Cisco 3002 - VPN Hardware Client Podręcznik Użytkownika Strona 104
- Strona / 220
- Spis treści
- ROZWIĄZYWANIE PROBLEMÓW
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
11 Policy Management
11- 2
VPN 3002 Hardware Client User Guide
VPN 3000 Series Concentrator settings required for PAT
For the VPN 3002 to use PAT, these are the requirements for the central-site Concentrator.
1 The Concentrator at the central site must be running Software version 3.x or later.
2 Address assignment must be enabled, by whatever method you choose to assign addresses (e.g.,
DHCP, address pools, per user, or client-specified). If the Concentrator uses address pools for address
assignment, make sure to configure the address pools your network requires. See Chapter 6, Address
Management, in the VPN 3000 Concentrator Series User Guide.
3 Configure a Group to which you assign this VPN 3002. This includes assigning a
Group Name and
Password. See Chapter 14, User Management, in the VPN 3000 Concentrator Series User Guide.
4 Configure one or more Users for the group, including
User Names and Passwords.
Network Extension mode
Network Extension mode allows the VPN 3002 to present a full, routable network to the tunneled
network. IPSec encapsulates all traffic from the VPN 3002 private network to networks behind the
central-site Concentrator. PAT does not apply. Therefore, devices behind the Concentrator have direct
access to devices on the VPN 3002 private network via the tunnel, and only over the tunnel, and vice
versa. Either side can initiate data exchange.
In this mode, the Concentrator does not assign an IP address for tunneled traffic (as it does in Client/PAT
mode). The tunnel is terminated with the VPN 3002 private IP address (i.e., the assigned IP address). To
use Network Extension Mode, you must configure an IP address other than the default of 192.168.10.1
and disable PAT.
Network Extension mode with split tunneling
You assign the VPN 3002 to a Group on the central-site Concentrator. If you enable split tunneling for
that group, IPSec operates on all traffic that travels through the VPN 3002 to networks within the
network list behind the central-site Concentrator, just as described above. PAT does not apply.
Traffic from the VPN 3002 to any other destination than those within the Concentrator’s network list
travels in the clear without applying IPSec. NAT translates the network addresses of the devices on the
VPN 3002 private network to the address of the VPN 3002 Public interface. Thus the network and
addresses on the private side of the VPN 3002 are accessible via the tunnel, but are protected from the
Internet, i.e., they cannot be accessed directly.
VPN 3000 Series Concentrator settings required for Network Extension mode
For the VPN 3002 to use Network Extension mode, these are the requirements for the central-site
Concentrator.
1 The Concentrator at the central site must be running Software version 3.x or later.
2 Configure a Group to which you assign this VPN 3002. This includes assigning a
Group Name and
Password. See Chapter 14, User Management, in the VPN 3000 Concentrator Series User Guide.
3 Configure one or more Users for the group, including
User Names and Passwords.
4 Configure either a default gateway or a static route to the VPN 3002 private network. See Chapter 8,
IP Routing in the VPN 3000 Concentrator Series User Guide.
- VPN 3002 Hardware Client 1
- User Guide 1
- CONTENTS 3
- 5Servers 4
- 6 Tunneling 4
- 7IP Routing 4
- 8 Management Protocols 4
- 9 Events 4
- 10 General 5
- 11 Policy Management 5
- Contents—Table of contents 8
- Contents 9
- About this manual 11
- Additional documentation 12
- Obtaining documentation 13
- Documentation feedback 14
- Cisco.com 14
- Technical Assistance Center 14
- Other references 15
- Documentation conventions 16
- Data formats 16
- Filenames 17
- Port numbers 17
- Browser requirements 19
- Navigation toolbar 20
- Install SSL Certificate link 22
- Next to continue 24
- Security Alert screen 26
- Reinstallation 28
- First-time installation 28
- Title bar 37
- Status bar 37
- Mouse pointer and tips 38
- Top frame (Manager toolbar) 38
- Support 39
- Save Needed 39
- Main frame (Manager screen) 40
- Interfaces 45
- Subnet Mask 47
- MAC Address 48
- DHCP Client 49
- 3 Interfaces 50
- System Configuration 51
- Primary DNS Server 54
- Secondary DNS Server 54
- Tertiary DNS Server 54
- Timeout Period 55
- Timeout Retries 55
- Tunneling 57
- Peer Address 59
- Use Certificate 59
- IP Routing 61
- Static Routes 62
- Add / Modify / Delete 62
- Add or Modify 63
- Destination 64
- Add or Apply / Cancel 64
- Default Gateway 65
- Lease Timeout 66
- Address Pool Start/End 66
- DHCP Option 67
- Management Protocols 69
- Enable HTTP 70
- Enable Telnet 72
- Enable Telnet/SSL 72
- Telnet Port 72
- Telnet/SSL Port 72
- Maximum Connections 73
- Maximum Queued Requests 74
- SNMP Communities 75
- Communities 76
- Community String 77
- Encryption Protocols 78
- Client Authentication 79
- SSL Version 79
- Enable SSH 81
- Enable SSH on Public 81
- SSH Port 81
- Maximum Sessions 81
- Key Regeneration Period 81
- Event class 83
- (*Cisco-specific event class) 85
- Event severity level 86
- Event log 87
- Syslog Format 88
- Severity to Log 89
- Severity to Console 89
- Severity to Syslog 89
- Severity to Trap 89
- Configured Event Classes 90
- Class Name 91
- Trap Destinations 93
- Community 95
- Syslog Servers 96
- Syslog Server 97
- Facility 97
- System Name 100
- Location 100
- Apply / Cancel 100
- Current Time 101
- New Time 101
- Enable DST Support 101
- Policy Management 103
- Network Extension mode 104
- Traffic Management 105
- Management 106
- PAT 106
- Administration 109
- 12 Administration 110
- Current Software Revision 111
- Browse 111
- Upload / Cancel 111
- Software Update Progress 112
- Software Update Success 112
- Software Update Error 112
- Configuration 114
- When to Reboot/Shutdown 114
- Administration 115
- Error (Ping) 116
- Administrator 117
- Password 118
- Session Idle Timeout 119
- Session Limit 119
- Encrypt Config File 119
- View Files 120
- Swap Config Files 120
- Config File Upload 120
- OK / Cancel 121
- Local Config File / Browse 122
- File Upload Progress 122
- File Upload Success 123
- File Upload Error 123
- Common Name (CN) 125
- Organizational Unit (OU) 126
- Organization (O) 126
- Request Generated 128
- Certificate Type 129
- Certificate Password 130
- Local File / Browse 130
- Certificate Text 130
- Certificate Authorities 131
- Identity Certificates 131
- Subject / Issuer 131
- Expiration 132
- Actions/View/Delete 132
- Serial Number 133
- Signing Algorithm 133
- Yes / No 135
- Monitoring 137
- Monitoring 138
- Next Hop 139
- Interface 139
- Protocol 139
- Select Filter Options 140
- First Page 141
- Previous Page 141
- Next Page 141
- Last Page 141
- Get Log 142
- Clear Log 142
- Event log format 142
- Monitoring 144
- Monitoring 145
- 13 Monitoring 146
- Tunnel Established to: 147
- Duration: 147
- Security Associations: 147
- Front Panel 148
- Back Panel 148
- Monitoring 150
- IKE (Phase 1) Statistics 151
- IPSec (Phase 2) Statistics 154
- Max Connections 158
- Active Sessions 158
- Attempted Sessions 158
- Successful Sessions 158
- Monitoring 159
- Monitoring 160
- Monitoring 163
- Broadcast In 166
- Broadcast Out 166
- TCP Segments Received 166
- TCP Segments Transmitted 166
- -1 means there 167
- UDP Datagrams Received 168
- UDP Datagrams Transmitted 168
- UDP Errored Datagrams 168
- UDP No Port 168
- 0.0.0.0) and 169
- Total Received / Transmitted 171
- Errors Received / Transmitted 171
- Physical Address 174
- IP Address 174
- Mapping Type 174
- Action / Delete 174
- Alignment Errors 175
- FCS Errors 175
- Carrier Sense Errors 175
- Speed (Mbps) 177
- Requests Received 177
- Bad Version 177
- Bad Community String 178
- Parsing Errors 178
- Silent Drops 178
- Proxy Drops 178
- Accessing the CLI 179
- Starting the CLI 180
- Using the CLI 181
- Using shortcut numbers 182
- Using Back and Home 183
- Getting Help Information 184
- CLI menu reference 185
- Main menu 186
- 1 Configuration 186
- 2 Administration 188
- 2.3 Ping 189
- 3 Monitoring 192
- 3.2 Monitoring > Event Log 193
- Errors and troubleshooting 195
- LED indicators 196
- Errors on the system 197
- A Errors and troubleshooting 198
- Command Line Interface errors 204
- Ownership of the Software 205
- Grant of License 205
- Limited Warranty 206
- Other licenses 207
- DHCP client 208
- DNS Resolver (client) 208
- LZS221-C v6 210
- MPPC-C v4 210
- RSA software 211
- SecureID 211
- Server SNMP 211
- Client SNMP 212
- SSL Plus 212
- Telnet server 213
- CRSHDUMP.TXT file A-1 216
Powiązane produkty i podręczniki dla Networking Cisco 3002 - VPN Hardware Client
Networking Cisco WPC54GS Podręcznik Użytkownika
(83 strony)
(83 strony)
Networking Cisco 10700 Podręcznik Użytkownika
(602 strony)
(602 strony)
Networking Cisco ME 3800X Dokumentacja
(622 strony)
(622 strony)
Networking Cisco Aironet 340 Series Dokumentacja
(362 strony)
(362 strony)
Networking Cisco 867W Instrukcja Użytkownika
(59 strony)
(59 strony)
Networking Cisco 7576 Instrukcja Użytkownika
(26 strony)
(26 strony)
Networking Cisco IPS 7.1 Przewodnik Instalacji
(422 strony)
(422 strony)
Networking Cisco SMTP Instrukcja Użytkownika
(3 strony)
(3 strony)
Networking Cisco 815 Instrukcja Użytkownika
(8 strony)
(8 strony)
Networking Cisco WRT54GC Podręcznik Użytkownika
(83 strony)
(83 strony)
Kenwood MFJ-286 podręczniki
Instrukcje obsługi i podręczniki użytkownika dla Mikrofony Kenwood MFJ-286.
Dostarczamy 1 pdf podręczników Kenwood MFJ-286 do pobrania za darmo według typów dokumentów: Instrukcja Użytkownika
Komentarze do niniejszej Instrukcji