Cisco 3002 - VPN Hardware Client Especificaciones Pagina 73
- Pagina / 318
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
3-9
VPN 3002 Hardware Client Reference, Release 4.0
OL-3813-01
Chapter 3 Interfaces
Configuration | Interfaces | Public
example, suppose a PC behind a VPN 3002 wants to FTP put a large file to an FTP server behind a VPN
Concentrator. The PC transmits packets that when encapsulated would exceed the VPN 3002’s MTU size
on the public interface. The following options determine how the VPN 3002 processes these packets.
The fragmentation policy you set here applies to all traffic travelling out the VPN 3002 public interface
to VPN Concentrators. The second and third options described below may affect performance rates.
Do not fragment prior to IPSec encapsulation; fragment prior to interface transmission
The VPN 3002 encapsulates all tunneled packets. After encapsulation, the VPN 3002 fragments packets
that exceed the MTU setting before transmitting them through the public interface. This option works
for situations where fragmented packets are allowed through the tunnel without hindrance. For the FTP
example, large packets are encapsulated and then fragmented at the IP layer. Intermediate devices may
drop fragments or just out-of-order fragments. Load-balancing devices can introduce out-of-order
fragments.
Fragment prior to IPSec encapsulation with Path MTU Discovery (ICMP)
The VPN 3002 fragments tunneled packets that would exceed the MTU setting during encapsulation. For
this option, the VPN 3002 drops large packets that have the Don’t Fragment (DF) bit set, and sends an
ICMP message “Packet needs to be fragmented but DF is set” to the packet’s initiator. The ICMP
message includes the maximum MTU size allowed. Path MTU Discovery means that an intermediate
device (in this case the VPN 3002) informs the source of the MTU permitted to reach the destination.
If a large packet does not have the DF bit set, the VPN 3002 fragments prior to encapsulating, thus
creating two independent non-fragmented IP packets, and transmits them out the public interface. This
is the default policy for the VPN 3002 hardware client.
For this example, the PC that is the FTP client may use Path MTU Discovery to adjust the size of the
packets it transmits to this destination.
Fragment prior to IPSec encapsulation without Path MTU Discovery (Clear DF bit)
The VPN 3002 fragments tunneled packets that exceed the MTU setting before encapsulating them. If
the DF bit on these packets is set, the VPN 3002 clears the DF bit, fragments the packets, and then
encapsulates them. This action creates two independent non-fragmented IP packets leaving the public
interface and successfully transmits these packets to the peer site by turning the fragments into complete
packets to be reassembled at the peer site.
In our example, the VPN 3002 overrides the MTU and allows fragmentation by clearing the DF bit.
Apply / Cancel
To apply your settings to this interface and include your settings in the active configuration, click Apply.
The Manager returns to the Configuration | Interfaces screen.
Reminder:
To save the active configuration and make it the boot configuration, click the Save Needed icon at the
top of the Manager window.
To discard your settings, click Cancel. The Manager returns to the Configuration | Interfaces screen.
- VPN 3002 Hardware Client 1
- Reference, Release 4.0 1
- CONTENTS 3
- 2 Configuration 2-1 4
- 3 Interfaces 3-1 4
- 4 System Configuration 4-1 5
- 5 Servers 5-1 5
- 6 Tunneling 6-1 5
- 7 IP Routing 7-1 6
- 8 Management Protocols 8-1 7
- 9 Events 9-1 8
- 10 General 10-1 9
- 11 Policy Management 11-1 9
- 12 Administration 12-1 10
- Contents 11
- 13 Monitoring 13-1 14
- A IKE Proposals A-1 24
- Prerequisites 27
- Organization 27
- Related Documentation 29
- Documentation conventions 30
- Data Formats 31
- Obtaining Documentation 32
- Cisco.com 33
- Technical Assistance Center 33
- Cisco TAC Web Site 34
- Cisco TAC Escalation Center 34
- JavaScript and Cookies 36
- Navigation Toolbar 36
- Click Next to continue 40
- Trusted 43
- Reinstallation 44
- First-time Installation 44
- Step 1 Bring up the browser 50
- Authentication 53
- Chapter 2 Configuration 64
- Interfaces 65
- Subnet Mask 67
- Disabled 68
- Static IP Addressing 68
- DHCP Client 70
- PPPoE Client 70
- IPSec Fragmentation Policy 72
- Chapter 3 Interfaces 74
- System Configuration 75
- Configuration 76
- Primary DNS Server 78
- Secondary DNS Server 78
- Tertiary DNS Server 78
- Timeout Period 79
- Timeout Retries 79
- Chapter 5 Servers 80
- Tunneling 81
- Chapter 6 Tunneling 82
- Remote Easy VPN Server 83
- Backup Easy VPN Servers 84
- Alert when disconnecting 86
- IPSec over TCP 86
- IPSec over TCP Port 86
- Use Certificate 87
- Certificate Transmission 87
- IP Routing 89
- Static Routes 90
- Add / Modify / Delete 90
- Network Address 91
- Default Gateway 93
- Lease Timeout 94
- Address Pool Start/End 94
- DHCP Option 95
- Option Value 96
- Nonconfigurable DHCP Options 97
- Chapter 7 IP Routing 98
- Management Protocols 99
- About HTTP/HTTPS 100
- Reminder: 101
- Enable Telnet 102
- Maximum Connections 103
- Apply / Cancel 103
- Enable Telnet/SSL 103
- Telnet Port 103
- Telnet/SSL Port 103
- Enable SNMP 104
- SNMP Port 104
- Maximum Queued Requests 104
- Communities 105
- Communities 106
- Community String 107
- Add or Apply / Cancel 107
- OL-3813-01 108
- Encryption Protocols 109
- Client Authentication 109
- SSL Version 110
- Apply/Cancel 110
- Enable SCP 113
- Enable HTTPS on Public 114
- Enable SSH on Public 115
- Event Class 117
- Chapter 9 Events 118
- Event Severity Level 119
- Event Log 120
- Syslog Format 122
- Severity to Log 123
- Severity to Console 123
- Severity to Syslog 123
- Severity to Trap 124
- Configured Event Classes 125
- Add/Modify/Delete 125
- Class Name 126
- Add or Apply/Cancel 127
- Trap Destinations 128
- Destination 129
- SNMP Version 129
- Community 129
- Syslog Servers 131
- Syslog Server 132
- Facility 132
- System Name 136
- Location 136
- Current Time 137
- New Time 137
- Enable DST Support 137
- Policy Management 139
- Certificate Validation 140
- About PAT (Client Mode) 140
- About Network Extension Mode 141
- group name and 142
- Tunnel Initiation 143
- Data Initiation 144
- 145
- Distinguished Name Component 147
- Administration 149
- icon in 150
- Current Software Revision 151
- Browse 151
- Upload/Cancel 151
- Software Update Progress 152
- Software Update Success 152
- Software Update Error 152
- Configuration 154
- Administration 155
- Address/Hostname to Ping 156
- Ping/Cancel 156
- Success (Ping) 156
- Error (Ping) 156
- Administrator 158
- Password 158
- Session Idle Timeout 160
- Session Limit 160
- Config File Encryption 160
- View (Save) 161
- Swap Config Files 162
- Config File Upload via HTTP 162
- OK/Cancel 162
- Local Config File/Browse 163
- File Upload Progress 163
- File Upload Success 164
- File Upload Error 164
- Certificate Management 165
- About the Documentation 166
- Obtaining SSL Certificates 178
- Deleting Digital Certificates 179
- Certificate Authorities Table 182
- Identity Certificates Table 182
- Enrollment Status Table 185
- Identity Certificate 187
- SSL Certificate 187
- Type 189
- Enroll / Cancel 192
- Renewal 193
- Identity Certificate 194
- SSL Certificate 195
- Install CA Certificate 197
- Obtained via Enrollment 198
- Cut & Paste Text 199
- Upload File from Workstation 199
- CA Certificate 200
- Type 201
- Filename / Browse 202
- Install / Cancel 202
- Certificate Fields 204
- Configure CA Certificate 206
- Re-Submit 209
- View Enrollment Request 211
- Enrollment Request Fields 212
- Cancel Enrollment Request 213
- Delete Enrollment Request 214
- Yes / No 215
- Monitoring 217
- Monitoring 218
- Select Filter Options 219
- Chapter 13 Monitoring 220
- Event Log Format 221
- Monitoring 222
- Pause Display/Resume Display 223
- Clear Display 223
- Monitoring 224
- Tunnel Established to 226
- Duration 226
- Tunnel Type 226
- Security Associations 226
- Front Panel 227
- Back Panel 227
- System Memory Summary 228
- Total Memory 228
- Memory Status 228
- Memory Detail Report 229
- Tx Multicast 233
- Rx Broadcast 233
- Tx Broadcast 233
- Monitoring 234
- Monitoring 235
- IKE (Phase 1) Statistics 237
- IPSec (Phase 2) Statistics 240
- System Capability Failures 242
- No-SA Failures 242
- Protocol Use Failures 242
- HTTP Sessions 244
- Max Connections 244
- Active Sessions 245
- Attempted Sessions 246
- Successful Sessions 246
- Telnet Sessions 246
- Monitoring 247
- Monitoring 248
- Active Leases 250
- Maximum Active Leases 250
- Monitoring 252
- Packets Sent/Received 253
- Maximum Sessions 253
- Total Sessions 253
- SSH Sessions 253
- Monitoring 254
- NAT Sessions 255
- Translated Bytes/Packets 256
- MAC Address 257
- Server Name 257
- Multiple PADO Rx 258
- Generic Errors Rx 258
- Malformed Packets Rx 258
- Interface 260
- TCP Segments Received 262
- -1 means there 263
- Total Received/Transmitted 268
- Physical Address 272
- IP Address 272
- Mapping Type 272
- Action/Delete 272
- Alignment Errors 273
- MAC Errors: Transmit 275
- MAC Errors: Receive 275
- Speed (Mbps) 275
- Requests Received 276
- Bad Version 276
- Bad Community String 277
- Parsing Errors 277
- Silent Drops 277
- Proxy Drops 277
- Console Access 279
- Telnet or Telnet/SSL access 280
- Choosing Menu Items 281
- Entering Values 281
- Navigating Quickly 282
- Getting Help Information 283
- Saving the Configuration File 284
- Understanding Access Rights 284
- Menu Reference 285
- 2 Administration 287
- 3 Monitoring 290
- 3.2 Monitoring > Event Log 291
- IKE Proposals 293
- AppendixA IKE Proposals 294
- Valid IKE Proposals 294
- Appendix A IKE Proposals 295
- Files for Troubleshooting 297
- LED Indicators 298
- System Errors 299
- Manager Logs Out 302
- Incorrect Display 303
- Error Message 303
- Not Allowed Message 304
- Not Found 305
- Command-line Interface Errors 306
- Numerics 307
Relacionado con productos y manuales para Redes Cisco 3002 - VPN Hardware Client
Redes Cisco WMP110 Manual de usuario
(20 paginas)
(20 paginas)
Redes Cisco 3745 Guía de instalación
(28 paginas)
(28 paginas)
Redes Cisco 12012 Manual de usuario
(6 paginas)
(6 paginas)
Redes Cisco WAE-611-K9 Manual de usuario
(28 paginas)
(28 paginas)
Redes Cisco ONS 15327 Especificaciones
(334 paginas)
(334 paginas)
Redes Cisco UBR924 - uBR 924 Router Especificaciones
(108 paginas)
(108 paginas)
Redes Cisco WKPC54G Guía de instalación
(2 paginas)
(2 paginas)
Redes Cisco WS-SVC-WISM-1-K9 Manual de usuario
(22 paginas)
(22 paginas)
Redes Cisco IAD2431-1T1E1 Guía de instalación
(28 paginas)
(28 paginas)
Redes Cisco 521 Manual de usuario
(12 paginas)
(12 paginas)
Redes Cisco NMH300 Guía de instalación
(32 paginas)
(32 paginas)
Redes Cisco 7120-AT3 - 7120 Router Especificaciones
(183 paginas)
(183 paginas)
Redes Cisco CTX2500 Información técnica
(30 paginas)
(30 paginas)
Redes Cisco WMA11B Guía de usuario
(32 paginas)
(32 paginas)
Redes Cisco 7301 Información técnica
(40 paginas)
(40 paginas)
Redes Cisco ISE - Line Card ISE Especificaciones
(82 paginas)
(82 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.043 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales