1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

Administer and Monitor Remote Access Networks

Administer and Monitor Remote?Access?Networks

This section looks briefly at the Administration and Monitoring features of the Cisco VPN 3000 Concentrator Series.

Administration

The VPN 3000 Concentrator Series provides a rich set of administration tools and features that keep the system operational and secure. Configuring the system sets the parameters that govern its use and functionality as a VPN device, but administration involves higher-level activities, such as who is allowed to configure the system and what software runs on it. Only those logged in as administrators can access and use the Administration tools. Figure 14-48 shows a breakdown of the Administration menu.


Figure 14-48: VPN 3000 Administration menu

Earlier sections in this chapter looked at some of the Administration features, such as managing Concentrator access hours and digital certificates. This section briefly discusses some other features that might be useful in a remote access environment.

Summarizing VPN Activity

The VPN 3000 Concentrator Series provides a recap of the current sessions currently underway by using two similar screens, the Administration | Administer Sessions screen option and the Monitoring | Sessions screen. Figure 14-49 shows the Administration | Administer Sessions screen.

Click To expand
Figure 14-49: The Administration | Administer Sessions screen summarizing VPN activity

Both screens have the Group drop-down box that allows looking at only a single group. Both screens have two additional outputs rows, which are not shown in the previous figure. One is a detail view of the current Remote Access sessions and the other is a detail view of the current administrative sessions.

The primary difference between the views is this: the Administration | Administer Sessions screen has links, just below the Group drop-down box, which can be used to log out of all active sessions of a given tunnel type at once. This could be handy if new security parameters were configured and you decide to force all current sessions to comply, instead of waiting for the next session.

To log out of the sessions, click the appropriate label. The Manager displays a prompt to confirm the action. This action immediately terminates all sessions of the given tunnel type. No user warning or Undo option occurs.

Ping

The Administration | Ping screen, shown in Figure 14-50, lets you use the ICMP ping utility to test network connectivity. This is most useful when working with and troubleshooting remote user connections. The VPN Concentrator sends an ICMP Echo Request message to the defined host. If the host is reachable, the screen displays a simple IP address is alive message, such as 192.168.1.20 is alive. If the host is unreachable, the Manager displays an Error message. You can also ping hosts from the Administration | Administer Sessions screen.

Click To expand
Figure 14-50: Ping screen

System Rebooting

The Administration | System Reboot screen, as shown in Figure 14-51, allows the administrator to reboot or shut down the VPN Concentrator with various options. Rebooting the system automatically logs you out and displays the main login screen. If the browser appears to hang during a reboot, preventing you from logging in, wait a minute for the reboot to finish.

Click To expand
Figure 14-51: System reboot and shutdown options

The choices should be self-explanatory.

Software Update

The Administration | Software Update screen has only two links that allow the administrator to update either the VPN Concentrator executable system software or the VPN Client software. The two links are as follows:

  • Concentrator—Uploads the software image to the VPN Concentrator

  • Client—Updates the VPN 3002 Hardware Client software

Clicking the Concentrator link brings up the Administration | Software Update | Concentrator screen, as shown in Figure 14-52. The process uploads the executable system software to the VPN Concentrator, which then verifies the integrity of the software image.

Click To expand
Figure 14-52: VPN Concentrator software upgrade screen

To specify the new software file, enter the complete path name of the new image file or click the Browse... button to find and select the file from the workstation or network.

This process can take a few minutes to upload and verify the software. The system will display a simple progress bar.

You must reboot the VPN Concentrator to run the new software image. The system prompts you to reboot when the update is finished.

Updating the Client software is covered in Chapter 15.

Monitoring

The VPN 3000 Concentrator compiles many statistics, and it tracks the status of many processes and activities essential to system administration and management. The Monitoring windows can be used to view the status items and statistics. You can see the state of LEDs that show the status of hardware subsystems in the device. Figure 14-53 shows a breakdown of the Monitoring menu.

Click To expand
Figure 14-53: Monitoring menu options

The Monitor menu option provides opportunities to see snapshot summaries of activity broken down by protocol or encryption type. An option, Monitoring | Sessions | Top Ten Lists, shows statistics for the top ten currently active sessions, sorted by the following:

  • Data—total bytes transmitted and received

  • Duration—total time connected

  • Throughput—average throughput (bytes/sec)

Routing Table

The Monitoring | Routing Table screen displays the current VPN Concentrator routing table. As with the routers, the routing table shows the best valid forwarding paths the system knows about. These routes can be static routes, or learned via routing protocols or interface configurations. Figure 14-54 shows a simple route table with related information.

Click To expand
Figure 14-54: Routing table entries

Additional monitoring options are included in Chapter 15.




BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Chapter 9: Cisco IOS IPSec Introduction
Chapter 10: Cisco IOS IPSec for Preshared Keys
Chapter 11: Cisco IOS IPSec Certificate Authority Support
Chapter 12: Cisco IOS Remote Access Using Cisco Easy VPN
Chapter 13: Cisco VPN Hardware Overview
Chapter 14: Cisco VPN 3000 Remote Access Networks
VPN Concentrator User Interfaces and Startup
VPN Concentrators in IPSec VPN Implementations
Remote Access VPNs with Preshared Keys
Digital Certificates
Configure Cisco VPN Client Support
VPN Client Autoinitiation Feature
Administer and Monitor Remote Access Networks
Chapter Review
Chapter 15: Configuring Cisco VPN 3002 Remote Clients
Chapter 16: Cisco VPN 3000 LAN-to-LAN Networks
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars