Auto-Update Feature

Auto-Update Feature

The client update feature was added in version 3.0 for the VPN 3002 Hardware Client allowing VPN central devices, such as VPN Concentrators, to upgrade the software and configuration on the client. In the case of the VPN 3002 Hardware Client, firmware upgrades can also be pushed down to the client.

VPN 3002 Hardware Clients

For VPN 3002 Hardware Clients, the client update allows an administrator to update software and firmware automatically for the 3002 device. If an upgrade is needed, the unit upgrades automatically from an internal TFTP server specified on the central site VPN Concentrator. The process of maintaining security, managing the system, and upgrading it is transparent to the end user.

To avoid update failures and reduce downtime, the VPN 3002 stores image files in two locations: the active and the backup location. The active location contains the image currently running on the system. Updating the image overwrites the image in the backup location. That new image is tested to validate it and, if successful, the image is identified as the active location for the next reboot. If the update isn’t validated, the client doesn’t reboot, and the invalid image doesn’t become active. If the update process fails to download a valid image, it will retry up to 20 times, waiting three minutes between attempts. Any unsuccessful updates are logged with information indicating the type of failure.

Cisco VPN Software Clients

For Cisco VPN software clients, the process is a little less automatic: it’s more of a notification mechanism with an assisted upgrade. The client update for the Cisco VPN software clients allows central location administrators to notify the client users automatically when it’s time to update. Then action is required on the part of users to retrieve and install the newer software.

Configuring Auto-Update

Use the Configuration | System | Client Update menu options of the VPN 3000 Concentrator Manager to configure the client update feature. This screen, as shown in Figure 15-33, offers the following two options.

Click To expand
Figure 15-33: Client auto-update screen


Enables or disables client update.


Configures updates by client type, acceptable firmware and software versions, and their locations.

  1. The Configuration | System | Client Update | Enable screen has only an Enable check box. Select it and click the Apply button to enable or disable the client update feature. The Manager returns to the Configuration | System | Client Update screen.

  2. The Configuration | System | Client Update | Entries screen, shown in Figure 15-34, is used to add, modify, or delete client update entries. The update entry list shows the available client updates. If no updates were configured, the list shows “--Empty--”.

    Click To expand
    Figure 15-34: Configuration | System | Client Update | Entries screen

Use the Add button to configure a new client update entry. The Manager opens the Configuration | System | Client Update | Entries | Add screen, as shown in Figure 15-35.

Figure 15-35: Adding or modifying a client update entry To modify an existing entry, highlight the update in the Update Entry list and click the Modify button. The Manager opens the Configuration | System | Client Update | Modify screen, which looks like the Add screen.

Click To expand
Figure 15-35: Adding or modifying a client update entry

Part III: Virtual Private Networks (VPNs)