Monitoring and Administering the VPN 3000 Series Concentrator

1
Chapter 7

• Monitoring and Administering the VPN 3000 Series
  Concentrator

2
Lecture 7 Objectives

• Identify the Cisco VPN 3000 Series Concentrator
  Login
• Recognize the Administration Screen
• Recognize Software Updates
• Describe different System Reboot Options
• Define Ping
• Monitor the Refresh Screen
• Administer Access Rights
• Administer File Management
• Recognize the Certificate Manager Screen
• Monitor the Cisco VPN 3000 Series Concentrator

3
Chapter 7 Administering the Cisco VPN 3000
Series Concentrator

• The more thorough your knowledge of the system,
  the easier it becomes to use
• Set the URL of your web browser to the IP address
  of your concentrator
• DNS server will resolve the host name

4
Chapter 7 Concentrator Login
5
Chapter 7 Administration Screen

• Eight screens
• Administration Screen
• Software Update
• System Reboot
• Ping
• Monitoring Refresh
• Access Rights
• File Management
• Certificate Manager

Figure 7.4 Administration Screen
6
Chapter 7 Administration Screen

• Shows the session statistics for all connected
  sessions
• Filter the sessions shown
• Log out sessions

Figure 7.5 Administration\Administer Sessions
7
Chapter 7 Software Update

• Two submenu options
• Concentrator
• shows the current version of the software and
  allows you to upload a new version
• possible to corrupt the memory by failing to wait
  for the file transfer to complete
• Updating the software will not cause any
  disruption in current sessions
• Clients
• used to update hardware and software clients

8
Chapter 7 Software Update
Figure 7.6 Administration\Software Update
9
Chapter 7 Software Update
Figure 7.7 Administration\Software
Update\Concentrator
Figure 7.8 Administration\Software Update\Clients
10
Chapter 7 System Reboot

• Three Screens
• Action
• Configuration
• When to Reboot/Shutdown

11
Chapter 7System Reboot Action

• RebootReboots the concentrator
• Shutdown Shuts down without automatically
  rebooting
• CancelCancels a pending shutdown or reboot

Figure 7.9 Administration\System Reboot
12
Chapter 7 System RebootConfiguration

• Save the active configuration at time of reboot
• Is the most widely used because it saves the
  current configuration when the system is shut
  down
• Reboot without saving the active configuration
• Usually used when you wish to revert to a
  previously saved configuration after attempting
  some unsuccessful configuration changes
• Reboot ignoring the configuration file
• Allows you to bypass the configuration file upon
  rebooting, which is useful when you wish to
  change a very large amount of the configuration

13
Chapter 7 System RebootWhen to Reboot/Shutdown

• Now
• Causes the concentrator to take the previously
  chosen action immediately with no considerations
  given for anyone who is presently connected to
  the concentrator
• Delayed by minutes
• Allows the action to be delayed for a specific
  amount of time Administering the Cisco VPN 3000
  Series Concentrator 315
• At time
• Allows the action to be delayed until a specific
  time
• Wait for session to terminate
• Takes the previously chosen action when the last
  connection becomes inactive, with no new
  connections allowed until the action has been
  taken, which allows for all users to disconnect
  in a normal manner before the action is taken

14
Chapter 7 Ping

• Test connectivity
• IP address
• Host name if you are using a DNS

Figure 7.10 Administration\Ping
15
Chapter 7 Monitoring Refresh

• Two options
• Enable with a check mark
• Refresh default is 30 seconds

Figure 7.11 Administration\Monitoring Refresh
16
Chapter 7 Access Rights

• Administrators
• Access control lists
• Access settings
• AAA servers

Figure 7.12 Administration\Access Rights
17
Chapter 7Access Rights Administrators

• Up to five users
• Configuration
• Administration
• Monitoring
• Enabling the Administrator option gives the user
  full rights to the system (Radio button)

Figure 7.13 Administration\Access
Rights\Administrators
18
Chapter 7 Access Rights Access Control Lists

• These access lists are used to determine those IP
  addresses that may access the concentrator for
  management functions
• If the list is empty then all stations will be
  allowed all access
• They do use subnet mask as opposed to wildcard
  masks

19
Chapter 7 Access Rights Access Control Lists
Figure 7.16 Administration\Access Rights\Access
Control List
20
Chapter 7 Access Rights Access settings

• The Session Idle Timeout
• This specifies the amount of time that a
  connection is maintained without any activity on
  that session. After the timeout period without
• The maximum allowable time is 1800 seconds (30
  minutes)
• The default is 600 seconds (10 minutes)
• The Session Limit
• This option limits the number of concurrent
  management sessions (default is 10 sessions)
• The configuration file encryption
• None
• RC4 encryption algorithm

21
Chapter 7 Access Rights Access Settings
Figure 7.17 Administration\Access Rights\Access
Settings
22
Chapter 7 Access Rights AAA servers

• Cisco VPN 3000 Series Concentrators only use
  TACACS for administrator authentication
• Add
• Modify
• Test TACACS servers

Figure 7.19 Administration\AAA Servers\Authenticat
ion
23
Chapter 7 File Management

• Swapping config files
• TFTP transfer
• File uploads using HTTP
• XML Exports

Figure 7.21 Administration\File Management
24
Chapter 7 Certificate Manager

• Allows you to see all of your current
  certificates and enroll or install new
  certificates
• Enrollment
• Installation

Figure 7.22 Administration\Certificate Management
25
Chapter 7 Monitoring the Cisco VPN 3000 Series
Concentrator

• Six (five) Screens
• Routing Table
• Filterable Event Log
• System Status
• Sessions
• Statistics

Figure 7.23 Monitoring Screen
26
Chapter 7 Routing Table

• Current routes
• Clear routing entries learned by routing
  protocols
• Static routes are not affected by clearing routes
• Be aware that clearing routes may disrupt user
  connectivity

Figure 7.24 Monitoring\Routing Table
27
Chapter 7 Filterable Event Log

• Logging Screen
• Filter events by
• Class
• Severity
• Clients IP address

Figure 7.25 Monitoring\Filterable Event Log
28
Chapter 7 System Status

• Similar to show version command on a router
• shows the concentrator type
• the serial number
• the software revisions being run
• the time that the system has been active
• the boot time
• the RAM size

Figure 7.26 Monitoring\System Status
29
Chapter 7 Sessions

• Currently connected sessions
• Session Summary
• LAN-to-LAN Sessions
• Remote Access Sessions
• Management Sessions
• Top Ten Lists
• data (the total amount of data sent and received)
• duration (the total time the session has been
  established)
• throughput (the average amount of data throughput
  in bytes per second)

Figure 7.27 Monitoring\Sessions
30
Chapter 7 Statistics
Figure 7.30 Monitoring\Statistics
31
Lecture 7 - Summary

• Identify the Cisco VPN 3000 Series Concentrator
  Login
• Recognize the Administration Screen
• Administer Sessions
• Recognize Software Updates
• Describe different System Reboot Options
• Define Ping
• Monitor the Refresh Screen
• Administer Access Rights
• Administer File Management
• Recognize the Certificate Manager Screen
• Monitor the Cisco VPN 3000 Series Concentrator