Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Administer and Monitor Remote Access Networks

Administer and Monitor Remote Access Networks

Nov 16,2009 by alperen

small font medium font large font
image

Administer and Monitor Remote Access Networks

This section looks briefly at the Administration and Monitoring features of the Cisco VPN 3000 Concentrator Series.

Administration

The VPN 3000 Concentrator Series provides a rich set of administration tools and features that keep the system operational and secure. Configuring the system sets the parameters that govern its use and functionality as a VPN device, but administration involves higher-level activities, such as who is allowed to configure the system and what software runs on it. Only those logged in as administrators can access and use the Administration tools. Figure 14-48 shows a breakdown of the Administration menu.


Figure 14-48: VPN 3000 Administration menu

Earlier sections in this chapter looked at some of the Administration features, such as managing Concentrator access hours and digital certificates. This section briefly discusses some other features that might be useful in a remote access environment.

Summarizing VPN Activity

The VPN 3000 Concentrator Series provides a recap of the current sessions currently underway by using two similar screens, the Administration | Administer Sessions screen option and the Monitoring | Sessions screen. Figure 14-49 shows the Administration | Administer Sessions screen.

Click To expand
Figure 14-49: The Administration | Administer Sessions screen summarizing VPN activity

Both screens have the Group drop-down box that allows looking at only a single group. Both screens have two additional outputs rows, which are not shown in the previous figure. One is a detail view of the current Remote Access sessions and the other is a detail view of the current administrative sessions.

The primary difference between the views is this: the Administration | Administer Sessions screen has links, just below the Group drop-down box, which can be used to log out of all active sessions of a given tunnel type at once. This could be handy if new security parameters were configured and you decide to force all current sessions to comply, instead of waiting for the next session.

To log out of the sessions, click the appropriate label. The Manager displays a prompt to confirm the action. This action immediately terminates all sessions of the given tunnel type. No user warning or Undo option occurs.

Ping

The Administration | Ping screen, shown in Figure 14-50, lets you use the ICMP ping utility to test network connectivity. This is most useful when working with and troubleshooting remote user connections. The VPN Concentrator sends an ICMP Echo Request message to the defined host. If the host is reachable, the screen displays a simple IP address is alive message, such as 192.168.1.20 is alive. If the host is unreachable, the Manager displays an Error message. You can also ping hosts from the Administration | Administer Sessions screen.

Click To expand
Figure 14-50: Ping screen

System Rebooting

The Administration | System Reboot screen, as shown in Figure 14-51, allows the administrator to reboot or shut down the VPN Concentrator with various options. Rebooting the system automatically logs you out and displays the main login screen. If the browser appears to hang during a reboot, preventing you from logging in, wait a minute for the reboot to finish.

Click To expand
Figure 14-51: System reboot and shutdown options

The choices should be self-explanatory.

Software Update

The Administration | Software Update screen has only two links that allow the administrator to update either the VPN Concentrator executable system software or the VPN Client software. The two links are as follows:

  • Concentrator—Uploads the software image to the VPN Concentrator

  • Client—Updates the VPN 3002 Hardware Client software

Clicking the Concentrator link brings up the Administration | Software Update | Concentrator screen, as shown in Figure 14-52. The process uploads the executable system software to the VPN Concentrator, which then verifies the integrity of the software image.

Click To expand
Figure 14-52: VPN Concentrator software upgrade screen

To specify the new software file, enter the complete path name of the new image file or click the Browse... button to find and select the file from the workstation or network.

This process can take a few minutes to upload and verify the software. The system will display a simple progress bar.

You must reboot the VPN Concentrator to run the new software image. The system prompts you to reboot when the update is finished.

Updating the Client software is covered in Chapter 15.

Monitoring

The VPN 3000 Concentrator compiles many statistics, and it tracks the status of many processes and activities essential to system administration and management. The Monitoring windows can be used to view the status items and statistics. You can see the state of LEDs that show the status of hardware subsystems in the device. Figure 14-53 shows a breakdown of the Monitoring menu.

Click To expand
Figure 14-53: Monitoring menu options

The Monitor menu option provides opportunities to see snapshot summaries of activity broken down by protocol or encryption type. An option, Monitoring | Sessions | Top Ten Lists, shows statistics for the top ten currently active sessions, sorted by the following:

  • Data—total bytes transmitted and received

  • Duration—total time connected

  • Throughput—average throughput (bytes/sec)

Routing Table

The Monitoring | Routing Table screen displays the current VPN Concentrator routing table. As with the routers, the routing table shows the best valid forwarding paths the system knows about. These routes can be static routes, or learned via routing protocols or interface configurations. Figure 14-54 shows a simple route table with related information.


202 times read

Related news
» Cisco VPN 3000 Remote Access Networks Review
by alperen posted on Nov 17,2009
» Manager Organization
by alperen posted on Nov 14,2009
» Common Configuration Tasks
by alperen posted on Nov 19,2009
» Auto-Update Feature
by alperen posted on Dec 01,2009
» Using SCEP to Manage Certificates
by alperen posted on Nov 15,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.