System information
142 Chapter 4: Configuring Cisco VPN 3000 for Remote Access Using Preshared Keys
Figure 4-3 HTTP Addressing for VPN 3000 Concentrator Series Manager
The browser connects to the VPN concentrator and presents the initial login screen, as shown
in Figure 4-4.
Figure 4-4 VPN 3000 Concentrator Series Manager Login Screen
Notice the hotlink option on the screen labeled Install SSL Certificate. You can use Secure
Sockets Layer (SSL) encryption to establish a secure session between your management
workstation and the concentrator. Using this secure session capability encrypts all VPN
Manager communications with the concentrator at the IP socket level. SSL uses the HTTPS
protocol and uses https:// addressing on the browser. You might want to use SSL if your VPN
Manager workstation connects to the concentrator across a public network. There can be a
slight performance penalty when using SSL, depending on the capability of the administration
workstation, but it should not be a serious consideration for management functions.
When the VPN concentrator boots for the first time, it generates a self-signed SSL server
certificate. To use SSL with your browser, install this server certificate into the browser. If you
have multiple concentrators, you must install the certificate from each of the concentrators into
your browser, but you only need to do that once for each concentrator. Once the SSL server
certificate is installed, you can begin using HTTPS for communications with the concentrator.
chpt_04.fm Page 142 Friday, April 4, 2003 9:19 AM