Using Cloud VPN Service

Similar documents
Using Cloud VPN Service

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Cisco Plug and Play Feature Guide Cisco Services. Cisco Plug and Play Feature Guide Cisco and/or its affiliates.

Lab Configuring an ISR with SDM Express

Installing Cisco CSR 1000v Licenses

ForeScout Extended Module for MaaS360

MWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router

Cisco Virtual Managed Services

Use Plug and Play to Deploy New Devices

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Silver Peak EC-V and Microsoft Azure Deployment Guide

EdgeConnect for Amazon Web Services (AWS)

Configuring the SMA 500v Virtual Appliance

Installing and Configuring vcloud Connector

Integrating AirWatch and VMware Identity Manager

ForeScout Extended Module for MobileIron

Firepower Threat Defense Remote Access VPNs

Cisco TelePresence VCS Cluster Creation and Maintenance

SSL VPN - IPv6 Support

OPC UA Configuration Manager PTC Inc. All Rights Reserved.

SSL VPN - IPv6 Support

Virtual Private Cloud. User Guide. Issue 03 Date

vcloud Director User's Guide 04 OCT 2018 vcloud Director 9.5

Using the Management Interfaces

Managing Deployment. Understanding Deployment CHAPTER

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Using NetShow Commands

Configuring Cisco Prime NAM

Implementing Core Cisco ASA Security (SASAC)

April AT&T Collaborate SM. Customer Configuration Guide

CCNA Semester 2 labs. Labs for chapters 2 10

Dolby Conference Phone 3.1 configuration guide for West

Grandstream Networks, Inc. GWN7000 Command Line Guide

ForeScout Extended Module for VMware AirWatch MDM

Setting Up Initial System Configuration

Cisco Network Plug and Play Connect Capability Overview. Customers

vcloud Director Tenant Portal Guide vcloud Director 8.20

CHAPTER 7 ADVANCED ADMINISTRATION PC

The VPN menu and its options are not available in the U.S. export unrestricted version of Cisco Unified Communications Manager.

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Barracuda Firewall Release Notes 6.5.x

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

Read the following information carefully, before you begin an upgrade.

Lab Configuring and Verifying Extended ACLs Topology

Chapter 4. Network Security. Part II

Cisco Expressway Cluster Creation and Maintenance

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

Cisco ASA 5500 LAB Guide

DrayTek Vigor Technical Specifications. PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6. Redundancy. By WAN interfaces traffic volume

Installing and Configuring vcloud Connector

Cisco VVB Installation

VPN Client. VPN Client Overview. VPN Client Prerequisites. VPN Client Configuration Task Flow. Before You Begin

ForeScout Extended Module for Tenable Vulnerability Management

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Dell EMC OpenManage Mobile. Version User s Guide (Android)

Configuring the DHCP Server On-Demand Address Pool Manager

Lab Configuring Basic RIPv2 (Solution)

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

FUJITSU Cloud Service S5. Introduction Guide. Ver. 1.3 FUJITSU AMERICA, INC.

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

vcloud Director User's Guide

VI. Corente Services Client

Cisco Passguide Exam Questions & Answers

Configuring Cisco Network Plug and Play

Managing Site-to-Site VPNs

NGFW Security Management Center

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

Lab Using the CLI to Gather Network Device Information Topology

C L O U D V O I C E Y E A L I N K S I P - C P 8 6 0

Quick Note. Configure an IPSec VPN tunnel in Aggressive mode between a TransPort LR router and a Cisco router. Digi Technical Support 7 October 2016

Table of Contents. VMware AirWatch: Technology Partner Integration

EdgeXOS Platform QuickStart Guide

Creating Application Containers

Managing NCS User Accounts

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Basic Router Configuration using SDM

Configuring FlexVPN Spoke to Spoke

Table of Contents HOL-1757-MBL-6

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

SRA Virtual Appliance Getting Started Guide

Managing Site-to-Site VPNs: The Basics

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Installing and Configuring vcenter Support Assistant

NGFW Security Management Center

vcloud Director User's Guide

vcloud Director Tenant Portal Guide 04 OCT 2018 vcloud Director 9.5

Quick Installation Guide

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Administrator Guide. Find out how to set up and use MyKerio to centralize and unify your Kerio software administration.

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

VMware AirWatch: Directory and Certificate Authority

Finding Support Information for Platforms and Cisco IOS Software Images

Configuring the Cisco APIC-EM Settings

Dolby Conference Phone. Configuration Guide for Microsoft Skype for Business

ASACAMP - ASA Lab Camp (5316)

Transcription:

To begin, log in to the VMS Service Interface using your consumer credentials. In case of association with several tenants, choose a customer name from the drop-down in the left pane of the Welcome page. The Services and Devices menu items in the UI are populated only after you finish ordering or shopping. Resetting Password The Administrator first creates a Tenant and then one or more users. As a new user, when you receive an email notification (with link) to configure the password, you must click this link before the password expiry date, to specify your new password. In case you forget the password, access the Login page, and click the Forgot Password link. This link opens a page where you are prompted to specify information, so that you receive a mail with the new password. Placing an Order for a Cloud VPN Service, page 1 Configuring or Deploying Customer Premise Equipment (CPE), page 7 Registering a Cloud VPN Device, page 9 Setting up Bandwidth Prioritization for a CVPN Device or CPE, page 12 Upgrading or Downgrading a Service Subscription, page 12 Canceling a Service Subscription, page 13 Managing Remote Users, page 14 Searching for an event log, page 15 Placing an Order for a Cloud VPN Service The Cloud VPN service is a comprehensive networking solution that includes: A VPN that connects one or more locations over the public Internet using the IPsec protocol Remote VPN users (SSL VPN users) Intelligent router (self-configure and self-install) per site 1

Placing an Order for a Cloud VPN Service Simple self-service management interface with capability to customize the VPN access based on company size, select the VPN speeds and desired level of security. To get started with the Cisco VMS Portal, begin by placing an order. Consumers/End customers order the Cloud VPN service through the service portal, selecting optional security features before registering one or more CPEs to create a site-to-site VPN. Step 4 Log in to the Cisco VMS Portal using consumer credentials. From the left pane, click Service Catalog. Click Cloud VPN in the select Service page. Select an offer such as Cloud VPN Foundation, Cloud VPN Advanced, or Cloud VPN Advanced with Web Security. A service form is displayed that corresponds to the Offer you've selected. Note The Order Summary is displayed in the right pane, based on the details you've entered in the service form. In the service form, enter the following details: In the Tell us about your company area, enter details such as the number of sites and number of users for each site. Slide the bar in the Anticipated Growth field to indicate the anticipated employee growth. Note After you have completed the form, the icon located near the top of the Tell us about your company area turns green indicating the next area can be edited. In the Cloud VPN Speed area (Area name is based on the service you select), select the required speed. Speed controls the maximum throughput of the cloud VPN service. Your choice of speed tells the application to update the purchase amount accordingly. 2

Placing an Order for a Cloud VPN Service (This option is not available for Cloud VPN Foundation offer.) In the Users area (area name is based on the service and offer selected, for example, Remote Access Users), choose the number of remote access users by sliding the bar. Additional users add charges to your service. The following options are available for Cloud VPN Advanced and Cloud VPN Advanced with Web Security offers only: In the Automated Recovery Service area, select a recovery service based on your requirement. This service provides system recovery for any outage. (This option is only available if Cisco Network Services Orchestrator (NSO) is deployed in multiple data centers.) (This option is available for Cloud VPN Advanced with Web Security offer only.) In the URL Filtering area, select Low, Medium, or High based on your requirement. URL filtering scans HTTP traffic between the VPN users and Internet, takes different actions depending on the category of the destination URL. 3

Placing an Order for a Cloud VPN Service (Optional) Include the Cloud VCE instance in the VCE attachment area, which allows remote branches that use different WAN access methods to communicate. For more information, see Place an Order for Cloud VCE chapter. In the Devices area, click Add Devices, to select a device. View the list of devices in the Device Catalog popup window. You can click the device to view the specification details. Enter the required quantity in the Quantity field and click Save to close the Device Catalog popup window. You can remove device selection in device popup while upgrade or downgrade of the service. In the Installation Address area, enter the installation address details for each device chosen. Note Areas displayed in the service form are based on the service selected in step 3. 4

Approving or Rejecting a Service Request Step 5 Step 6 Step 7 Step 8 Click Save. Click Review Order placed under the Summary area, at the right pane. Review your order summary in Order Summary page. Check the I accept the Terms and Conditions check box if you agree to proceed for the purchase. You can also click the Terms and Conditions hyperlink to view the terms and conditions, before you proceed. Click Purchase. An order confirmation with purchase details is sent to the service provider. You can configure notifications as an email and/or REST to the Service Provider. After confirmation, the service that you have purchased is displayed in the Services window. You can view the Cloud VPN service instance ID. Note You can order only one offer for each service, for a customer with many remote users and sites. Also, you can also add more devices for an existing service. After your order has been placed, your service is automatically set up and your ordered devices are shipped to your device location by the service provider. You can now start the actual configuration process of the device. Approving or Rejecting a Service Request When a new service order is submitted, the service request goes through an approval process before it is provisioned. Only an approver user or a user with approver privilege can approve or reject a request. If notifications are enabled, the approvers are notified of the pending approvals. An approver can approve or reject the following request types: New service request Update to an existing service request Service cancellation request For a service provider user, the status of the submitted order stays in pending state until it is approved or rejected. If the notifications are configured for the service provider, the user is notified of the status through an email or REST API. Note Only a user with an out-of-the-box Approver role or Approver permissions can perform this process. By default, VMS provides the approval privileges to an Operator user. Before You Begin Enable approvals at the service offer level, i.e, before importing the service definitions into VMS. See Enabling Approvals for a Service Request. Configure notifications if you want to notify approvers or service provider users about the status of the approvals. See Enable Notifications for Events. 5

Configuring Firewall Rules Log in to the Cisco VMS Portal. From the left pane, click Approvals to view a list of pending service requests. Select a request and do the following: a) Click View Details to view the service order summary. b) Click Approve or Reject. If rejected, provide a reason for rejection. The user is notified about the status.. Configuring Firewall Rules As a consumer, you can define or update the firewall configuration for a Cloud VPN Advanced or Cloud VPN Advanced with Web Security offer. From the left pane of the service interface, click Services to view the list of offers you have purchased. 6

Configuring or Deploying Customer Premise Equipment (CPE) Step 4 In the right pane of the selected (either Advanced or Advanced with Web Security) offer, under Total Bandwidth area, click the Edit firewall (pencil) icon. In the Firewall Settings window, you can Add or modify a rule (Inside to Outside Firewall Rules area) by entering the mandatory values and click Submit. Similarly, in the Port Forwarding Rule window, you can Add or modify a rule (Outside to Inside Port Forwarding Rule) by entering the mandatory values and click Submit. You can also delete a firewall rule by selecting the specific rule in the Firewall Rule or Port Forwarding Rule area. Configuring or Deploying Customer Premise Equipment (CPE) Customer Premise Equipment (CPE) supported in the VMS solution currently comes from the Cisco ISR-G2 family of IOS-based routers. These include the 800, 1900, 2900 and 3900 series ISR-G2 routers. CPE is deployed at customer sites and provides secure tunnels from an end customer network into a Cisco Cloud VPN service chain. Provisioning of the CPE is automated by the VMS solution. The key IOS features utilized on these routers are: PnP (Plug and Play), FlexVPN, BGP, NBAR2, and QoS. Configuration Requirements The Day-1 Startup Configuration loaded on the CPE device includes the following items before the CPE is shipped to the end customer. HTTPS - PnP protocol uses HTTPS on TCP port 443 to contact the PnP server that runs on NSO. The CPE must have an IP address in order to originate this HTTPS request. This is the first point of contact between the CPE and PnP server on NSO. DNS - The CPE requires DNS lookup to work for certificate validation. If DNS is not working, the CPE will not be able to establish a PnP session because it will reject the certificate. NTP - The CPE requires NTP to be working and have its internal clock be relatively close to actual time to ensure certificate validation. If NTP is not working and the CPE clock is not accurate, it might think the certificate is not valid. Most certificates are valid only during a certain date range. Certificate - The CPE must have a certificate in its configuration to properly establish HTTPS session with the PnP server. IOS version and Feature set - Cisco VMS Cloud VPN/VCE requires a minimum IOS version of 15.5(1)T or newer. The use of FlexVPN and IPsec requires that the IOS has a feature set that can support IPsec. This is designated with a "K9" in the image name, and the IOS license type should be "Advanced Security." DHCP- The CPE needs to have an IP address on its WAN interface to connect to the PnP server (NSO) and get provisioned, and this is typically obtained via Dynamic Host Configuration Protocol (DHCP) from the Internet Service Provider (ISP). DHCP also provides a default gateway for the CPE that allows packets to be sent across the Internet. Internet Access - The CPE connects to the PnP server across the open Internet. The Internet connection must be capable of routing traffic across the Internet to the PnP server. WAN port vs LAN port - Each CPE has two or more Ethernet connections. One of them is designated as the WAN port and must be connected to the Internet. To complete the deployment of a VMS Cloud VPN service, the CPE devices need to be connected to the respective WAN and LAN links. 7

Day -1 Configuration Devices ISR 1900, 2900, 3900 series All Cloud VPN ISR devices take on the role of CPEs ISR 881 ISR 892 WAN Interface GE 0/1 FE 4 GE 8 LAN Interface GE 0/0 FE 0 GE 0 Day -1 Configuration All CPEs delivered to a customer must have the Day -1 config as the startup-config, and the same configuration should also be stored in the device flash storage as day--1-config file. If the Day -1 configuration is missing, then the CPE will never attempt to connect to the PnP server until the configuration is loaded. The same configuration is stored as flash:day--1-config so that it can be reset back to "factory defaults" once it has been de-commissioned from the vms service. If the flash:day--1-config is not present, then the CPE will fail to reconnect to the PnP server after being reset or removed from a service chain. Each CPE type needs a day--1-config file that is specific to the CPE type and deployment. It should be tested in a lab before the configurations are finalized and placed on multiple CPEs. A console connection is required to configure a CPE. Once connected to the CPE console, enter enable mode, config mode, and then paste the day--1-config in the terminal session. router>enable router#config t router-config# < now paste the day--1-config into the terminal > router-config#end router#copy running-config startup-config router#copy running-config flash:day--1-conf Here is a sample configuration for day--1-config aaa new-model aaa authentication login default none crypto pki trustpoint ncs enrollment terminal revocation-check crl crypto pki certificate chain ncs certificate ca 0509 308205B7 3082039F A0030201 02020205 09300D06 092A8648 86F70D01 01050500 3045310B 30090603 55040613 02424D31 19301706 0355040A 13105175 6F566164 B478A53A 874C8D8A A5D54697 F22C10B9 BC5422C0 01506943 9EF4B2EF 6DF8ECDA F1E3B1EF DF918F54 2A0B25C1 2619C452 100565D5 8210EAC2 31CD2E <--Certificate has been truncated in this sample. 8

Registering a Cloud VPN Device quit ip name-server 8.8.8.8 ip name-server 8.8.4.4 ip cef interface GigabitEthernet0/0 ip address dhcp duplex auto no shut speed auto ntp 0.pool.ntp.org ntp 1.pool.ntp.org line vty 0 15 pnp profile test transport https ipv4 11.17.0.11 port 443 remotecert ncs address that this CPE can connect to. <-- Your NSO server public IP end Verification The configuration can be checked with the following commands. Both commands should have the same output, and should display all of the configuration needed for PnP to work. more flash:day--1-config more nvram:startup-config The serial number of the CPE can be displayed by executing the show version command. The serial number of the CPE should be saved so that it can be referenced later in case of difficulty. Notice that the show version command also displays the IOS feature set that is enabled. For new combinations of CPE device types and Day -1 configurations, it is recommended to verify that the IOS version, feature set, and configuration works before deploying to the field. It is suggested to test it by the normal CPE on-boarding process into a test service chain. This can prevent troubleshooting sessions. What Next- The CPE can be on-boarded/registered in the portal either before or after it is connected to the Internet. After a CPE serial number has been associated with a service chain from the portal, and CPE establishes connectivity with NSO, then the CPE is provisioned by NSO. See Registering a Cloud VPN Device, on page 9 section. Registering a Cloud VPN Device After you subscribe/purchase and configure the Cloud VPN service, the CPEs (devices) must be on-boarded for the Cloud VPN service. Device on-boarding is a two step process: Registering the CPE in the Cloud VPN user interface and connecting the CPEs to the respective WAN and LANs. Device registration establishes the mapping between a Cloud VPN service (specific tenant) and the CPEs associated with that tenant. When devices are registered in Cisco VMS for a Cloud VPN service, the Plug-N-Play (PnP) server maps the service configuration (that it needs to orchestrate) to the device. In the Cisco VMS solution, the NSO also functions as the PnP server that is used for Zero-Touch Deployment (ZTD) of the CPEs (devices) 9

Registering a Cloud VPN Device End customer CPEs connect via the IPsec tunnels (implemented with FlexVPN) to the Cloud VPN hub in order to communicate with each other and also to securely access the Internet You can register a device as follows: From the left pane of the Service Interface UI, click Devices to view the list of devices. The devices that are in various statuses such as Unregistered, Registering, Provisioned, Ordering, Updating, Provisioning Failed, Up, Down, Unknown are displayed. Click the unregistered device. Step 4 In the right pane, enter the serial number of the device in the Enter Device Serial Number (SN) field. Note A Serial Number is associated to the Customer Premises Equipment (CPE) before the device is shipped. When you specify the serial number, you tell the application to register the device with the Cloud VPN service. If the serial number you've specified is incorrect, edit the serial number in the right pane to re-register the device. Click Register. The status turns to "Provisioned" after the registration is complete. The Cloud VPN service requires at least one registered CPE to function. Ensure that you do not delete all CPEs. 10

Registering a Cloud VPN Device Note You can modify the serial number of a device or delete a device in the right pane, when you select a device on the Resources page. After you delete a device, the device can be connected again to the same or another Cloud VPN service and does not retain any properties that were previously defined. You can register several devices at the same time- While registering a device, you can register another device before the response for the first is received. However, you cannot try to register or update the device if the device is still being registered/provisioned. After the CPE has been added to/registered with Cloud VPN, the Cloud VPN portal communicates to NSO by sending edit-config message with the following parameters: cloudvpn - Cloud VPN name CPE - CPE-identifier S/N - Serial Number of CPE The service chain configuration (as seen in show configuration cloudvpn <service-chain-name> in NSO CLI) now contains the CPE serial number: admin@ncs> show configuration cloudvpn <service-chain-name> cpe cpe cpe_1 { serial FTX00000000; allocate { ip-type ipv4; prefix-size 24; } } Use cases for updating a serial number: If the tenant administrator enters the incorrect serial number, you must re-enter the serial number as there is no message indicating that the earlier serial number is incorrect. For more details, refer to the Troubleshooting Cloud VPN/VCE Service Errors section. If the device serial number is registered correctly, but registration fails because the device itself has some problems and has to be replaced, then the tenant administrator must modify or update the serial number that has already been entered, so PnP server can associate the new device with the tenant, and update the correct configurations for the replaced/changed device. Similarly, if the device is properly registered and configured, but fails later on, the tenant administrator must swap the device for that customer, then the serial number is changed and the new device is configured. The same is true when the customer upgrades a device where they need to swap device for an existing site. The customer can perform the above steps to change the serial number or register a new device and then configure it. Step 5 Set up the traffic bandwidth for each CVPN device or CPE. For more information, see Setting up Bandwidth Prioritization for a CVPN Device or CPE. 11

Setting up Bandwidth Prioritization for a CVPN Device or CPE Setting up Bandwidth Prioritization for a CVPN Device or CPE After you provision a VMS CVPN service, you can set up the traffic bandwidth for each CVPN device or CPE. Traffic prioritization classifies traffic and assigns bandwidth prioritization as data traverse the network. To set the bandwidth prioritization for a CPE or device, you need to: Assign the bandwidth percentage to each traffic class. Specify the upstream and downstream speed. Select the application types for each traffic class. To set the bandwidth prioritization, do the following: Step 4 Step 5 Step 6 Step 7 Step 8 Log in to the Cisco VMS Portal. From the left pane of the Service Interface, click Device. Choose the device for which you want to specify the bandwidth prioritization and double-click. The Cloud VPN Advance screen appears. Click the Edit button next to Bandwidth Prioritization. The Bandwidth Prioritization screen appears. In Cloud CVPN, the network traffic is classified into four traffic classes: Important, Standard, Critical, and Low. Select the percentage of the bandwidth that you want to allocate to each traffic class. Note The total bandwidth percentage allocated cannot exceed 100%. Enter the bandwidth for the Upstream and the Downstream traffic. Select the application types for each traffic class. You can drag and drop the application types to the respect traffic classes. Note Each traffic class needs at least one application type. Click Save button to keep your change. Upgrading or Downgrading a Service Subscription As a consumer, you can either upgrade or downgrade a service subscription based on your requirement. The following scenarios are applicable: Upgrade a Cloud VPN Foundation service to Cloud VPN Advanced service Upgrade a Cloud VPN Foundation service to Cloud VPN Advanced with Web Security service Upgrade a Cloud VPN Advanced service to Cloud VPN Advanced with Web Security service Downgrade a Cloud VPN Advanced with Web Security service to Cloud VPN Advanced service 12

Canceling a Service Subscription Downgrade a Cloud VPN Advanced with Web Security service to Cloud VPN Foundation service Downgrade a Cloud VPN Advanced service to Cloud VPN Foundation service Step 4 Step 5 Step 6 Step 7 From the left pane of the Service Interface, click Services to view the list of services you have purchased in the Services window. Select a service you want to upgrade or downgrade. The service details are displayed in the right pane. Click Modify. The offers available for the selected service are displayed in the Modify Service Offer page. Select an offer based on your requirement and make the necessary changes in the service form. For more information, see the Placing an Order for a Service section. Click Review Order placed under the Summary area, at the right pane. Review your order summary in Order Summary page. Check the I accept the Terms and Conditions check box if you agree to proceed for the purchase. You can also click the Terms and Conditions hyperlink to view the terms and conditions, before you proceed. Click Purchase. An email with purchase details is sent to the service provider. The service that you have purchased is displayed on the Services page. Canceling a Service Subscription When you cancel or unsubscribe from a service, the service, and associated entities (such as devices, remote users) are removed from the network link. From the left pane, click Services. The Services window displays the list of services purchased by you. Select a service you want to unsubscribe. The service details are displayed in the right pane. Note You can also delete the service that has not been Provisioned (service whose status is Provisioning Failed). Click Unsubscribe in Account Options area of the right pane. 13

Managing Remote Users A confirmation message is displayed. Click Unsubscribe. The service is removed in the Services window. Note To view the list of events that have occurred in your service, from the left navigation pane in the VMS Portal, click Event Logs. You can filter these events by severity and time frame. The object name helps you identify the service for which events are displayed. Managing Remote Users Remote users must be created in order to access Cisco VMS services from a remote location. As an operator or a consumer, you can create remote users, activate or suspend user accounts, and reset passwords. The consumer must enter a username for the remote access user account that needs to be created. A randomly generated password will be created for the newly added user. An email is generated to notify the new remote access user about the login credentials. The email also contains the URL for remote access. This is the URL that was created by the DNSUpdater when the original CloudVPN service was provisioned. Note This feature is only available for Cloud VPN Advanced and Cloud VPN Advanced with Web Security services. Step 4 From the left navigation pane in the VMS Portal, click Services to view the list of services you have purchased in the Services window. Select a provisioned service to which you want to add remote users. Click Remote Users (people icon) to display the Services / Remote Users page. Click the Add (+) icon. Enter the email address of the remote user and click Save. 14

Searching for an event log Note An email with details about new remote user is sent to the service provider and the remote user, and another email is sent to the remote user with password reset information. Before the password is reset, remote user is in Suspended state. When the remote user resets the password, the status of the remote user automatically changes to active status. To access the Cisco VMS Portal from the remote location, click Download Client to download the VPN client from the Download Software window. The Service Provider operator can host the AnyConnect client wherever they want, and point to it in VMS operator configuration, so customers can click this to download AnyConnect client software. Select the user and choose an appropriate option from Status drop-down to activate or deactivate a remote user. An email is sent to the Service Provider when the status of the remote user is changed. Note Within this same Remote Users page, a user account can be removed by selecting the remote user account and clicking on X (remove button). A Remote Access User account can also have the password reset by selecting the Remote Access User account and clicking on the Reset Password button. To view the set of activities performed by the remote user, click the Logs icon. Searching for an event log Log in to the Service Interface using your credentials. If a user belongs to many tenants, a drop-down is displayed to select the tenant. Click Search displayed at the top of the window. Enter an event name or a keyword in the search box. The list of matching events is displayed. Note To view the list of events that have occurred in your service, from the left navigation pane of the Service Interface, click Event Logs. You can filter these events by severity and time frame. 15

Searching for an event log 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback