1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

Common Configuration Tasks

Common Configuration Tasks

This section looks briefly at how to use both interfaces to accomplish routine configuration tasks. While conceptually these will be familiar, please remember that neither interface has been aligned with the familiar IOS and this can be a little confusing.

Upgrading the Software

When upgrading with the CLI, you must download the latest OS for the 3002 and store it in the source directory for the TFTP server. Make sure the TFTP server is running. The web interface uses an upload process that only requires the new software is installed on the computer.

The following output shows the upgrade steps to use when working with the CLI, starting at the Main menu:

1) Configuration
2) Administration
3) Monitoring
4) Save changes to Config file
5) Help Information
6) Exit

Main -> 2 ?????????????????????????????(select Administration)

1) Software Update
2) System Reboot
3) Ping
4) Access Rights
5) File Management
6) Certificate Management
7) Back

Admin -> 3 ????????????????(select Ping to test connectivity to TFTP)

> Ping host ???????????????(prompt is confusing. Enter IP address only)
Admin -> 192.168.1.20
Host 192.168.1.20 (192.168.1.20) is alive. The round trip time is 3.96 ms

> Ping host
Admin -> ??????????????????(press ENTER to return to Admin menu)

1) Software Update
2) System Reboot
3) Ping
4) Access Rights
5) File Management
6) Certificate Management
7) Back

Admin -> 1 ??????????????????????????????????(select Software Update)

The first prompt asks for the upgrade file name. The file name for the current OS, or for the OS you tried to get on a previous attempt that failed, is displayed in square brackets. Type the new name and press ENTER. The second prompt is asking for the TFTP server address. Type the address and press ENTER. Finally, a prompt will allow modifying the two initial entries, continuing to file transfer, or exiting from the process.

Name of the file for main code upgrade? [old.bin] vpn3002-3.6.7.C-k9.bin
IP address of the host where the file resides? [10.1.0.1] 192.168.1.20

(M)odify any of the above (C)ontinue or (E)xit? [M] c
Erasing flash...This can take several seconds to complete!

Starting the TFTP download...
Loading..........................................
Verifying..........................................complete
SUCCESS: New code image will become active on next reboot!

Reboot now? (Y/N) [Y] ??????????????????????????(press ENTER to confirm)
Reboot scheduled immediately...
64 03/29/2003 21:44:38.110 SEV=1 REBOOT/1 RPT=1
Reboot scheduled immediately.

Done

Login: admin
Password:

Figure 15-9 shows the Update process using the Web interface. Expanding Administration in the left-panel tree and choosing Software Update brings up this screen. Note, a Ping option should also be used first to verify connectivity to the TFTP server.

Click To expand
Figure 15-9: VPN 3002 Update process using the web interface
Note?

A Ping option exists that should be used first to verify connectivity to the TFTP server. The screen is straightforward: browse for the OS file on your local computer or a server you have access to, and then click the Upload button.

Quick Configuration

Quick Configuration (Configuration | Quick Configuration) starts a series of screens to provide basic connectivity for the VPN 3002. See the section “VPN Hardware Configuration” for an example of these features. The Quick Configuration on the web interface consists of the following ten steps (the CLI steps are slightly different). When appropriate, the current settings will appear in square brackets as the default value.

  1. Set the system time, date, and time zone.

  2. Configure the Private Interface Ethernet interface. To use Network Extension mode, you must configure an IP address other than the default.

  3. Optionally upload an already existing configuration file.

  4. Configure the Public Interface Ethernet interface to a public network.

  5. Specify a method for assigning IP addresses.

  6. Configure the IPSec tunneling protocol with group and user names, and passwords and encryption options.

  7. Set the VPN 3002 to use either PAT or Network Extension mode.

  8. Configure DNS.

  9. Configure static routes.

  10. Change the admin password for security.

System Status

Use the Monitoring | System Status menu to check the status of several software and hardware variables. The resulting data is a snapshot of the device feature at the time the screen is displayed. From this screen, you can display the status of the IPSec tunnel security associations (SAs) and tunnel duration. On the web interface, the device front and rear panels are displayed with embedded links that display port statistics. Figure 15-10 shows the web-based output for displaying system status.

Click To expand
Figure 15-10: Web interface displaying system status

The following is the CLI output from choosing Monitoring | System Status (3.3) from the menus:

System Status
-------------
VPN Concentrator Type: 3002
Serial Number: CAM02223438
Bootcode Rev:
 ?Cisco Systems, Inc./VPN 3002 Hardware Client Version 3.0.Rel Feb 26 
 ?2001 10:39:17
Software Rev:
 ?Cisco Systems, Inc./VPN 3002 Hardware Client Version 3.6.7.C Mar 20 
 ?2003 21:38:43
Up For 3:29:12
Up Since 03/30/2003 19:41:58
RAM Size: 16 MB
No Tunnel Established - Public Interface not configured.

1) Refresh System Status
2) Reset System Status
3) Restore System Status
4) Connect Now
5) Disconnect Now
6) View Memory Status
7) Back

Status ->

PPPoE Support

Point-to-Point Protocol over Ethernet (PPPoE) incorporates two widely used and understood standards: PPP and Ethernet. The PPPoE specification connects hosts on an Ethernet to the Internet through a common broadband medium, such as DSL line, cable modem, or a wireless device. With PPPoE, the principles of Ethernet supporting multiple users in a LAN are combined with the principles of PPP, which uses serial connections. The VPN 3002 supports PPPoE Client mode on the public interface to access these networks. Users need only to authenticate to the PPPoE server the first time and, for all subsequent attempts, VPN 3002 will authenticate for the user.

Figure 15-11 shows the public interface screen (Configuration | Interface | Public). The feature is supported on the CLI by following the same menu options. To configure PPPoE, you must furnish the following information, which is generally provided by the ISP.

  • A valid PPPoE user name

  • The PPPoE password for the user name entered previously

  • The PPPoE password again to verify it

    Click To expand
    Figure 15-11: PPPoE configuration on the public interface screen




BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Chapter 9: Cisco IOS IPSec Introduction
Chapter 10: Cisco IOS IPSec for Preshared Keys
Chapter 11: Cisco IOS IPSec Certificate Authority Support
Chapter 12: Cisco IOS Remote Access Using Cisco Easy VPN
Chapter 13: Cisco VPN Hardware Overview
Chapter 14: Cisco VPN 3000 Remote Access Networks
Chapter 15: Configuring Cisco VPN 3002 Remote Clients
The VPN 3002 in the Network
Configuring the 3002 Device
Common Configuration Tasks
Basic Configuration for the VPN 3002
Other VPN 3002 Software Features
Auto-Update Feature
Chapter Review
Chapter 16: Cisco VPN 3000 LAN-to-LAN Networks
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars