Cisco VPN 3000 Betriebsanweisung Seite 219
- Seite / 502
- Inhaltsverzeichnis
- FEHLERBEHEBUNG
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
Configuration | User Management | Base Group
12-13
VPN 3000 Concentrator Series User Guide
These choices specify the allowable authentication protocols in order from least secure to most secure.
PAP = Password Authentication Protocol. This protocol passes cleartext username and password
during authentication and is not secure. We strongly recommend that you not allow this protocol
(the default).
CHAP = Challenge-Handshake Authentication Protocol. In response to the server challenge, the
client returns the encrypted [challenge plus password], with a cleartext username. It is more secure
than PAP, and is allowed by default.
EAP = Extensible Authentication Protocol. This protocol is allowed by default. It supports -MD5
(MD5-Challenge) authentication, which is analogous to the CHAP protocol, with the same level of
security.
MSCHAPv1 = Microsoft Challenge-Handshake Authentication Protocol version 1. This protocol is
similar to, but more secure than, CHAP. In response to the server challenge, the client returns the
encrypted [challenge plus encrypted password], with a cleartext username. Thus the server stores—
and compares—only encrypted passwords, rather than cleartext passwords as in CHAP. This
protocol also generates a key for data encryption by MPPE (Microsoft Point-to-Point Encryption).
This protocol is allowed by default. If you check
Required under PPTP Encryption below, you must
allow one or both
MSCHAP protocols and no other.
MSCHAPv2 = Microsoft Challenge-Handshake Authentication Protocol version 2. This protocol is
even more secure than MSCHAPv1. It requires mutual client-server authentication, uses
session-unique keys for data encryption by MPPE, and derives different encryption keys for the
send and receive paths. This protocol is not allowed by default. The VPN Concentrator internal user
authentication server supports this protocol, but external authentication servers do not. If you check
Required under PPTP Encryption below, you must allow one or both MSCHAP protocols and no other.
PPTP Encryption
Check the boxes for the data encryption options that apply to PPTP clients.
Required = During connection setup, PPTP clients must agree to use Microsoft encryption (MPPE)
to encrypt data or they will not be connected. This option is not checked by default. If you check
this option, you must also allow only
MSCHAPv1 and/or MSCHAPv2 under PPTP Authentication
Protocols
above, and you must also check 40-bit and/or 128-bit here. Do not check this option if you
use NT Domain user authentication; NT Domain authentication cannot negotiate encryption.
Require Stateless = During connection setup, PPTP clients must agree to use stateless encryption to
encrypt data or they will not be connected. With stateless encryption, the encryption keys are
changed on every packet; otherwise, the keys are changed after some number of packets or
whenever a packet is lost. Stateless encryption is more secure, but it requires more processing.
However, it might perform better in a lossy environment (where packets are lost), such as the
Internet. This option is not checked by default. Do not check this option if you use NT Domain user
authentication; NT Domain authentication cannot negotiate encryption.
40-bit = PPTP clients are allowed to use the RSA RC4 encryption algorithm with a 40-bit key. This
is significantly less secure than the
128-bit option. Microsoft encryption (MPPE) uses this algorithm.
This option is checked by default. If you check
Required, you must check this option and/or the
128-bit option.
128-bit = PPTP clients are allowed to use the RSA RC4 encryption algorithm with a 128-bit key.
Microsoft encryption (MPPE) uses this algorithm. This option is checked by default. If you check
Required, you must check this option and/or the 40-bit option. The U.S. government restricts the
distribution of 128-bit encryption software.
- VPN 3000 Concentrator Series 1
- User Guide 1
- CONTENTS 3
- 2 Configuration 4
- 3 Interfaces 4
- 4 System Configuration 6
- 5Servers 6
- 6 Address Management 7
- 8IP Routing 9
- 9 Management Protocols 10
- 10 Events 11
- 11 General 13
- 12 User Management 13
- 13 Policy Management 15
- 14 Administration 18
- 15 Monitoring 21
- A Errors and troubleshooting 33
- About this manual 37
- Additional Documentation 38
- Documentation Conventions 39
- Data Formats 40
- Browser requirements 43
- Navigation toolbar 44
- Install SSL Certificate link 46
- Install Certificate 47
- Next to continue 48
- Security Alert screen 50
- Reinstallation 52
- First-time installation 52
- Title bar 61
- Status bar 61
- Mouse pointer and tips 62
- Top frame (Manager toolbar) 62
- Support 63
- Save Needed 63
- Save reminder 63
- Main frame (Manager screen) 64
- Configuration 70
- Power Supplies 73
- Alarm Thresholds 74
- MAC Address 77
- RIP Parameters tab 78
- OSPF Parameters tab 79
- Select T1/E1 83
- Port A B as T1 or E1 84
- IP Parameters tab 85
- Inbound RIP 87
- Outbound RIP 87
- WAN Parameters tab 91
- PPP Multilink Parameters tab 93
- System Configuration 95
- Authentication Servers 99
- Server Type = RADIUS 100
- Server Type = NT Domain 101
- Server Type = SDI 102
- Authentication Server 103
- Server Port 103
- Add or Apply / Cancel 103
- Server Type = Internal Server 104
- Yes / No 105
- User Name 105
- Password 105
- OK / Cancel 105
- 5 Servers 106
- Go to main menu 107
- Accounting Servers 108
- Add / Modify / Delete / Move 108
- Accounting Server 109
- Server Secret 110
- Primary DNS Server 111
- Secondary DNS Server 111
- Tertiary DNS Server 111
- Timeout Period 112
- Timeout Retries 112
- Apply / Cancel 112
- DHCP Servers 113
- DHCP Server 114
- Sync Frequency 115
- NTP Hosts 116
- Add / Modify / Delete 116
- NTP Host 117
- Address Management 119
- Use Client Address 120
- Use DHCP 120
- Use Address Pools 121
- IP Pool Entry 121
- Add or Modify 122
- Tunneling Protocols 125
- 7 Tunneling Protocols 126
- Maximum Tunnel Idle Time 127
- Hello Interval 131
- IPSec LAN-to-LAN 132
- LAN-to-LAN Connection 133
- Interface 136
- Digital Certificate 137
- Preshared Key 137
- Authentication 137
- Encryption 137
- IKE Proposal 138
- Network Autodiscovery 138
- Local Network 138
- Remote Network 139
- List Name 141
- Network List 141
- IPSec LAN-to-LAN 142
- IKE Proposals 143
- Proposal Name 147
- Authentication Mode 147
- Authentication Algorithm 148
- Encryption Algorithm 148
- Diffie-Hellman Group 148
- Lifetime Measurement 148
- Data Lifetime 149
- Time Lifetime 149
- IP Routing 151
- 8 IP Routing 152
- Network Address 154
- Subnet Mask 154
- Destination 154
- Default Gateway 155
- Tunnel Default Gateway 156
- Override Default Gateway 156
- Router ID 157
- Autonomous System 157
- OSPF Area 158
- Area Summary 159
- External LSA Import 160
- Lease Timeout 161
- Listen Port 161
- Group ID 163
- 2 (Public) 164
- 3 (External) 164
- Management Protocols 165
- Maximum Connections 166
- Enable HTTP 167
- Enable HTTPS 168
- HTTP Port 168
- HTTPS Port 168
- Maximum Sessions 168
- Enable Telnet 170
- Enable Telnet/SSL 170
- Telnet Port 170
- Telnet/SSL Port 171
- SNMP Communities 172
- Community Strings 173
- Community String 174
- Apply on this 175
- Encryption Protocols 176
- Client Authentication 176
- SSL Version 176
- Event class 179
- Event severity level 182
- Event log 183
- Save Log on Wrap 184
- Save Log Format 185
- FTP Saved Log on Wrap 185
- Email Source Address 185
- Syslog Format 185
- Severity to Log 185
- Severity to Console 186
- Severity to Syslog 186
- Severity to Email 186
- Severity to Trap 186
- FTP Server 187
- FTP Directory 187
- FTP Username 187
- FTP Password 187
- Configured Event Classes 188
- Class Name 190
- Trap Destinations 192
- Syslog Servers 195
- Syslog Server 195
- Facility 196
- SMTP Servers 197
- SMTP Server 198
- Email Recipients 199
- System Name 204
- Location 204
- Current Time 205
- New Time 205
- Enable DST Support 205
- User Management 207
- Using the tabs 209
- General Parameters tab 210
- IPSec Parameters tab 213
- Mode Configuration 215
- Mode Configuration Parameters 215
- Default Domain Name 217
- IPSec through NAT 217
- IPSec through NAT UDP Port 217
- PPTP/L2TP Parameters tab 218
- PPTP Encryption 219
- Current Groups 222
- (Internal) 224
- Group Name 225
- Value / Inherit? 226
- Access Hours 227
- Simultaneous Logins 227
- Minimum Password Length 227
- Idle Timeout 227
- Primary WINS 229
- Secondary WINS 229
- SEP Card Assignment 229
- Split Tunneling Network List 233
- Current Users 240
- Identity Parameters tab 241
- Policy Management 251
- Current Access Hours 253
- Network Lists 256
- Generate Local List 258
- Filter Rules 259
- Add / Modify / Copy / Delete 261
- Rules 262
- Copy screen 263
- Rule Name 264
- Direction 264
- Protocol or Other 264
- TCP Connection 265
- Source Address 265
- Destination Address 266
- TCP/UDP Source Port 266
- Port or Range 267
- TCP/UDP Destination Port 268
- ICMP Packet Type 268
- Rules 269
- Security Associations 269
- IPSec SAs 271
- Inheritance 273
- IPSec Parameters 274
- Encapsulation Mode 274
- Perfect Forward Secrecy 275
- IKE Parameters 276
- IKE Peer 276
- Negotiation Mode 276
- Filter List 280
- Add Filter 280
- Assign Rules to Filter 280
- Modify Filter 280
- Copy Filter 281
- Delete Filter 281
- Filter Name 282
- Default Action 282
- Source Routing 283
- Fragments 283
- Description 283
- Current Rules in Filter 285
- Available Rules 285
- << Add 285
- << Insert Above 285
- >> Remove 285
- Move Up / Move Down 286
- Assign SA to Rule 286
- Add SA to Rule on Filter: 287
- Change SA on Rule in Filter: 288
- NAT 290
- NAT 290
- NAT Rules 291
- NAT 292
- Private Address 293
- Administration 295
- Administration 297
- IPSec/LAN-to-LAN 298
- Session Summary table 298
- LAN-to-LAN Sessions table 299
- Remote Access Sessions table 300
- Management Sessions table 300
- IP Address 301
- Configuration locked by 301
- Back to Sessions 306
- Current Software Revision 308
- Browse 309
- Software Update Progress 309
- Software Update Success 310
- Software Update Error 310
- System LED blinks 311
- SAVELOG.TXT when it reboots 311
- Configuration 312
- When to Reboot/Shutdown 312
- Administration 313
- Error (Ping) 314
- Refresh Period 314
- Group Number 316
- Username 316
- Properties / Modify 316
- Modify Properties 317
- Access Rights 318
- Apply / Default / Cancel 319
- Manager Workstations 320
- Access Group 322
- Session Idle Timeout 322
- Session Limit 323
- Encrypt Config File 323
- Total, Used, Free KB 324
- Filename 324
- Size (bytes) 324
- Date/Time 324
- View (Save) 325
- Concentrator File 327
- TFTP Server 327
- TFTP Server File 327
- Success (TFTP) 328
- Error (TFTP) 328
- Common Name (CN) 331
- Organizational Unit (OU) 331
- Organization (O) 331
- Request Generated 333
- Certificate Type 335
- Certificate Password 335
- Local File / Browse 336
- Certificate Authorities 336
- Identity Certificates 336
- Subject / Issuer 337
- Expiration 337
- Actions / View / CRL / Delete 337
- Serial Number 339
- Signing Algorithm 339
- Public Key Type 339
- Certificate Usage 339
- Certificate 341
- Enable CRL Checking 341
- Monitoring 345
- Monitor 346
- Monitor 348
- Select Filter Options 349
- Clear Log 351
- Event log format 351
- Monitor 353
- Fan 1, Fan 2 355
- CPU, Cage 355
- CPU Utilization 355
- Active Sessions 355
- Throughput 355
- Unknown = not configured 357
- T1/E1 Statistics 358
- Synchronous Statistics 360
- Power Supply A, B 363
- Monitor 364
- [LED selector button] 369
- Monitor 370
- Monitor 374
- Total Sessions 380
- Protocol 380
- Sessions 381
- Bar Graph 381
- Percentage 381
- Monitor 382
- Login Time 387
- Total Bytes 387
- Duration 389
- Avg. Throughput (bytes/sec) 390
- Monitor 391
- Monitor 392
- PPTP Sessions table 393
- Monitor 395
- Rx Packets Control / Data 397
- Rx Discards Control / Data 397
- Tx Octets Control / Data 397
- Tx Packets Control / Data 397
- L2TP Sessions 397
- Monitor 399
- IKE (Phase 1) Statistics 400
- Received Notifies above 401
- IPSec (Phase 2) Statistics 403
- Monitor 405
- Monitor 406
- Monitor 407
- Attempted Sessions 408
- Successful Sessions 408
- Telnet Sessions 408
- Monitor 409
- Server IP Address:Port 410
- Requests 410
- Retransmissions 410
- Bad Authenticators 413
- Pending Requests 413
- Timeouts 413
- Unknown Type 413
- Monitor 415
- VRID Errors 416
- Virtual Routers 416
- Monitor 418
- Monitor 419
- Monitor 421
- TCP Segments Received 424
- TCP Segments Transmitted 424
- TCP Segments Retransmitted 424
- TCP Timeout Min 424
- -1 means there 425
- UDP Errored Datagrams 426
- UDP No Port 426
- Packets Received (Total) 426
- 0.0.0.0) and 427
- Global Route Changes 429
- Global Queries 429
- Interfaces 429
- Neighbors 433
- External LSAs 435
- Total Received / Transmitted 436
- Errors Received / Transmitted 436
- Physical Address 439
- Mapping Type 439
- Action / Delete 439
- Alignment Errors 440
- FCS Errors 440
- Carrier Sense Errors 440
- Multiple Collisions number 441
- Single Collisions number 441
- Speed (Mbps) 442
- Requests Received 442
- Bad Version 442
- Bad Community String 443
- Parsing Errors 443
- Silent Drops 443
- Proxy Drops 443
- Accessing the CLI 445
- Starting the CLI 446
- Using the CLI 447
- Specifying configured items 448
- Using shortcut numbers 449
- Getting Help Information 450
- Stopping the CLI 451
- CLI menu reference 452
- 2 Administration 458
- 3 Monitoring 462
- 3.2 Monitoring > Event Log 463
- 3.4 Monitoring > Sessions 464
- End of Chapter 466
- Errors and troubleshooting 467
- Configuration files 468
- Command Line Interface errors 474
- LED indicators 475
- VPN Concentrator LEDs (rear) 477
- (Model 3015–3080 only) 477
- WAN Interface Module LEDs 478
- LpBk switch. LpBk is a 479
- Ownership of the Software 481
- Grant of License 481
- Limited Warranty 482
- Other licenses 483
- DHCP client 484
- DNS Resolver (client) 484
- RSA software 487
- SecureID 487
- Server SNMP 487
- Client SNMP 487
- SSL Plus 488
- Telnet server 488
- Regulatory Agency Notices 489
- Affidavit (Appendix A) 491
- End of Appendix 492
- Numerics 493
- CRSHDUMP.TXT file A-1 494
Verwandte Produkte und Handbücher für Vernetzung Cisco VPN 3000
Vernetzung Cisco EF3116 Bedienungsanleitung
(8 Seiten)
(8 Seiten)
Vernetzung Cisco 826 Bedienungsanleitung
(8 Seiten)
(8 Seiten)
Vernetzung Cisco 1861 Bedienungsanleitung
(13 Seiten)
(13 Seiten)
Vernetzung Cisco TES301 Bedienungsanleitung
(52 Seiten)
(52 Seiten)
Vernetzung Cisco MGBSX1 Bedienungsanleitung
(16 Seiten)
(16 Seiten)
Vernetzung Cisco PA-2FE-TX Spezifikationen
(60 Seiten)
(60 Seiten)
Vernetzung Cisco 880 Series Bedienungsanleitung
(18 Seiten)
(18 Seiten)
Vernetzung Cisco EPC3825 Bedienungsanleitung
(8 Seiten)
(8 Seiten)
Vernetzung Cisco DPC3008 Betriebsanweisung
(44 Seiten)
(44 Seiten)
(4 Seiten)
Vernetzung Cisco 1600R Installationsanleitung
(88 Seiten)
(88 Seiten)
(23 Seiten)
Vernetzung Cisco SPA3102 Bedienungsanleitung
(24 Seiten)
(24 Seiten)
Vernetzung Cisco OL-6900-01 Spezifikationen
(134 Seiten)
(134 Seiten)
© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.552 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern