Cisco 3002 - VPN Hardware Client Podręcznik Użytkownika Strona 124
- Strona / 220
- Spis treści
- ROZWIĄZYWANIE PROBLEMÓW
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
12 Administration
12-16
VPN 3002 Hardware Client User Guide
CAs issue root certificates (also known as trusted or signing certificates). They may also issue
subordinate trusted certificates. Finally, CAs issue identity certificates, which are the certificates for
specific systems or hosts. There must be at least one identity certificate (and its root certificate) on a
given VPN 3002; there may be more than one root certificate.
During IKE (IPSec) Phase 1 authentication, the communicating parties exchange certificate and key
information, and they use the public-key / private-key pairs to generate a hash value; if the hash values
match, the client is authenticated.
The VPN 3002 supports X.509 digital certificates (International Telecommunications Union
Recommendation X.509), including SSL (Secure Sockets Layer) certificates that are self-signed or
issued in a PKI context.
On the VPN 3002, digital certificates are stored as encrypted files in a secure area of flash memory. They
do not require you to click
Save Needed to store them, and they are not visible under Administration | Config
File Management
.
After you install a digital certificate on the VPN 3002, you can use it to negotiate an IPSec tunnel by
selecting the check box
Use Certificate on the Configuration | System | Tunneling Protocols | IPSec screen.
The VPN3002 can have only one SSL certificate installed. If you generate a self-signed SSL certificate,
it replaces any installed PKI-context SSL certificate; and vice-versa.
For information on using SSL certificates, see Installing the SSL certificate in your browser in Chapter
1. See also
Configuration | System | Management Protocols | HTTP/HTTPS and Telnet, and Configuration | System
| Management Protocols | SSL
.
Digital certificates carry a timestamp that determines a time frame for their validity. Therefore, it is
essential that the time on the VPN 3002 is correct and synchronized with network time.
Configuration |
System | General | Time and Date
.
Figure 12-20: Administration | Certificate Management screen
Installing digital certificates on the VPN 3002
Installing a digital certificate on the VPN 3002 requires these steps:
1 Use the
Administration | Certificate Management | Enrollment screen to generate a certificate request.
Save the request as a file, or copy it to the clipboard.
2 Process the certificate request to the chosen CA, usually using the CA’s Web interface. Most CAs let
you submit the request by pasting from the clipboard; otherwise, you can send a file.
3 From the CA, receive root (and perhaps subordinate) and identity certificates. Save them as text files
on your PC or other reachable network host; do not open them or install them in your browser.
4 Use the
Administration | Certificate Management | Installation screen to:
- VPN 3002 Hardware Client 1
- User Guide 1
- CONTENTS 3
- 5Servers 4
- 6 Tunneling 4
- 7IP Routing 4
- 8 Management Protocols 4
- 9 Events 4
- 10 General 5
- 11 Policy Management 5
- Contents—Table of contents 8
- Contents 9
- About this manual 11
- Additional documentation 12
- Obtaining documentation 13
- Documentation feedback 14
- Cisco.com 14
- Technical Assistance Center 14
- Other references 15
- Documentation conventions 16
- Data formats 16
- Filenames 17
- Port numbers 17
- Browser requirements 19
- Navigation toolbar 20
- Install SSL Certificate link 22
- Next to continue 24
- Security Alert screen 26
- Reinstallation 28
- First-time installation 28
- Title bar 37
- Status bar 37
- Mouse pointer and tips 38
- Top frame (Manager toolbar) 38
- Support 39
- Save Needed 39
- Main frame (Manager screen) 40
- Interfaces 45
- Subnet Mask 47
- MAC Address 48
- DHCP Client 49
- 3 Interfaces 50
- System Configuration 51
- Primary DNS Server 54
- Secondary DNS Server 54
- Tertiary DNS Server 54
- Timeout Period 55
- Timeout Retries 55
- Tunneling 57
- Peer Address 59
- Use Certificate 59
- IP Routing 61
- Static Routes 62
- Add / Modify / Delete 62
- Add or Modify 63
- Destination 64
- Add or Apply / Cancel 64
- Default Gateway 65
- Lease Timeout 66
- Address Pool Start/End 66
- DHCP Option 67
- Management Protocols 69
- Enable HTTP 70
- Enable Telnet 72
- Enable Telnet/SSL 72
- Telnet Port 72
- Telnet/SSL Port 72
- Maximum Connections 73
- Maximum Queued Requests 74
- SNMP Communities 75
- Communities 76
- Community String 77
- Encryption Protocols 78
- Client Authentication 79
- SSL Version 79
- Enable SSH 81
- Enable SSH on Public 81
- SSH Port 81
- Maximum Sessions 81
- Key Regeneration Period 81
- Event class 83
- (*Cisco-specific event class) 85
- Event severity level 86
- Event log 87
- Syslog Format 88
- Severity to Log 89
- Severity to Console 89
- Severity to Syslog 89
- Severity to Trap 89
- Configured Event Classes 90
- Class Name 91
- Trap Destinations 93
- Community 95
- Syslog Servers 96
- Syslog Server 97
- Facility 97
- System Name 100
- Location 100
- Apply / Cancel 100
- Current Time 101
- New Time 101
- Enable DST Support 101
- Policy Management 103
- Network Extension mode 104
- Traffic Management 105
- Management 106
- PAT 106
- Administration 109
- 12 Administration 110
- Current Software Revision 111
- Browse 111
- Upload / Cancel 111
- Software Update Progress 112
- Software Update Success 112
- Software Update Error 112
- Configuration 114
- When to Reboot/Shutdown 114
- Administration 115
- Error (Ping) 116
- Administrator 117
- Password 118
- Session Idle Timeout 119
- Session Limit 119
- Encrypt Config File 119
- View Files 120
- Swap Config Files 120
- Config File Upload 120
- OK / Cancel 121
- Local Config File / Browse 122
- File Upload Progress 122
- File Upload Success 123
- File Upload Error 123
- Common Name (CN) 125
- Organizational Unit (OU) 126
- Organization (O) 126
- Request Generated 128
- Certificate Type 129
- Certificate Password 130
- Local File / Browse 130
- Certificate Text 130
- Certificate Authorities 131
- Identity Certificates 131
- Subject / Issuer 131
- Expiration 132
- Actions/View/Delete 132
- Serial Number 133
- Signing Algorithm 133
- Yes / No 135
- Monitoring 137
- Monitoring 138
- Next Hop 139
- Interface 139
- Protocol 139
- Select Filter Options 140
- First Page 141
- Previous Page 141
- Next Page 141
- Last Page 141
- Get Log 142
- Clear Log 142
- Event log format 142
- Monitoring 144
- Monitoring 145
- 13 Monitoring 146
- Tunnel Established to: 147
- Duration: 147
- Security Associations: 147
- Front Panel 148
- Back Panel 148
- Monitoring 150
- IKE (Phase 1) Statistics 151
- IPSec (Phase 2) Statistics 154
- Max Connections 158
- Active Sessions 158
- Attempted Sessions 158
- Successful Sessions 158
- Monitoring 159
- Monitoring 160
- Monitoring 163
- Broadcast In 166
- Broadcast Out 166
- TCP Segments Received 166
- TCP Segments Transmitted 166
- -1 means there 167
- UDP Datagrams Received 168
- UDP Datagrams Transmitted 168
- UDP Errored Datagrams 168
- UDP No Port 168
- 0.0.0.0) and 169
- Total Received / Transmitted 171
- Errors Received / Transmitted 171
- Physical Address 174
- IP Address 174
- Mapping Type 174
- Action / Delete 174
- Alignment Errors 175
- FCS Errors 175
- Carrier Sense Errors 175
- Speed (Mbps) 177
- Requests Received 177
- Bad Version 177
- Bad Community String 178
- Parsing Errors 178
- Silent Drops 178
- Proxy Drops 178
- Accessing the CLI 179
- Starting the CLI 180
- Using the CLI 181
- Using shortcut numbers 182
- Using Back and Home 183
- Getting Help Information 184
- CLI menu reference 185
- Main menu 186
- 1 Configuration 186
- 2 Administration 188
- 2.3 Ping 189
- 3 Monitoring 192
- 3.2 Monitoring > Event Log 193
- Errors and troubleshooting 195
- LED indicators 196
- Errors on the system 197
- A Errors and troubleshooting 198
- Command Line Interface errors 204
- Ownership of the Software 205
- Grant of License 205
- Limited Warranty 206
- Other licenses 207
- DHCP client 208
- DNS Resolver (client) 208
- LZS221-C v6 210
- MPPC-C v4 210
- RSA software 211
- SecureID 211
- Server SNMP 211
- Client SNMP 212
- SSL Plus 212
- Telnet server 213
- CRSHDUMP.TXT file A-1 216
Powiązane produkty i podręczniki dla Networking Cisco 3002 - VPN Hardware Client
Networking Cisco WPC54GS Podręcznik Użytkownika
(83 strony)
(83 strony)
Networking Cisco 10700 Podręcznik Użytkownika
(602 strony)
(602 strony)
Networking Cisco ME 3800X Dokumentacja
(622 strony)
(622 strony)
Networking Cisco Aironet 340 Series Dokumentacja
(362 strony)
(362 strony)
Networking Cisco 867W Instrukcja Użytkownika
(59 strony)
(59 strony)
Networking Cisco 7576 Instrukcja Użytkownika
(26 strony)
(26 strony)
Networking Cisco IPS 7.1 Przewodnik Instalacji
(422 strony)
(422 strony)
Networking Cisco SMTP Instrukcja Użytkownika
(3 strony)
(3 strony)
Networking Cisco 815 Instrukcja Użytkownika
(8 strony)
(8 strony)
Networking Cisco WRT54GC Podręcznik Użytkownika
(83 strony)
(83 strony)
© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.116 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji