Cisco CVPN3015-NR Getting Started

Cisco CVPN3015-NR - VPN Concentrator 3015 Manual

Get Cisco CVPN3015-NR - VPN Concentrator 3015 PDF manuals and user guides
UPC - 746320396316
View all Cisco CVPN3015-NR manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco CVPN3015-NR manual content summary:

  • Cisco CVPN3015-NR | Getting Started - Page 1
    VPN 3000 Series Concentrator Getting Started Release 4.7 August 2005 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: 78-15733 Text Part Number: 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 2
    iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise
  • Cisco CVPN3015-NR | Getting Started - Page 3
    Assistance xi Obtaining Additional Publications and Information xiii Understanding the VPN 3000 Concentrator 1-1 Hardware Features 1-2 Software Features 1-3 How the VPN Concentrator Works 1-7 Where the VPN Concentrator Fits in Your Network 1-8 Physical Specifications 1-9 Installing and Powering
  • Cisco CVPN3015-NR | Getting Started - Page 4
    CLI 4-19 What Next? 4-20 Testing the VPN Concentrator 5-1 VPN Concentrator Configuration Settings 5-1 Windows 95 PC Client Configuration 5-2 Testing the VPN Connection 5-3 Troubleshooting and System Errors A-1 Copyrights, Licenses, and Notices B-1 VPN 3000 Series Concentrator Getting Started iv 78
  • Cisco CVPN3015-NR | Getting Started - Page 5
    ). You can perform quick configuration from a console with the menu-based command-line interface, or you can use the HTML-based VPN Concentrator Manager with a browser. This guide describes both methods, and we recommend the latter for ease of use. Audience We assume you are an experienced system
  • Cisco CVPN3015-NR | Getting Started - Page 6
    that support the increased memory. The VPN Concentrator Manager also includes context-oriented online help that you can access by clicking the Help icon on the toolbar in the Manager window. VPN Client Documentation The Cisco VPN Client User Guide for Windows, the Cisco VPN Client User Guide for
  • Cisco CVPN3015-NR | Getting Started - Page 7
    VPN 3002 Hardware Client Manager. This manual is online only. The VPN 3002 Hardware Client Getting Started manual provides information to take you from unpacking and installing the VPN versions on the Cisco web site, click the Support icon on the toolbar at the top of the VPN Concentrator Manager,
  • Cisco CVPN3015-NR | Getting Started - Page 8
    . Before you work on any equipment, you must be aware of the hazards involved with electrical circuitry and familiar with standard practices for preventing accidents. VPN 3000 Series Concentrator Getting Started x 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 9
    in the following formats unless the instructions indicate otherwise: Type of Data cisco.com/techsupport You can access the Cisco website at this URL: http://www.cisco.com You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.shtml 78-15733-03 VPN
  • Cisco CVPN3015-NR | Getting Started - Page 10
    command guides for Cisco products cisco.com/go/marketplace/ Cisco will continue to support documentation orders using the Ordering tool: • Registered Cisco.com users (Cisco direct customers) can order documentation from the Ordering tool: http://www.cisco.com/en/US/partner/ordering/ • Instructions
  • Cisco CVPN3015-NR | Getting Started - Page 11
    Cisco.com. You can send comments about Cisco documentation to bug-doc@cisco cisco.com/en/US/products/products_psirt_rss_feed.html Reporting Security Problems in Cisco Products Cisco Cisco product, contact PSIRT: • Emergencies - security-alert@cisco . • Nonemergencies - [email protected] In an emergency,
  • Cisco CVPN3015-NR | Getting Started - Page 12
    you do not have a valid Cisco service contract, contact your reseller. Cisco Technical Support & Documentation Website The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The
  • Cisco CVPN3015-NR | Getting Started - Page 13
    normal business hours to restore service to satisfactory levels. Severity 4 (S4)-You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations. 78-15733-03 VPN 3000 Series Concentrator Getting Started
  • Cisco CVPN3015-NR | Getting Started - Page 14
    , technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, ://www.cisco.com/ipj • Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL: http://www.cisco.com/
  • Cisco CVPN3015-NR | Getting Started - Page 15
    as the Internet) that users see as a private connection. The VPN Concentrator can create single-user-to-LAN connections and LAN-to-LAN connections. Figure 1-1 Model 3005 The Cisco VPN 3000 Concentrator 63794 Model 3015 to 3080 63795 78-15733-03 VPN 3000 Series Concentrator Getting Started 1-1
  • Cisco CVPN3015-NR | Getting Started - Page 16
    : VPN Concentrator Model Model 3005 Model 3015 Model 3020 Hardware Features • Software-based encryption • Single power supply • 64 MB memory (versions prior to 4.1 have 32MB memory) • Software-based encryption • Single power supply • Expansion capabilities: - Up to two Enhanced Cisco
  • Cisco CVPN3015-NR | Getting Started - Page 17
    Chapter 1 Understanding the VPN 3000 Concentrator VPN Concentrator Model Model 3030 Models 3060 Model 3080 Hardware Features Hardware Features • One SEP-E modules for system redundancy • Dual redundant power supplies • 512 MB memory 78-15733-03 VPN 3000 Series Concentrator Getting Started 1-3
  • Cisco CVPN3015-NR | Getting Started - Page 18
    Copy) Tunneling Protocols • IPSec (IP Security) Protocol - Remote access, using Cisco VPN Client or other select IPSec protocol-compliant clients - LAN-to-LAN, between peer VPN Concentrators or between a VPN Concentrator and another IPSec protocol-compliant secure gateway • L2TP over IPSec (for
  • Cisco CVPN3015-NR | Getting Started - Page 19
    Chapter 1 Understanding the VPN 3000 Concentrator Software Features VPN Feature Description Network Addressing Support • DNS (Domain Name System) • Client address assignment: - DHCP (Dynamic Host Configuration Protocol), including DDNS host name population and configurable giaddr - Internally
  • Cisco CVPN3015-NR | Getting Started - Page 20
    • Traceroute Monitoring • Event logging and notification via system console, syslog, SNMP traps, and email • FTP backup of event logs • SNMP MIB-II support • System status • Session data • Memory usage • Extensive statistics VPN 3000 Series Concentrator Getting Started 1-6 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 21
    Chapter 1 Understanding the VPN 3000 Concentrator How the VPN Concentrator Works VPN Feature Client Software Compatibility Other Features Description • Cisco VPN Client (IPSec): - Windows 98 and Windows ME - Windows NT® 4.0, Windows 2000, and Windows XP - Mac OS X 10.1 and 10.2 Jaguar - Linux
  • Cisco CVPN3015-NR | Getting Started - Page 22
    enough to satisfy most applications. Figure 1-2 shows a typical installation, with the VPN Concentrator configured in parallel with a firewall, and supporting both low-speed and high-speed remote users. In some cases, the VPN Concentrator may be deployed behind the firewall; such a configuration is
  • Cisco CVPN3015-NR | Getting Started - Page 23
    100 to 240 VAC at 50/60 Hz (autosensing) • 3005 = maximum 25 W (0.2A @ 120 VAC) • 3015-3080 = maximum 50 W (0.42A @ 120 VAC) Approx. 328 feet (100 meters) Electrical, mechanical, and construction FCC, E.U., and VCCI Class A compliance 78-15733-03 VPN 3000 Series Concentrator Getting Started 1-9
  • Cisco CVPN3015-NR | Getting Started - Page 24
    Physical Specifications Chapter 1 Understanding the VPN 3000 Concentrator 1-10 VPN 3000 Series Concentrator Getting Started 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 25
    , configure, and manage internetworking systems. However, virtual private networks and VPN devices may be new to you. You should be familiar with Windows on the front, and fans are on the rear of the chassis. In the VPN 3015-3080, cooling intake vents are on the left side, and fans on the right
  • Cisco CVPN3015-NR | Getting Started - Page 26
    DB-9 connector, which Cisco supplies with the system. Console and PC / Telnet / Browser Requirements The VPN Concentrator requires a console Explorer. Whatever browser and version you use, install the latest patches and service packs for it. JavaScript and Cookies Be sure JavaScript and Cookies are
  • Cisco CVPN3015-NR | Getting Started - Page 27
    Back, Forward, or Refresh / Reload with the VPN Concentrator Manager unless instructed to do so. To protect access security, clicking Refresh VPN Concentrator Packing List Check Quantity 1 2 1 2 Item VPN 3000 Series Concentrator Rack-mounting kits-one for model 3005; one for models 3015-3080
  • Cisco CVPN3015-NR | Getting Started - Page 28
    CD Cisco VPN Software Client CD VPN 3000 Series Concentrator Getting Started (this manual) VPN 3000 Series Concentrator Software License Agreement Cisco VPN Client Software License Agreement Export Compliance document Cisco Product Warranty and Information packet Documentation Ordering Instructions
  • Cisco CVPN3015-NR | Getting Started - Page 29
    Powering Up the VPN Concentrator Models 3015 to 3080 Installing the VPN Concentrator Hardware 63797 Mount the VPN Concentrator in the rack as shown in Figure 2-2. Use screws or fasteners appropriate for your equipment rack. Figure 2-2 Model 3005 Rack Mounting a VPN Concentrator 63798 Models
  • Cisco CVPN3015-NR | Getting Started - Page 30
    place one foot in each indentation. (See Figure 2-3.) Some models of the VPN Concentrator use screws to attach the rubber feet. If the rubber feet have Figure 2-4.) Figure 2-3 VPN 3005 Installing Rubber Feet 63800 VPN 3015 - 3080 63801 VPN 3000 Series Concentrator Getting Started 2-6 78-15733-
  • Cisco CVPN3015-NR | Getting Started - Page 31
    Chapter 2 Installing and Powering Up the VPN Concentrator Figure 2-4 Model 3005 Installing Rubber Feet with Screws Installing the VPN Concentrator Hardware 63800 Model 3015 through 3080 63801 78-15733-03 VPN 3000 Series Concentrator Getting Started 2-7
  • Cisco CVPN3015-NR | Getting Started - Page 32
    Connecting Hardware Warning Be sure the console/PC is turned off before you connect cables to it. Do not connect power cables to the VPN Concentrator until instructed. Connecting the Console/PC Connect the RS-232 straight-through serial cable between the Console port on the back of the
  • Cisco CVPN3015-NR | Getting Started - Page 33
    Concentrator interface to your private network (internal LAN) VPN Concentrator interface to the public network VPN Concentrator interface to an additional LAN (present only on models 3015 - 3080) To make the VPN Concentrator operational, you must connect at least two interfaces, usually Ethernet
  • Cisco CVPN3015-NR | Getting Started - Page 34
    with redundant power modules, make sure you connect power cables between both modules and appropriate power outlets. Figure 2-6 Model 3005 Connecting Power Cable(s) 63793 Model 3015 through 3080 63803 2-10 VPN 3000 Series Concentrator Getting Started 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 35
    emulator for VT100 emulation, or let it auto-detect the emulation type. Power up the VPN Concentrator by pressing ON ( I ) on the power switch on the back. If you green are amber, red, or off, please see Appendix A, "Troubleshooting and System Errors." Ignore any other LEDs on the back. The console
  • Cisco CVPN3015-NR | Getting Started - Page 36
    configuration option. In that case, you can and must go through all the steps again. See Administration | System Reboot in the VPN 3000 Concentrator Series User Guide. Quick configuration consists of the following steps, which are explained in the remainder of this chapter and the two chapters that
  • Cisco CVPN3015-NR | Getting Started - Page 37
    , and duplex mode for the VPN Concentrator interface to the public network. IP Interfaces | Ethernet 3 (External) (For models 3015-3080 only) If so connected, the registered Internet domain name to use with DNS (for example, cisco.com). System Info | Default Gateway Specify the IP address or
  • Cisco CVPN3015-NR | Getting Started - Page 38
    Quick Configuration Chapter 2 Installing and Powering Up the VPN Concentrator Table 2-2 Quick Configuration Parameters (continued) : • Internal Server - Choosing Internal Server, means using the internal VPN Concentrator user authentication server. On the User Database screen, specify the
  • Cisco CVPN3015-NR | Getting Started - Page 39
    can create a valid security certificate. The time in brackets is the current device time. Welcome to Cisco Systems VPN 3000 Concentrator Series Command Line Interface Copyright (C) 1998-2005 Cisco Systems, Inc. -- : Set the time on your device. ... > Time Quick -> [ 15:46:41 ] _ Step 4 At the
  • Cisco CVPN3015-NR | Getting Started - Page 40
    Saving Time) support. During DST, clocks are set one hour ahead of standard time. Enabling DST support means that the VPN Concentrator automatically adjusts ; for example, 10.10.4.6. Note Ethernet 3 appears only on Models 3015 - 3080. Step 8 Step 9 The system initializes its network subsystems,
  • Cisco CVPN3015-NR | Getting Started - Page 41
    transmission mode for the Ethernet 1 interface. You can let the VPN Concentrator automatically detect and set the appropriate mode (the default), ) 3) Save changes to Config file 4) Continue 5) Exit Quick -> _ Model 3015-3080 menu 1) Modify Ethernet 1 IP Address (Private) 2) Modify Ethernet 2 IP
  • Cisco CVPN3015-NR | Getting Started - Page 42
    Concentrator Manager or the command-line interface. • To continue with the VPN Concentrator Manager, see Chapter 3, "Using the VPN Concentrator Manager for Quick Configuration." • To continue with the command-line interface, see Chapter 4, "Using the Command-Line Interface for Quick Configuration
  • Cisco CVPN3015-NR | Getting Started - Page 43
    , page 2-13. The figures that follow show only the main frame of the Manager window. To use features in the other frames, see Understanding the VPN Concentrator Manager Window, page 3-24. Note You can go through the steps of quick configuration only once, unless you reboot the system with the Reboot
  • Cisco CVPN3015-NR | Getting Started - Page 44
    Logging in to the VPN Concentrator Manager Chapter 3 Using the VPN Concentrator Manager for Quick Configuration Figure 3-1 VPN Concentrator Manager Login Screen Step 3 Log in. Entries are case-sensitive, so type them exactly as shown. With Microsoft Internet Explorer, you can press the
  • Cisco CVPN3015-NR | Getting Started - Page 45
    toolbar buttons Back, Forward, or Refresh / Reload with the VPN Concentrator Manager unless instructed to do so. To protect access security, clicking Refresh are lost. See Appendix A, "Troubleshooting and System Errors" for more details. 78-15733-03 VPN 3000 Series Concentrator Getting Started 3-3
  • Cisco CVPN3015-NR | Getting Started - Page 46
    . Figure 3-3 Model 3005 Configuration | Quick | IP Interfaces Screen Models 3015 through 3080 This screen lets you configure the VPN Concentrator Ethernet interfaces. Model 3005 comes with two Ethernet interfaces. Models 3015-3080 come with three Ethernet interfaces. • Ethernet 1 (Private) is
  • Cisco CVPN3015-NR | Getting Started - Page 47
    connect to the device and configure it. Caution If you modify any parameters of the interface that you are currently using to connect to the VPN Concentrator, you will break the connection, and you will have to restart the Manager and quick configuration from the login screen. Step 1 To enter or
  • Cisco CVPN3015-NR | Getting Started - Page 48
    . You can customize filters under regular system configuration on the Configuration | Policy Management | Traffic Management screens. Cisco supplies the following default filters with the VPN Concentrator: • 1. Private (Default)-Allow all packets except source-routed IP packets. (This is the default
  • Cisco CVPN3015-NR | Getting Started - Page 49
    speed. In the Duplex field, click the drop-down menu button and select one of the following interface transmission modes: • Auto-Let the VPN Concentrator automatically detect and set the appropriate transmission mode, either full or half duplex (default). If you accept the default, be sure that the
  • Cisco CVPN3015-NR | Getting Started - Page 50
    are easier to remember, using IP addresses avoids problems that might arise with the DNS server offline, congested, or similarly indisposed. In the Domain field, enter the registered domain in which the VPN Concentrator is located (for example, cisco.com), sometimes called the domain name suffix or
  • Cisco CVPN3015-NR | Getting Started - Page 51
    remote-access user connections using Internet Protocol Security protocol. (This box is checked by default.) This option supports only remote-access IPSec connections from the VPN 3000 Client or a similar protocol-compliant client. To configure IPSec LAN-to-LAN connections, see Configuration | System
  • Cisco CVPN3015-NR | Getting Started - Page 52
    server, you can enter a hostname in this field; otherwise, enter an IP address.) Check Configured Pool to enable this method, which uses the VPN Concentrator to assign IP addresses from an internally configured pool. If you enable Configured Pool, enter the starting and ending IP addresses available
  • Cisco CVPN3015-NR | Getting Started - Page 53
    Authentication Step 7 Click Continue to proceed. When you configure the VPN Concentrator to service IPSec or L2TP VPN clients, you must configure the users, users' Group, or Base Group to allocate client VPN (private side) addresses. VPN clients (as opposed to Clientless access) require that the
  • Cisco CVPN3015-NR | Getting Started - Page 54
    with Cisco.com logins can use to access an evaluation copy of the CiscoSecure ACS RADIUS authentication server. The VPN 3000 software CD-ROM also has current VPN 3000 VSA registry files that let customers load new supported attributes on their ACS server, and provides instructions for using
  • Cisco CVPN3015-NR | Getting Started - Page 55
    of times to retry sending a query to the server after the timeout period. If there is still no response after this number of retries, the VPN Concentrator declares this server inoperative. Minimum is 0, default is 2, maximum is 10 retries. In the Server Secret field, enter the RADIUS server secret
  • Cisco CVPN3015-NR | Getting Started - Page 56
    times to retry sending a query to the server after the timeout period. If there is still no response after this number of retries, the VPN Concentrator declares this server inoperative. The minimum is 0, default is 2, maximum is 10 retries. In the Domain Controller Name field, enter the NT Primary
  • Cisco CVPN3015-NR | Getting Started - Page 57
    of times to retry sending a query to the server after the timeout period. If there is still no response after this number of retries, the VPN Concentrator declares this server inoperative. The minimum is 0, default is 2, maximum is 10 retries. Click Continue to proceed. If you selected the IPSec
  • Cisco CVPN3015-NR | Getting Started - Page 58
    to retry sending a query to the server after the timeout period. If there is still no response after this number of retries, the VPN Concentrator declares this server inoperative and uses the next Kerberos/Active Directory authentication server in the list. The minimum number of retries is 0. The
  • Cisco CVPN3015-NR | Getting Started - Page 59
    Chapter 3 Using the VPN Concentrator Manager for Quick Configuration Configuring the Internal Server User Database Configuring the Internal Server User . This field is not present if you selected other address assignment methods. 78-15733-03 VPN 3000 Series Concentrator Getting Started 3-17
  • Cisco CVPN3015-NR | Getting Started - Page 60
    the IPSec tunneling protocol, and you must configure these parameters to complete quick configuration. The remote-access IPSec client connects to the VPN Concentrator using this group name and password, which are automatically configured on the internal authentication server. This is the IPSec group
  • Cisco CVPN3015-NR | Getting Started - Page 61
    Tunneling screen. Figure 3-15 Configuration | Quick | WebVPN Screen Step 1 Step 2 Step 3 To enable WebVPN connections to the public interface of the VPN Concentrator, check the HTTPS Enable check box. If you have not configured the Public Interface, WebVPN connections are enabled on the Private
  • Cisco CVPN3015-NR | Getting Started - Page 62
    Setting Up the WebVPN Home Page Chapter 3 Using the VPN Concentrator Manager for Quick Configuration Setting Up the WebVPN Home Page web links to appear on the WebVPN home page, for example: http://www.cisco.com. In the corresponding text box, enter the name of the link as you want it to appear
  • Cisco CVPN3015-NR | Getting Started - Page 63
    screen lets you change the password for the admin administrator user. For ease of use during startup, the default admin password supplied with the VPN Concentrator is also admin. Caution Since the admin user has full access to all management and administration functions on the device, we strongly
  • Cisco CVPN3015-NR | Getting Started - Page 64
    is operational. For example, a configured remote user with a PC and modem can use Microsoft PPTP and a local ISP to connect securely-in a VPN tunnel through the Internet-with resources on a private, internal corporate network. We strongly recommend that you save the active configuration before you
  • Cisco CVPN3015-NR | Getting Started - Page 65
    Manager screen with links to Cisco support and documentation resources. • Logout-Log out of this Manager session and return to the login screen. For details on the frames, functions, and icons in the Manager window, see the following section, "Understanding the VPN Concentrator Manager Window". For
  • Cisco CVPN3015-NR | Getting Started - Page 66
    bar and status bar also provide useful information. Figure 3-20 VPN Concentrator Manager Window Title bar Top frame (Manager toolbar) Left frame The title bar at the top of the browser window includes the VPN Concentrator device name or IP address in brackets, for example, [10.10.4.6].
  • Cisco CVPN3015-NR | Getting Started - Page 67
    Manager for Quick Configuration Understanding the VPN Concentrator Manager Window Mouse pointer and Close the help window when you are finished. Click on the Support tab to open a Manager screen with links to Cisco support and documentation resources. Click on the Logout tab to log out
  • Cisco CVPN3015-NR | Getting Started - Page 68
    the Reset icon. Click on the Cisco Systems logo to open a browser and go to the Cisco.com web site, www.cisco.com Left frame (Table of Contents) frame. Main frame (Manager screen) The main frame displays the current VPN Concentrator Manager screen. Many screens include a bullet list of links and
  • Cisco CVPN3015-NR | Getting Started - Page 69
    CLI is a menu-based configuration, administration, and monitoring system built into the VPN Concentrator. You can use it from the console or in a Telnet session. . See Appendix A, "Troubleshooting and System Errors" for more details. 78-15733-03 VPN 3000 Series Concentrator Getting Started 4-1
  • Cisco CVPN3015-NR | Getting Started - Page 70
    if present, is the interface to an additional LAN. For the VPN Concentrator to become fully operational, you must configure the two interfaces ) 3) Save changes to Config file 4) Continue 5) Exit Quick -> _ Model 3015-3080 Menu 1) Modify Ethernet 1 IP Address (Private) 2) Modify Ethernet 2 IP
  • Cisco CVPN3015-NR | Getting Started - Page 71
    to set the speed for the Ethernet 2 interface. You can let the VPN Concentrator automatically detect and set the appropriate speed (the default), or you can Save changes to Config file 5) Continue 6) Exit Quick -> _ Model 3015-3080 Menu 1) Modify Ethernet 1 IP Address (Private) 2) Modify Ethernet
  • Cisco CVPN3015-NR | Getting Started - Page 72
    configure and manage the VPN Concentrator. While hostnames are easier to remember, using IP addresses avoids problems that might arise with name; for example, cisco.com. The system prompts you to specify a default gateway, which is the system to which the VPN Concentrator routes packets that are
  • Cisco CVPN3015-NR | Getting Started - Page 73
    Protocol), with or without Microsoft encryption required; and IPSec (IP Security protocol). PPTP and L2TP are popular with Microsoft Windows-based clients, and the Cisco VPN Client uses IPSec. To enable, disable, and configure virtual private network tunneling protocols and encryption options on the
  • Cisco CVPN3015-NR | Getting Started - Page 74
    addresses to clients as a tunnel is established. The methods are configured, and used, in this order: • Client specified-the client specifies its own IP address. VPN 3000 Series Concentrator Getting Started 4-6 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 75
    configure an authentication server in the next section.) • DHCP (Dynamic Host Configuration Protocol)-a DHCP server assigns IP addresses. • Configured pool-the VPN Concentrator assigns IP addresses from an internally configured pool of addresses. You must enable at least one method. You can enable
  • Cisco CVPN3015-NR | Getting Started - Page 76
    users: • The internal VPN Concentrator authentication server • An external RADIUS (Remote Authentication Dial-In User Service) server • An external or hostname, TCP/UDP port, secret/password, and so forth.). The VPN Concentrator functions as the client of these servers. The system prompts you
  • Cisco CVPN3015-NR | Getting Started - Page 77
    you specified per-user address assignment-an IP address and subnet mask. To do so, follow these steps: Step 1 You selected the VPN concentrator internal authentication server, and the system prompts you to add users to the internal authentication server database. When you start quick configuration
  • Cisco CVPN3015-NR | Getting Started - Page 78
    listed in the table. After deleting the user, the system redisplays the user database as in the previous step, but without the deleted user. 4-10 VPN 3000 Series Concentrator Getting Started 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 79
    Concentrator software CD-ROM includes a trial copy of the CiscoSecure ACS RADIUS authentication server and instructions for using it with the VPN Concentrator. To configure an external RADIUS user authentication server, follow these steps to supply the required server IP address or hostname, server
  • Cisco CVPN3015-NR | Getting Started - Page 80
    is 32 characters. The system prompts you to enter the UDP port number by which you access the SDI server. > SDI Server Port Quick -> [ 0 ] _ 4-12 VPN 3000 Series Concentrator Getting Started 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 81
    quick configuration, proceed to the next section, "Configuring the IPSec Group," or to the "Changing the Admin Password" section on page 4-17. 78-15733-03 VPN 3000 Series Concentrator Getting Started 4-13
  • Cisco CVPN3015-NR | Getting Started - Page 82
    tunneling protocol. The remote-access IPSec client connects to the VPN Concentrator via this group name and password, which are automatically not configure the Public interface), and the default system-wide e-mail servers for WebVPN services. 1) Enable HTTPS 2) Disable HTTPS Quick -> [ 1 ] _ At the
  • Cisco CVPN3015-NR | Getting Started - Page 83
    . If you enter 1, the system displays the following menu: > Set IMAP4S Default Server Quick ->_ Enter the IP address of the mail server. 78-15733-03 VPN 3000 Series Concentrator Getting Started 4-15
  • Cisco CVPN3015-NR | Getting Started - Page 84
    2 Step 3 Step 4 Step 5 Enter the title to appear on each WebVPN page, for example: My Company Remote Access. > Set WebVPN Home Page Title Quick -> [ VPN 3000 Concentrator ] Enter a banner to appear on the WebVPN home page for the base group, for example: Welcome to My Company Remote Access. To keep
  • Cisco CVPN3015-NR | Getting Started - Page 85
    the Admin Password You can change the password for the admin user. For ease of use during startup, the default admin password supplied with the VPN Concentrator is also admin. Since the admin user has full access to all management and administration functions on the device, we strongly recommend you
  • Cisco CVPN3015-NR | Getting Started - Page 86
    functions, enter 1 at the cursor in Step 1 above. For information on using the CLI, see the VPN 3000 Series Concentrator Reference Volume I: Configuration. What Next? Now that the VPN Concentrator is operational, you can do the following: • Test its operation by following the procedures in Chapter
  • Cisco CVPN3015-NR | Getting Started - Page 87
    Please consult your ISP and your network system administrator for specific settings and instructions. Before You Begin To set up the test, follow these steps. Step 1 Step 2 Configure the VPN Concentrator with the following settings: • Ethernet 2 (Public) interface with appropriate IP address (for
  • Cisco CVPN3015-NR | Getting Started - Page 88
    Concentrator Follow these steps to create and test a secure connection from a Windows 2000 PC client to the VPN Concentrator. Step 1 On the client PC, choose Start > Settings > Network and Dial-up Connections > Make a New Connection from the Windows 2000 Start menu. The Network
  • Cisco CVPN3015-NR | Getting Started - Page 89
    Initial Connection. Step 6 Click Next. The Destination Address window appears. (See Figure 5-4.) Figure 5-4 Destination Address Window Step 7 Enter the public interface address of your VPN Concentrator. Step 8 Click Next. The Connection Availability window appears. (See Figure 5-5.) 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 90
    Figure 5-5 Connection Availability Window Chapter 5 Testing the VPN Concentrator Step 9 Choose For all Users. Step 10 Click Next. The Completing the : TestVPN. Step 12 Click Finish. The Connect window appears. (See Figure 5-7.) VPN 3000 Series Concentrator Getting Started 5-4 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 91
    . Figure 5-8 Properties Dialog Box, Networking Tab Step 16 Step 17 Step 18 Select Point to Point Tunneling Protocol (PPTP) from the Type of VPN Server I am Calling drop-down menu. (See Figure 5-8.) Click OK. The Properties dialog box disappears. In the Connect window, enter the password. Click
  • Cisco CVPN3015-NR | Getting Started - Page 92
    Concentrator Figure 5-9 Connection Complete Chapter 5 Testing the VPN Concentrator Step 19 Click OK to dismiss the window. If you receive an error message, check your connections and VPN Concentrator settings, then run the test again. VPN 3000 Series Concentrator Getting Started 5-6 78-15733
  • Cisco CVPN3015-NR | Getting Started - Page 93
    indicators on the system and its expansion modules. Files for Troubleshooting The VPN 3000 Concentrator creates several files that you can examine and that can assist Cisco support engineers when troubleshooting errors and problems: • Event log • SAVELOG.TXT-Event log that is automatically saved
  • Cisco CVPN3015-NR | Getting Started - Page 94
    be useful for troubleshooting. See Administration | File Management | Files for information on managing files in flash memory. VPN Concentrator Manager Errors HTML-based VPN Concentrator Manager with a browser. Table A-1 VPN Concentrator Manager Errors Symptom Problem Possible Cause
  • Cisco CVPN3015-NR | Getting Started - Page 95
    A Troubleshooting and System Errors VPN Concentrator Manager Errors Table A-1 VPN Concentrator Manager Errors (continued) Symptom Problem Possible Cause the "Browser Requirements" section on page 2-2 of this manual.) • You are using a browser that does not have JavaScript enabled. 78-15733-
  • Cisco CVPN3015-NR | Getting Started - Page 96
    Appendix A Troubleshooting and System Errors Table A-1 VPN Concentrator Manager Errors (continued) Symptom Problem Possible Cause Solution Error dialog box that includes the error message, "No such interface supported." While using a Manager function that opens another browser window (such
  • Cisco CVPN3015-NR | Getting Started - Page 97
    might occur while using the menu-based Command-line Interface from a console or Telnet session. Table A-2 VPN 3000 Concentrator Command-Line Interface Errors Console Message Problem Possible Cause Solution ERROR:-- Bad IP Address/Subnet Mask/Wildcard Mask/Area ID. The system expected a valid
  • Cisco CVPN3015-NR | Getting Started - Page 98
    LED Indicators Appendix A Troubleshooting and System Errors VPN Concentrator (front) LEDs The LEDs on the front of the VPN 3000 Concentrator are as . (All other LEDs are also off.) The LEDs below exist only on Models 3015-3080 Ethernet Link Status 1 2 3 Connected to network NA and enabled. Not
  • Cisco CVPN3015-NR | Getting Started - Page 99
    Appendix A Troubleshooting and System Errors LED Indicators VPN Concentrator Rear LEDs The LEDs on the rear of the VPN 3000 Concentrator are ) module LEDs are present only on models 3015 through 3080 and are visible from the rear of the VPN Concentrator. SEP Module LED Power Green Power on
  • Cisco CVPN3015-NR | Getting Started - Page 100
    LED Indicators Appendix A Troubleshooting and System Errors VPN 3000 Series Concentrator Getting Started A-8 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 101
    by United States copyright laws, laws of other nations, and/or international treaties. Grant of License 2. Cisco Systems hereby grants to you the right to use the Software with the Cisco VPN 3000 Concentrator product. To this end, the Software contains both operator software for use by the network
  • Cisco CVPN3015-NR | Getting Started - Page 102
    of the entire Cisco product, and only even as part of the Cisco product, to any country for as part of the Cisco product, in violation of Cisco Systems, the Software and accompanying documentation and all copies thereof. Cisco authorized in writing by Cisco Systems. 10. Cisco Systems, whose address is
  • Cisco CVPN3015-NR | Getting Started - Page 103
    AT CISCO SYSTEMS' CHOICE, EITHER (A) RETURN OF THE PRICE PAID OR (B) REPLACEMENT OF THE SOFTWARE THAT DOES NOT MEET CISCO SYSTEMS' LIMITED WARRANTY AND WHICH IS RETURNED TO CISCO SYSTEMS TOGETHER pertaining to the subject transaction. 78-15733-03 VPN 3000 Series Concentrator Getting Started B-3
  • Cisco CVPN3015-NR | Getting Started - Page 104
    B Copyrights, Licenses, and Notices Other Licenses The VPN 3000 Concentrator Series contains and uses software from other CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  • Cisco CVPN3015-NR | Getting Started - Page 105
    EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY specific, written prior permission. 78-15733-03 VPN 3000 Series Concentrator Getting Started B-5
  • Cisco CVPN3015-NR | Getting Started - Page 106
    copyright on the software developed at NRL. The affected files all contain specific copyright notices and those notices must be retained in any derived work. VPN 3000 Series Concentrator Getting Started B-6 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 107
    , OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON , 5414425, 5463390, and 5506580. Other Patents Pending. 78-15733-03 VPN 3000 Series Concentrator Getting Started B-7
  • Cisco CVPN3015-NR | Getting Started - Page 108
    granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of CMU not be used in advertising or publicity pertaining to distribution of the software without specific
  • Cisco CVPN3015-NR | Getting Started - Page 109
    both the copyright notice and this permission notice appear in supporting documentation. This software is provided "as is" without Corp. All rights reserved. Contains an implementation of NR signatures, licensed under U.S. patent 5,600,725. Protected VPN 3000 Series Concentrator Getting Started B-9
  • Cisco CVPN3015-NR | Getting Started - Page 110
    Package by Katie Stevens ([email protected]) University of California, Davis Computing Services - 01-31-90initial adaptation (from 1.19) PPP.0502-15-90 [ks 17:43 root Regulatory Standards Compliance Standards Compliance The VPN 3000 Concentrator complies with the following regulatory standards:
  • Cisco CVPN3015-NR | Getting Started - Page 111
    uninterrupted service. If trouble is experienced with this equipment, please contact us for repair and warranty information. If the trouble is causing harm to the telephone network, the telephone company can request you remove the equipment from the network until the problem is
  • Cisco CVPN3015-NR | Getting Started - Page 112
    compliance with the above conditions may not prevent degradation of service in some situations. Repairs to certified equipment should be approval details. Table B-2 JATE Approval Applicant Name Nihon Cisco Systems Nihon Cisco Systems Model Number CVPN3000-2T1 CVPN3005-T1 Approval Number
  • Cisco CVPN3015-NR | Getting Started - Page 113
    (FCC) Class A Warning "Modifying the equipment without Cisco's authorization may result in the equipment no longer complying with not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications VPN 3000 Series Concentrator Getting Started B-13
  • Cisco CVPN3015-NR | Getting Started - Page 114
    equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. Hungarian Class A conditions of installation and protection distance are used. B-14 VPN 3000 Series Concentrator Getting Started 78-15733-03
  • Cisco CVPN3015-NR | Getting Started - Page 115
    16, 4-13 NT Domain 3-14, 4-12 RADIUS 3-13, 4-11 SDI 3-15, 4-12 supported servers 1-5, 4-8 B Back button 3-3 Bad IP Address error A-5 78-15733-03 INDEX bandwidth assignment 4-7 clustering features 1-6 Coll LED (Ethernet) A-7 Command-Line Interface VPN 3000 Series Concentrator Getting Started IN-1
  • Cisco CVPN3015-NR | Getting Started - Page 116
    , system IN-2 VPN 3000 Series Concentrator supported 1-5 display settings 2-3 documentation cautions x conventions viii notes x related viii tips x DST, See Daylight-Saving Time 2-16 duplex transmission 3-7, 4-3 E encryption algorithms 1-4 options, configuring 3-9, 4-5 errors and troubleshooting
  • Cisco CVPN3015-NR | Getting Started - Page 117
    supported (IE) A-4 not allowed A-4 not found A-4 old browser A-3 out of range value A-5 passwords do not match A-5 recovering from 3-3 session timeout A-2, A-3 VPN A-6 F Fan Status LED A-6 features hardware 1-2 Model 3005 1-2 Model 3015 1-2 Model 3020 1-2 Model 3030 1-3 Model 3060 1-3 Model 3080 1-3
  • Cisco CVPN3015-NR | Getting Started - Page 118
    SEP) A-7 System A-6 table A-5 Throughput A-6 IN-4 VPN 3000 Series Concentrator Getting Started Tx (Ethernet) A-7 usage 3-3 Model 3005, features 1-2 Model 3015, features 1-2 Model 3020, features 1-2 addressing support features 1-5 network cables, connecting 2-9 No such interface supported error
  • Cisco CVPN3015-NR | Getting Started - Page 119
    O old browser (error) A-3 organization of manual vii OSPF 3-9 Out of Range value (error) A-5 P parameters needed with Manager 3-3 steps in 2-12 testing 5-1 using nondefault values 2-13 using the VPN Concentrator Manager 3-1 with Command Line Interface 4-1 R rack mounting 2-4 RADIUS authentication 3-
  • Cisco CVPN3015-NR | Getting Started - Page 120
    4-4 T terminal emulator settings 2-11 starting 2-11 testing the VPN Concentrator 5-1 Throughput LED A-6 time Daylight-Saving 2-16, 3-8 setting 2-15 zones, setting 2-15, 3-8 tools needed for installation 2-4 troubleshooting A-1 files created for A-1 tunneling protocols configuring 3-9, 4-5 features
  • Cisco CVPN3015-NR | Getting Started - Page 121
    1-2 how it works 1-7 installing hardware 2-4 physical specifications 1-8 picture of 1-1 software features 1-4 where it fits in your network 1-8 VPN Concentrator Manager errors A-2 logging in 3-1 logging out 3-23 starting Quick Configuration with 3-3 using for Quick Configuration 3-1 using functions
  • Cisco CVPN3015-NR | Getting Started - Page 122
    Index IN-8 VPN 3000 Series Concentrator Getting Started 78-15733-03
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
VPN 3000 Series Concentrator
Getting Started
Release 4.7
August 2005
Customer Order Number: 78-15733
Text Part Number: 78-15733-03