentrator Series User GuideSource RoutingCheck

13 Policy Management13-34VPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic Management | Assign Rules to FilterThis se

Configuration | Policy Management | Traffic Management | Assign Rules to Filter13-35VPN 3000 Concentrator Series User GuideCurrent Rules in FilterThis

13 Policy Management13-36VPN 3000 Concentrator Series User GuideMove Up / Move DownTo change the order in which a rule is applied within the filter, s

Configuration | Policy Management | Traffic Management | Assign Rules to Filter | Change SA on Rule13-37VPN 3000 Concentrator Series User GuideAdd SA

13 Policy Management13-38VPN 3000 Concentrator Series User GuideFigure 13-17: Configuration | Policy Management | Traffic Management | Assign Rules t

Configuration | Policy Management | Traffic Management | NAT13-39VPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic Ma

Contents—15 MonitoringxxixVPN 3000 Concentrator Series User GuideInvalid Type Received . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13 Policy Management13-40VPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic Management | NAT | EnableThis screen lets

Configuration | Policy Management | Traffic Management | NAT | Rules13-41VPN 3000 Concentrator Series User GuideFigure 13-20: Configuration | Policy

13 Policy Management13-42VPN 3000 Concentrator Series User GuideConfiguration | Policy Management | Traffic Management |NAT | Rules | No Public Interf

Configuration | Policy Management | Traffic Management | NAT | Rules | Add or Modify13-43VPN 3000 Concentrator Series User GuideFigure 13-22: Configu

13 Policy Management13-44VPN 3000 Concentrator Series User GuideActionClick the drop-down menu button and select the translation action for this NAT r

14-1VPN 3000 Concentrator Series User GuideCHAPTER14AdministrationAdministering the VPN 3000 Concentrator Series involves activities that keep the sys

14 Administration14-2VPN 3000 Concentrator Series User GuideFigure 14-1: Administration screen

Administration | Sessions14-3VPN 3000 Concentrator Series User GuideAdministration | SessionsThis screen shows comprehensive statistics for all active

14 Administration14-4VPN 3000 Concentrator Series User GuideLogout All: PPTP | L2TP | IPSec User | L2TP/IPSec | IPSec/NAT | IPSec/LAN-to-LANThese acti

Administration | Sessions14-5VPN 3000 Concentrator Series User GuideTotal Active SessionsThe total number of sessions of all types that are currently

iiiVPN 3000 Concentrator Series User GuideCONTENTSTable of contentsPrefaceAbout this manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Contents—15 MonitoringxxxVPN 3000 Concentrator Series User GuideUDP Datagrams Received . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14 Administration14-6VPN 3000 Concentrator Series User GuideRemote Access Sessions tableThis table shows parameters and statistics for all active remo

Administration | Sessions14-7VPN 3000 Concentrator Series User GuideIP AddressThe IP address of the manager workstation that is accessing the system.

14 Administration14-8VPN 3000 Concentrator Series User GuideAdministration | Sessions | DetailThese Manager screens show detailed parameters and stati

Administration | Sessions | Detail14-9VPN 3000 Concentrator Series User GuideFigure 14-5: Administration | Sessions | Detail screen: IPSec remote acc

14 Administration14-10VPN 3000 Concentrator Series User GuideFigure 14-6: Administration | Sessions | Detail screen: IPSec through NAT Figure 14-7:

Administration | Sessions | Detail14-11VPN 3000 Concentrator Series User GuideFigure 14-8: Administration | Sessions | Detail screen: L2TP over IPSec

14 Administration14-12VPN 3000 Concentrator Series User GuideRefreshTo update the screen and its data, click Refresh. The date and time indicate when

Administration | Sessions | Detail14-13VPN 3000 Concentrator Series User GuideIPSec Sessions:The total number of IPSec (Phase 2) sessions, which are d

14 Administration14-14VPN 3000 Concentrator Series User GuideAdministration | Software UpdateThis screen lets you update the VPN Concentrator executab

Administration | Software Update14-15VPN 3000 Concentrator Series User GuideBrowse...Enter the complete pathname of the new image file, or click Brows

Contents—15 MonitoringxxxiVPN 3000 Concentrator Series User GuideArea Border Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14 Administration14-16VPN 3000 Concentrator Series User GuideIf the upload or verification is not successful, the progress window displays a failure m

Administration | System Reboot14-17VPN 3000 Concentrator Series User GuideAdministration | System RebootThis screen lets you reboot or shutdown (halt)

14 Administration14-18VPN 3000 Concentrator Series User GuideActionClick a radio button to select the desired action. You can select only one action.R

Administration | Ping14-19VPN 3000 Concentrator Series User GuideTo cancel your settings on this screen, click Cancel. The Manager returns to the main

14 Administration14-20VPN 3000 Concentrator Series User GuideError (Ping)If the system is unreachable for any reason—host down, ICMP not running on ho

Administration | Access Rights14-21VPN 3000 Concentrator Series User GuideApply / CancelTo save your settings in the active configuration, click Apply

14 Administration14-22VPN 3000 Concentrator Series User Guide Note: The VPN Concentrator saves Administrator parameter settings from this screen and t

Administration | Access Rights | Administrators | Modify Properties14-23VPN 3000 Concentrator Series User GuideAdministratorTo assign “system administ

14 Administration14-24VPN 3000 Concentrator Series User GuideTable 14-3 shows the matrix of Cisco-supplied default rights for the five administrators.

Administration | Access Rights | Administrators | Modify Properties14-25VPN 3000 Concentrator Series User GuideAuthenticationThis area consists of VPN

Contents—16 Using the Command Line InterfacexxxiiVPN 3000 Concentrator Series User GuideMonitor | Statistics | MIB-II | SNMP . . . . . . . . . . . .

14 Administration14-26VPN 3000 Concentrator Series User GuideAdministration | Access Rights | Access Control ListThis section of the Manager lets you

Administration | Access Rights | Access Control List | Add or Modify14-27VPN 3000 Concentrator Series User GuideReminder: The Manager immediately incl

14 Administration14-28VPN 3000 Concentrator Series User GuideIP MaskEnter the mask for the IP address in dotted decimal notation. This mask lets you r

Administration | File Management14-29VPN 3000 Concentrator Series User GuideThe Manager resets the inactivity timer only when you click an action butt

14 Administration14-30VPN 3000 Concentrator Series User GuideAdministration | File Management | FilesThis screen lets you manage files in VPN Concentr

Administration | File Management | Files14-31VPN 3000 Concentrator Series User GuideActionsFor a selected file, click the desired action link. The act

14 Administration14-32VPN 3000 Concentrator Series User GuideAdministration | File Management | Swap Configuration FilesThis screen lets you swap the

Administration | File Management | TFTP Transfer14-33VPN 3000 Concentrator Series User GuideConcentrator FileEnter the name of the file on the VPN Con

14 Administration14-34VPN 3000 Concentrator Series User GuideSuccess (TFTP)If the TFTP transfer is successful, the Manager displays a Success screen.F

Administration | Certificate Management14-35VPN 3000 Concentrator Series User Guidespecific systems or hosts. There must be at least one identity cert

Contents—A Errors and troubleshootingxxxiiiVPN 3000 Concentrator Series User Guide2.3.2 Administration > System Reboot > Schedule Reboot . . .

14 Administration14-36VPN 3000 Concentrator Series User GuideInstalling digital certificates on the VPN ConcentratorInstalling a digital certificate o

Administration | Certificate Management | Enrollment14-37VPN 3000 Concentrator Series User GuideFigure 14-34: Administration | Certificate Management

14 Administration14-38VPN 3000 Concentrator Series User GuideLocality (L)Enter the city or town where this VPN Concentrator is located; e.g., Franklin

Administration | Certificate Management | Enrollment | Request Generated14-39VPN 3000 Concentrator Series User GuideAdministration | Certificate Manag

14 Administration14-40VPN 3000 Concentrator Series User GuideEnrolling with a Certificate AuthorityTo send the certificate request to a CA, enroll, an

Administration | Certificate Management | Installation14-41VPN 3000 Concentrator Series User GuideFigure 14-37: Administration | Certificate Manageme

14 Administration14-42VPN 3000 Concentrator Series User GuideLocal File / BrowseEnter the complete path and filename of the certificate you are instal

Administration | Certificate Management | Certificates14-43VPN 3000 Concentrator Series User GuideSSL Certificate / [ Generate ]This table shows the S

14 Administration14-44VPN 3000 Concentrator Series User GuideAdministration | Certificate Management | Certificates | ViewThe Manager displays this sc

Administration | Certificate Management | Certificates | View14-45VPN 3000 Concentrator Series User GuideFor the VPN Concentrator self-signed SSL cert

Contents—B Copyrights, licenses, and noticesxxxivVPN 3000 Concentrator Series User GuideLED indicators . . . . . . . . . . . . . . . . . . . . . . .

14 Administration14-46VPN 3000 Concentrator Series User GuideMD5 ThumbprintA 128-bit MD5 hash of the complete certificate contents, shown as a 16-byte

Administration | Certificate Management | Certificates | CRL14-47VPN 3000 Concentrator Series User Guideserial number. Enabling CRL checking means tha

14 Administration14-48VPN 3000 Concentrator Series User GuideServer PortEnter the port number for the CRL server. Enter 0 (the default) to have the sy

Administration | Certificate Management | Certificates | Delete14-49VPN 3000 Concentrator Series User GuideAdministration | Certificate Management | C

15-1VPN 3000 Concentrator Series User GuideCHAPTER15MonitoringThe VPN 3000 Concentrator tracks many statistics and the status of many items essential

15 Monitoring15-2VPN 3000 Concentrator Series User GuideFigure 15-1: Monitor screen Monitor | Routing TableThis screen shows the VPN Concentrator rou

Monitor | Routing Table15-3VPN 3000 Concentrator Series User GuideValid RoutesThe total number of current valid routes that the VPN Concentrator knows

15 Monitoring15-4VPN 3000 Concentrator Series User GuideAgeThe number of seconds since this route was last updated or otherwise validated. The age is

Monitor | Event Log15-5VPN 3000 Concentrator Series User GuideSelect Filter OptionsYou can select any or all of the following five options for display

Contents—IndexxxxvVPN 3000 Concentrator Series User GuideTablesTable 5-1: RADIUS accounting record attributes . . . . . . . . . . . . . . . . . . . .

15 Monitoring15-6VPN 3000 Concentrator Series User GuideFirst Page To display the first page (screen) of the event log, click this button. By default,

Monitor | Event Log15-7VPN 3000 Concentrator Series User GuideClear LogTo clear the current event log from memory, click this button. The Manager then

15 Monitoring15-8VPN 3000 Concentrator Series User GuideEvent class / numberThe class—or source—of the event, and the internal reference number associ

Monitor | System Status15-9VPN 3000 Concentrator Series User GuideMonitor | System StatusThis screen shows the status of several software and hardware

15 Monitoring15-10VPN 3000 Concentrator Series User GuideRefreshTo update the screen and its data, click Refresh. The date and time indicate when the

Monitor | System Status15-11VPN 3000 Concentrator Series User GuideFan 1, Fan 2The VPN Concentrator includes two cooling fans. In the Model 3005, they

15 Monitoring15-12VPN 3000 Concentrator Series User GuideMonitor | System Status | Ethernet InterfaceThis screen displays status and statistics for a

Monitor | System Status | Ethernet Interface15-13VPN 3000 Concentrator Series User GuideTesting = in test mode; no regular data traffic can pass.Dorma

15 Monitoring15-14VPN 3000 Concentrator Series User GuideMonitor | System Status | Dual T1/E1 WAN Slot NThis screen displays status and statistics for

Monitor | System Status | Dual T1/E1 WAN Slot N15-15VPN 3000 Concentrator Series User GuidePortThe interface port on the WAN module (A or B). StatusTh

15 Monitoring15-16VPN 3000 Concentrator Series User GuideSeverely Errored Framing Seconds The number of seconds during which one or more out-of-frame

Monitor | System Status | Dual T1/E1 WAN Slot N15-17VPN 3000 Concentrator Series User GuideSlotThe physical slot in the VPN Concentrator (1 through 4)

15 Monitoring15-18VPN 3000 Concentrator Series User GuideReceived Frame Too LongThe number of received frame too long errors on this interface port. T

Monitor | System Status | Power15-19VPN 3000 Concentrator Series User GuideMonitor | System Status | PowerThis screen displays status and data for VPN

15 Monitoring15-20VPN 3000 Concentrator Series User GuideBoardVoltages and status for the 3.3- and 5-volt sensors on the main circuit board.1.9/2.5V S

Monitor | System Status | SEP15-21VPN 3000 Concentrator Series User GuideFigure 15-8: Monitor | System Status | SEP screen RefreshTo update the scree

15 Monitoring15-22VPN 3000 Concentrator Series User GuideStatusThe functional state of this SEP module:Operational = module is operating correctly.Not

Monitor | System Status | SEP15-23VPN 3000 Concentrator Series User GuideHash Decrypted: PacketsThe number of packets that this SEP processed using bo

15 Monitoring15-24VPN 3000 Concentrator Series User GuideRSA Digital SigningsThe number of times this SEP has generated an RSA (Rivest, Shamir, Adelma

Monitor | System Status | LED Status15-25VPN 3000 Concentrator Series User GuideMonitor | System Status | LED StatusModel3015–3080 onlyThis screen sho

xxxviiVPN 3000 Concentrator Series User GuidePrefaceAbout this manualThe VPN 3000 Concentrator Series User Guide provides guidelines for configuring t

15 Monitoring15-26VPN 3000 Concentrator Series User GuideMonitor | SessionsThis screen shows comprehensive data for all active user and administrator

Monitor | Sessions15-27VPN 3000 Concentrator Series User GuideActive LAN-to-LAN SessionsThe number of IPSec LAN-to-LAN sessions that are currently act

15 Monitoring15-28VPN 3000 Concentrator Series User GuideIP AddressThe IP address of the remote peer VPN Concentrator or other secure gateway that ini

Monitor | Sessions15-29VPN 3000 Concentrator Series User GuideManagement Sessions tableThis table shows parameters and statistics for all active admin

15 Monitoring15-30VPN 3000 Concentrator Series User GuideMonitor | Sessions | DetailThese Manager screens show detailed parameters and statistics for

Monitor | Sessions | Detail15-31VPN 3000 Concentrator Series User GuideFigure 15-12: Monitor | Sessions | Detail screen: IPSec remote access user

15 Monitoring15-32VPN 3000 Concentrator Series User GuideFigure 15-13: Monitor | Sessions | Detail screen: IPSec through NAT Figure 15-14: Monitor |

Monitor | Sessions | Detail15-33VPN 3000 Concentrator Series User GuideFigure 15-15: Monitor | Sessions | Detail screen: L2TP over IPSec Figure 15-16

15 Monitoring15-34VPN 3000 Concentrator Series User GuideRefreshTo update the screen and its data, click Refresh. The date and time indicate when the

Monitor | Sessions | Detail15-35VPN 3000 Concentrator Series User GuideIPSec Sessions:The total number of IPSec (Phase 2) sessions, which are data tra

PrefacexxxviiiVPN 3000 Concentrator Series User GuideChapter 6, Address Management explains how to configure client IP addresses available in your pri

15 Monitoring15-36VPN 3000 Concentrator Series User GuideMonitor | Sessions | ProtocolsThis screen graphically displays the protocols used by currentl

Monitor | Sessions | Protocols15-37VPN 3000 Concentrator Series User GuideL2TP = Layer 2 Tunneling Protocol.IPSec = Internet Protocol Security tunneli

15 Monitoring15-38VPN 3000 Concentrator Series User GuideMonitor | Sessions | SEPsModel3015–3080 onlyThis screen graphically displays the SEP (Scalabl

Monitor | Sessions | Encryption15-39VPN 3000 Concentrator Series User GuideBar Graph The percentage of sessions using this SEP module relative to the

15 Monitoring15-40VPN 3000 Concentrator Series User GuideEncryptionThe data encryption algorithm that the sessions are using:Other = other than listed

Monitor | Sessions | Top Ten Lists15-41VPN 3000 Concentrator Series User GuideMonitor | Sessions | Top Ten ListsThis section of the Manager shows stat

15 Monitoring15-42VPN 3000 Concentrator Series User GuideIP AddressThe IP address of the session user. This is the address assigned to or supplied by

Monitor | Sessions | Top Ten Lists | Duration15-43VPN 3000 Concentrator Series User GuideLogin TimeThe date and time that this session logged in: MM/D

15 Monitoring15-44VPN 3000 Concentrator Series User GuideProtocolThe protocol that the session is using.Console = directly connected console; no proto

Monitor | Sessions | Top Ten Lists | Throughput15-45VPN 3000 Concentrator Series User GuideDurationThe total amount of time that this session has been

Documentation ConventionsxxxixVPN 3000 Concentrator Series User GuideThe VPN 3000 Monitor User Guide explains how to install, set up, and use the VPN

15 Monitoring15-46VPN 3000 Concentrator Series User GuideFTP = File Transfer Protocol.HTTP = Hypertext Transfer Protocol (Web browser).IPSec = Interne

Monitor | Statistics15-47VPN 3000 Concentrator Series User GuideMonitor | StatisticsThis section of the Manager shows statistics for traffic and activ

15 Monitoring15-48VPN 3000 Concentrator Series User GuideMonitor | Statistics | PPTPThis screen shows statistics for PPTP activity on the VPN Concentr

Monitor | Statistics | PPTP15-49VPN 3000 Concentrator Series User GuideTotal SessionsThe total number of user sessions through PPTP tunnels since the

15 Monitoring15-50VPN 3000 Concentrator Series User GuidePeer IPThe IP address of the peer host that established the PPTP tunnel for this session; i.e

Monitor | Statistics | L2TP15-51VPN 3000 Concentrator Series User GuideFlowThe state of packet flow control for this PPTP session:Local = the local bu

15 Monitoring15-52VPN 3000 Concentrator Series User GuideTotal TunnelsThe total number of L2TP tunnels successfully established since the VPN Concentr

Monitor | Statistics | L2TP15-53VPN 3000 Concentrator Series User GuideRx Packets Control / DataThe number of L2TP control / data channel packets rece

15 Monitoring15-54VPN 3000 Concentrator Series User GuideReceive PacketsThe total number of L2TP data packets received by this session.Receive Discard

Monitor | Statistics | IPSec15-55VPN 3000 Concentrator Series User GuideMonitor | Statistics | IPSecThis screen shows statistics for IPSec activity—in

Contents—2 ConfigurationivVPN 3000 Concentrator Series User GuideLogout tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

PrefacexlVPN 3000 Concentrator Series User GuideData FormatsAs you configure and manage the system, enter data in these formats unless the instruction

15 Monitoring15-56VPN 3000 Concentrator Series User GuideIKE (Phase 1) StatisticsThis table provides IPSec Phase 1 (IKE: Internet Key Exchange) global

Monitor | Statistics | IPSec15-57VPN 3000 Concentrator Series User GuideReceived NotifiesThe cumulative total of notify packets received by all curren

15 Monitoring15-58VPN 3000 Concentrator Series User GuidePhase-2 SA Delete Requests SentThe cumulative total of requests to delete IPSec Phase-2 Secur

Monitor | Statistics | IPSec15-59VPN 3000 Concentrator Series User GuideIPSec (Phase 2) StatisticsThis table provides IPSec Phase 2 global statistics.

15 Monitoring15-60VPN 3000 Concentrator Series User GuideSent Packets DroppedThe cumulative total of packets dropped during send processing by all cur

Monitor | Statistics | HTTP15-61VPN 3000 Concentrator Series User GuideSystem Capability FailuresThe total number of system capacity failures that occ

15 Monitoring15-62VPN 3000 Concentrator Series User GuidePackets SentThe total number of HTTP packets sent since the VPN Concentrator was last booted

Monitor | Statistics | Telnet15-63VPN 3000 Concentrator Series User GuideRefreshTo update the screen and its data, click Refresh. The date and time in

15 Monitoring15-64VPN 3000 Concentrator Series User GuideActive SessionsThe number of active Telnet sessions. The Telnet Sessions table shows statisti

Monitor | Statistics | DNS15-65VPN 3000 Concentrator Series User GuideMonitor | Statistics | DNSThis screen shows statistics for DNS (Domain Name Syst

Contacting Cisco with questionsxliVPN 3000 Concentrator Series User GuideContacting Cisco with questionsCisco provides extensive technical support thr

15 Monitoring15-66VPN 3000 Concentrator Series User GuideMonitor | Statistics | AuthenticationThis screen shows statistics for user authentication act

Monitor | Statistics | Authentication15-67VPN 3000 Concentrator Series User GuideRejectsThe number of authentication rejection packets received from t

15 Monitoring15-68VPN 3000 Concentrator Series User GuideMonitor | Statistics | AccountingThis screen shows statistics for RADIUS user accounting acti

Monitor | Statistics | Filtering15-69VPN 3000 Concentrator Series User GuideBad AuthenticatorsThe number of accounting response packets received from

15 Monitoring15-70VPN 3000 Concentrator Series User GuideInterfaceThe VPN Concentrator network interface through which the filtered traffic has passed

Monitor | Statistics | VRRP15-71VPN 3000 Concentrator Series User GuideMonitor | Statistics | VRRPThis screen shows status and statistics for VRRP (Vi

15 Monitoring15-72VPN 3000 Concentrator Series User GuideVRID ErrorsThe total number of VRRP packets received with an invalid VRRP Group ID number for

Monitor | Statistics | VRRP15-73VPN 3000 Concentrator Series User GuideTime-to-Live ErrorsThe total number of VRRP packets received by this interface

15 Monitoring15-74VPN 3000 Concentrator Series User GuideMonitor | Statistics | SSLThis screen shows statistics for SSL (Secure Sockets Layer) protoco

Monitor | Statistics | DHCP15-75VPN 3000 Concentrator Series User GuideActive SessionsThe number of currently active SSL sessions.Max Active SessionsT

15 Monitoring15-76VPN 3000 Concentrator Series User GuideTime LeftThe time remaining until the current IP address lease expires, shown as HH:MM:SS.DHC

Monitor | Statistics | MIB-II15-77VPN 3000 Concentrator Series User GuideMax Allocated AddressesThe maximum number of IP addresses assigned from this

15 Monitoring15-78VPN 3000 Concentrator Series User GuideMonitor | Statistics | MIB-II | InterfacesThis screen shows statistics in MIB-II objects for

Monitor | Statistics | MIB-II | Interfaces15-79VPN 3000 Concentrator Series User GuideUnicast InThe number of unicast packets that were received by th

15 Monitoring15-80VPN 3000 Concentrator Series User GuideMonitor | Statistics | MIB-II | TCP/UDPThis screen shows statistics in MIB-II objects for TCP

Monitor | Statistics | MIB-II | TCP/UDP15-81VPN 3000 Concentrator Series User GuideTCP Timeout MaxThe maximum value permitted for TCP retransmission t

15 Monitoring15-82VPN 3000 Concentrator Series User GuideUDP Errored DatagramsThe number of received UDP datagrams that could not be delivered for rea

Monitor | Statistics | MIB-II | IP15-83VPN 3000 Concentrator Series User GuidePackets Received (Header Errors)The number of IP data packets received a

15 Monitoring15-84VPN 3000 Concentrator Series User GuidePackets Transmitted (Requests)The number of IP data packets that local IP user protocols (inc

Monitor | Statistics | MIB-II | RIP15-85VPN 3000 Concentrator Series User GuideMonitor | Statistics | MIB-II | RIPThis screen shows statistics in MIB-

1-1VPN 3000 Concentrator Series User GuideCHAPTER1Using the VPN 3000 Concentrator Series ManagerThe VPN 3000 Concentrator Series Manager is an HTML-ba

15 Monitoring15-86VPN 3000 Concentrator Series User GuideReceived Bad RoutesThe number of routes in valid RIP packets received by this interface that

Monitor | Statistics | MIB-II | OSPF15-87VPN 3000 Concentrator Series User GuideMonitor | Statistics | MIB-II | OSPFThis screen shows statistics in MI

15 Monitoring15-88VPN 3000 Concentrator Series User GuideRouter IDThe VPN Concentrator OSPF router ID. This ID uniquely identifies the VPN Concentrato

Monitor | Statistics | MIB-II | OSPF15-89VPN 3000 Concentrator Series User GuideInterface AddressThe IP address of the VPN Concentrator interface that

15 Monitoring15-90VPN 3000 Concentrator Series User GuideStateThe state of the relationship with this neighboring OSPF router: Down = (Red) The VPN Co

Monitor | Statistics | MIB-II | OSPF15-91VPN 3000 Concentrator Series User GuideArea LSA CountThe total number of Link-State Advertisements in this ar

15 Monitoring15-92VPN 3000 Concentrator Series User GuideMonitor | Statistics | MIB-II | ICMPThis screen shows statistics in MIB-II objects for ICMP t

Monitor | Statistics | MIB-II | ICMP15-93VPN 3000 Concentrator Series User GuideTime Exceeded Received / TransmittedThe number of ICMP Time Exceeded m

15 Monitoring15-94VPN 3000 Concentrator Series User GuideAddress Mask Requests Received / TransmittedThe number of ICMP Address Mask Request messages

Monitor | Statistics | MIB-II | ARP Table15-95VPN 3000 Concentrator Series User GuideInterfaceThe VPN Concentrator network interface on which this map

1 Using the VPN 3000 Concentrator Series Manager1-2VPN 3000 Concentrator Series User Guide• Internet Explorer 5.0:– On the Tools menu, select Internet

15 Monitoring15-96VPN 3000 Concentrator Series User GuideMonitor | Statistics | MIB-II | EthernetThis screen shows statistics in MIB-II objects for Et

Monitor | Statistics | MIB-II | Ethernet15-97VPN 3000 Concentrator Series User GuideSQE Test ErrorsThe number of times that the SQE (Signal Quality Er

15 Monitoring15-98VPN 3000 Concentrator Series User GuideSpeed (Mbps)This interface’s nominal bandwidth in megabits per second.DuplexThe current LAN d

Monitor | Statistics | MIB-II | SNMP15-99VPN 3000 Concentrator Series User GuideBad Community StringThe total number of SNMP messages received that us

16-1VPN 3000 Concentrator Series User GuideCHAPTER16Using the Command Line InterfaceThe VPN 3000 Concentrator Series Command Line Interface (CLI) is a

16 Using the Command Line Interface16-2VPN 3000 Concentrator Series User Guide3 Press Enter on the PC keyboard until you see the login prompt. (You ma

Using the CLI16-3VPN 3000 Concentrator Series User GuideUsing the CLI This section explains how to:• Choose menu items.• Enter values for parameters a

16 Using the Command Line Interface16-4VPN 3000 Concentrator Series User GuideSpecifying configured itemsMany menus give choices that act on configure

Using the CLI16-5VPN 3000 Concentrator Series User GuideNavigating quickly through the CLI There are two ways to move quickly through the CLI: shortcu

Connecting to the VPN Concentrator using HTTP1-3VPN 3000 Concentrator Series User GuideConnecting to the VPN Concentrator using HTTPWhen your system a

16 Using the Command Line Interface16-6VPN 3000 Concentrator Series User GuideAs a shortcut, you can just enter 1.3.1.1 at the Main-> prompt, and m

Using the CLI16-7VPN 3000 Concentrator Series User GuideSaving the configuration file Configuration and administration entries take effect immediately

16 Using the Command Line Interface16-8VPN 3000 Concentrator Series User GuideCLI menu reference This section shows all the menus in the first three l

CLI menu reference16-9VPN 3000 Concentrator Series User Guide1.1 Configuration > Interface ConfigurationThis table shows current IP addresses...Mo

16 Using the Command Line Interface16-10VPN 3000 Concentrator Series User Guide1.1.3 Configuration > Interface Configuration > Configure Power S

CLI menu reference16-11VPN 3000 Concentrator Series User Guide1.2.1 Configuration > System Management > Servers1) Authentication Servers2) Accou

16 Using the Command Line Interface16-12VPN 3000 Concentrator Series User Guide1.2.5 Configuration > System Management > Management ProtocolsNet

CLI menu reference16-13VPN 3000 Concentrator Series User Guide1.3.1 Configuration > User Management > Base Group1) General Parameters2) Server P

16 Using the Command Line Interface16-14VPN 3000 Concentrator Series User Guide1.4.1 Configuration > Policy Management > Access HoursCurrent Acc

CLI menu reference16-15VPN 3000 Concentrator Series User Guide2.3 Administration > System Reboot1) Cancel Scheduled Reboot/Shutdown2) Schedule Rebo

1 Using the VPN 3000 Concentrator Series Manager1-4VPN 3000 Concentrator Series User Guideinstalled, you can connect using HTTPS. You need to install

16 Using the Command Line Interface16-16VPN 3000 Concentrator Series User Guide2.5.2 Administration > Access Rights > Access Control ListThis is

CLI menu reference16-17VPN 3000 Concentrator Series User Guide2.7 Administration > Certificate Management1) Enrollment2) Installation3) Certificate

16 Using the Command Line Interface16-18VPN 3000 Concentrator Series User Guide2.7.5 Administration > Certificate Management > SSL CertificateSu

CLI menu reference16-19VPN 3000 Concentrator Series User Guide3.2 Monitoring > Event Log1) Configure Log viewing parameters2) View Event Log3) Save

16 Using the Command Line Interface16-20VPN 3000 Concentrator Series User Guide3.4 Monitoring > SessionsModel3015–3080 only1) View Session Statisti

CLI menu reference16-21VPN 3000 Concentrator Series User Guide3.4.4 Monitoring > Sessions > View Session SEPsModel3015–3080 onlySession SEPs...1

16 Using the Command Line Interface16-22VPN 3000 Concentrator Series User Guide3.5.2 Monitoring > General Statistics > Server Statistics1) Authe

APPENDIXA-1VPN 3000 Concentrator Series User GuideAErrors and troubleshootingThis appendix describes common errors that may occur while configuring an

A Errors and troubleshootingA-2VPN 3000 Concentrator Series User GuideConfiguration filesThe VPN Concentrator saves the current boot configuration fil

VPN Concentrator Manager errorsA-3VPN 3000 Concentrator Series User GuideInvalid Login or Session TimeoutThe Manager displays the Invalid Login or Ses

Installing the SSL certificate in your browser1-5VPN 3000 Concentrator Series User GuideFigure 1-3: Internet Explorer File Download dialog box 3 Clic

A Errors and troubleshootingA-4VPN 3000 Concentrator Series User GuideError / An error has occurred while attempting to perform...The Manager displays

VPN Concentrator Manager errorsA-5VPN 3000 Concentrator Series User GuideYou are using an old browser or have disabled JavaScriptThe Manager displays

A Errors and troubleshootingA-6VPN 3000 Concentrator Series User GuideNot Allowed / You do not have sufficient authorization...The Manager displays a

VPN Concentrator Manager errorsA-7VPN 3000 Concentrator Series User GuideNot Found / An error has occurred while attempting to access...The Manager di

A Errors and troubleshootingA-8VPN 3000 Concentrator Series User GuideCommand Line Interface errorsThese errors may occur while using the menu-based C

LED indicatorsA-9VPN 3000 Concentrator Series User GuideLED indicatorsLED indicators on the VPN Concentrator and its expansion modules are normally gr

A Errors and troubleshootingA-10VPN 3000 Concentrator Series User GuideVPN Concentrator LEDs (front) LED Indicator (Front) Green Amber OffSystem Power

LED indicatorsA-11VPN 3000 Concentrator Series User GuideVPN Concentrator LEDs (rear) SEP (Scalable Encryption Processing) Module LEDs (Model 3015–308

A Errors and troubleshootingA-12VPN 3000 Concentrator Series User GuideWAN Interface Module LEDsWAN module LEDs are visible from the rear of the VPN C

LED indicatorsA-13VPN 3000 Concentrator Series User GuideThis table shows all possible combinations for the LEDs on each WAN Port. End of AppendixWAN

1 Using the VPN 3000 Concentrator Series Manager1-6VPN 3000 Concentrator Series User GuideFigure 1-5: Internet Explorer Certificate Manager Import Wi

APPENDIXB-1VPN 3000 Concentrator Series User GuideBCopyrights, licenses, and noticesSoftware License Agreement of Cisco Systems, Inc.CISCO SYSTEMS, IN

B Copyrights, licenses, and noticesB-2VPN 3000 Concentrator Series User Guide4. You may permanently transfer the Software and accompanying written mat

Other licensesB-3VPN 3000 Concentrator Series User Guide16. This Agreement is governed by the laws of the State of Massachusetts.17. If you have any q

B Copyrights, licenses, and noticesB-4VPN 3000 Concentrator Series User GuideDHCP clientCopyright © 1995, 1996, 1997 The Internet Software Consortium.

Other licensesB-5VPN 3000 Concentrator Series User GuidePortions Copyright © 1993 by Digital Equipment Corporation.Permission to use, copy, modify, an

B Copyrights, licenses, and noticesB-6VPN 3000 Concentrator Series User GuideNRL grants permission for redistribution and use in source and binary for

Other licensesB-7VPN 3000 Concentrator Series User GuideRSA softwareCopyright © 1995-1998 RSA Data Security, Inc. All rights reserved. This work conta

B Copyrights, licenses, and noticesB-8VPN 3000 Concentrator Series User GuideSSL PlusCerticom, the Certicom logo, SSL Plus, and Security Builder are t

Regulatory Agency NoticesB-9VPN 3000 Concentrator Series User GuideRegulatory Agency NoticesU.S. Federal Communications Commission (FCC) Compliance No

Installing the SSL certificate in your browser1-7VPN 3000 Concentrator Series User GuideFigure 1-7: Internet Explorer Certificate Manager Import Wiza

B Copyrights, licenses, and noticesB-10VPN 3000 Concentrator Series User Guide(1) --------------------------------(2) Before connecting your unit, you

Regulatory Agency NoticesB-11VPN 3000 Concentrator Series User Guide• If the telephone company requests that you supply the FCC Certification number a

B Copyrights, licenses, and noticesB-12VPN 3000 Concentrator Series User GuideWAN Module: CS03 Canadian Requirements—Equipment Attachment LimitationsN

INDEXIndex-1VPN 3000 Concentrator Series User GuideIndexNumerics100 LED (Ethernet) A-11Aabout this manual xxxviiaccess control list, administration 14

IndexIndex-2VPN 3000 Concentrator Series User Guideautodiscovery, network 7-8, 7-14automatic switchover (redundancy) 8-12Bback panel display (monitori

IndexIndex-3VPN 3000 Concentrator Series User Guidedeletedigital certificate 14-49filter rule (traffic management) 13-19group (user management) 12-17i

IndexIndex-4VPN 3000 Concentrator Series User GuideExpansion Modules Insertion Status LEDs A-10Expansion Modules Run Status LEDs A-10Extended Authenti

IndexIndex-5VPN 3000 Concentrator Series User GuideIKE proposals (continued)default, table 7-20in IPSec LAN-to-LAN 7-14in security association 13-19in

IndexIndex-6VPN 3000 Concentrator Series User GuideLAN-to-LANSee IPSec LAN-to-LANLED indicators100 (Ethernet) A-11Active Sessions A-10Alrm (WAN) A-13C

IndexIndex-7VPN 3000 Concentrator Series User Guidemouse pointer and tips in Manager window 1-20multilink PPP (MP), configuring 3-25NNATconfiguring 13

Contents—3 InterfacesvVPN 3000 Concentrator Series User GuideRIP Parameters tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1 Using the VPN 3000 Concentrator Series Manager1-8VPN 3000 Concentrator Series User GuideFigure 1-10: Internet Explorer Security Alert dialog box 11

IndexIndex-8VPN 3000 Concentrator Series User Guiderefresh Monitoring screens 14-20refreshing screen content 1-22regulatory agency notices B-9requirem

IndexIndex-9VPN 3000 Concentrator Series User Guidestatic routes, configuring for IP routing 8-2add 8-3modify 8-3statistics 15-47accounting 15-68addre

IndexIndex-10VPN 3000 Concentrator Series User Guidetunneling protocolsconfiguring 7-2section of Manager 7-1Tx LED (Ethernet) A-11type (model number),

Installing the SSL certificate in your browser1-9VPN 3000 Concentrator Series User GuideViewing certificates with Internet ExplorerThere are (at least

1 Using the VPN 3000 Concentrator Series Manager1-10VPN 3000 Concentrator Series User GuideInstalling the SSL certificate with NetscapeThis section de

Installing the SSL certificate in your browser1-11VPN 3000 Concentrator Series User GuideFigure 1-16: Netscape New Certificate Authority screen 2 2 C

1 Using the VPN 3000 Concentrator Series Manager1-12VPN 3000 Concentrator Series User GuideFigure 1-18: Netscape New Certificate Authority screen 4 4

Installing the SSL certificate in your browser1-13VPN 3000 Concentrator Series User GuideFigure 1-20: Netscape New Certificate Authority screen 6 6 I

1 Using the VPN 3000 Concentrator Series Manager1-14VPN 3000 Concentrator Series User GuideFigure 1-22: VPN Concentrator Manager login screen using H

Installing the SSL certificate in your browser1-15VPN 3000 Concentrator Series User GuideViewing certificates with NetscapeThere are (at least) two wa

1 Using the VPN 3000 Concentrator Series Manager1-16VPN 3000 Concentrator Series User GuideFigure 1-25: Netscape Certificates Signers list Select a c

Connecting to the VPN Concentrator using HTTPS1-17VPN 3000 Concentrator Series User GuideConnecting to the VPN Concentrator using HTTPSOnce you have i

Contents—4 System ConfigurationviVPN 3000 Concentrator Series User GuideLoopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1 Using the VPN 3000 Concentrator Series Manager1-18VPN 3000 Concentrator Series User GuideLogging in the VPN Concentrator ManagerLogging in the VPN C

Configuring HTTP, HTTPS, and SSL parameters1-19VPN 3000 Concentrator Series User GuideConfiguring HTTP, HTTPS, and SSL parametersHTTP, HTTPS, and SSL

1 Using the VPN 3000 Concentrator Series Manager1-20VPN 3000 Concentrator Series User GuideMouse pointer and tipsAs you move the mouse pointer over an

Understanding the VPN Concentrator Manager window1-21VPN 3000 Concentrator Series User [email protected] this link to open your configured email

1 Using the VPN 3000 Concentrator Series Manager1-22VPN 3000 Concentrator Series User GuideRefresh Click to refresh (update) the screen contents on s

Organization of the VPN Concentrator Manager1-23VPN 3000 Concentrator Series User GuideOrganization of the VPN Concentrator ManagerThe VPN Concentrato

1 Using the VPN 3000 Concentrator Series Manager1-24VPN 3000 Concentrator Series User GuideNavigating the VPN Concentrator ManagerYour primary tool fo

2-1VPN 3000 Concentrator Series User GuideCHAPTER2ConfigurationConfiguring the VPN Concentrator means setting all the parameters that govern its use a

3-1VPN 3000 Concentrator Series User GuideCHAPTER3InterfacesThis section of the VPN 3000 Concentrator Series Manager applies primarily to Ethernet and

Contents—6 Address ManagementviiVPN 3000 Concentrator Series User GuideConfiguration | System | Servers | Accounting . . . . . . . . . . . . . . . .

3 Interfaces3-2VPN 3000 Concentrator Series User GuideConfiguration | InterfacesThis section lets you configure the three VPN Concentrator Ethernet in

Configuration | Interfaces3-3VPN 3000 Concentrator Series User GuideFigure 3-1: Configuration | Interfaces screen To configure a module, either click

3 Interfaces3-4VPN 3000 Concentrator Series User GuideEthernet 1 (Private), Ethernet 2 (Public), Ethernet 3 (External)To configure Ethernet interface

Configuration | Interfaces | Power3-5VPN 3000 Concentrator Series User GuidePower SuppliesTo configure alarm thresholds on system power supplies, clic

3 Interfaces3-6VPN 3000 Concentrator Series User GuideFigure 3-2: Configuration | Interfaces | Power screen Alarm ThresholdsThe fields show default v

Configuration | Interfaces | Ethernet 1 2 33-7VPN 3000 Concentrator Series User GuideApply / CancelTo apply your settings to the system and include th

3 Interfaces3-8VPN 3000 Concentrator Series User GuideFigure 3-3: Configuration | Interfaces | Ethernet 1 2 3 screen, General tab General Parameters

Configuration | Interfaces | Ethernet 1 2 33-9VPN 3000 Concentrator Series User GuideIPSec LAN-to-LAN, for example. You should designate only one VPN

3 Interfaces3-10VPN 3000 Concentrator Series User GuideFigure 3-4: Configuration | Interfaces | Ethernet 1 2 3 screen, RIP tab RIP Parameters tabRIP

Configuration | Interfaces | Ethernet 1 2 33-11VPN 3000 Concentrator Series User GuideRIPv2 Only = Send only RIPv2 messages on this interface.RIPv2/v1

Contents—7 Tunneling ProtocolsviiiVPN 3000 Concentrator Series User GuideConfiguration | System | Address Management | Pools | Add or Modify . . . .

3 Interfaces3-12VPN 3000 Concentrator Series User GuideThe 0.0.0.0 area ID identifies a special area—the backbone—that contains all area border router

Configuration | Interfaces | Ethernet 1 2 33-13VPN 3000 Concentrator Series User GuideEnter the delay as a number from 0 to 3600 seconds. The default

3 Interfaces3-14VPN 3000 Concentrator Series User GuideConfiguration | Interfaces | WAN Card in Slot NThe Manager displays this screen when you click

Configuration | Interfaces | WAN Card in Slot N | Port A B | Select T1/E13-15VPN 3000 Concentrator Series User GuideRed = (Red) Red alarm: Line has lo

3 Interfaces3-16VPN 3000 Concentrator Series User GuideE1: up to 31 64-Kbps channelsThe E1 interface conforms to European Digital Hierarchy standards,

Configuration | Interfaces | WAN Card in Slot N | Port A B as T1 or E13-17VPN 3000 Concentrator Series User GuideFigure 3-8: Configuration | Interfac

3 Interfaces3-18VPN 3000 Concentrator Series User GuideFilterThe filter governs the handling of data packets through this interface: whether to forwar

Configuration | Interfaces | WAN Card in Slot N | Port A B as T1 or E13-19VPN 3000 Concentrator Series User GuideInbound RIPThis parameter applies to

3 Interfaces3-20VPN 3000 Concentrator Series User GuideFigure 3-10: Configuration | Interfaces | WAN Card in Slot N | Port A B as T1 or E1 screen, OS

Configuration | Interfaces | WAN Card in Slot N | Port A B as T1 or E13-21VPN 3000 Concentrator Series User GuideEnter the area ID in the field, using

Contents—8 IP RoutingixVPN 3000 Concentrator Series User GuideRemote Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3 Interfaces3-22VPN 3000 Concentrator Series User GuideOSPF AuthenticationThis parameter sets the authentication method for OSPF protocol messages. OS

Configuration | Interfaces | WAN Card in Slot N | Port A B as T1 or E13-23VPN 3000 Concentrator Series User GuideWAN Parameters tabThis tab lets you c

3 Interfaces3-24VPN 3000 Concentrator Series User GuideBuildoutLine buildout is a conditioning factor that limits loss of signal strength on the line.

Configuration | Interfaces | WAN Card in Slot N | Port A B as T1 or E13-25VPN 3000 Concentrator Series User GuideFigure 3-12: Configuration | Interfa

4-1VPN 3000 Concentrator Series User GuideCHAPTER4System ConfigurationSystem configuration means configuring parameters for system-wide functions in t

5-1VPN 3000 Concentrator Series User GuideCHAPTER5ServersConfiguring servers means identifying them to the VPN 3000 Concentrator so it can communicate

5 Servers5-2VPN 3000 Concentrator Series User GuideConfiguration | System | Servers | AuthenticationThis section lets you configure the VPN Concentrat

Configuration | System | Servers | Authentication | Add or Modify5-3VPN 3000 Concentrator Series User GuideAuthentication ServersThe Authentication Se