Overview

Use a VPN connection from your computer to Cisco GMM to remotely manage and interact with both the gateways and connected devices.

You can also use the EEM menu for IOS commands, troubleshooting and status information.

Note: Remote access to connected devices only works if the custom subnet is disabled. Go to Gateway > Templates and edit an existing entry. Then select Disabled. If the custom subnet is Enabled, a custom configuration is required.

Remote gateway connection using VPN

Use the AnyConnect client to remotely manage and interact with GMM gateways and devices behind a Cisco GMM gateway.

For example, an elevator technician can use this capability to establish IP connectivity between his PC and an elevator in another city. He can then use a diagnostics application on his PC to troubleshoot an issue, determine a solution, and dispatch a repair technician with the right parts for that issue.

Tip: To see the IP address of the attached devices use Discover Devices. Devices with a static IP address cannot be discovered using the Discover Devices feature.

Prerequisites

• A Windows or Mac computer with the AnyConnect Secure Mobility Client, 4.3.x or higher.
• A Cisco GMM Cloud Application account.
• Application(s) on your computer for managing and interacting with the devices.

Procedure

Create a VPN Connection between your computer and the gateway. Then, use the applications on your computer to communicate with the gateway and connected devices (assets).

1. Add devices to the gateway.

2. Request the VPN credentials to access the gateway and the connected device(s).

   1. Log in to the Cisco GMM Cloud Application.
   2. Select Gateway > Gateways and select the Monitor tab.
   3. Select a gateway checkbox.
   4. Click VPN.
   5. Select the duration that the credentials will be valid, and click Request.

   .
   Note: VPN credentials are displayed that are valid only for the current user, the current gateway, and the specified duration. The time remaining is also displayed. The VPN connection will disconnect when the access time expires.

   

3. Create a VPN connection between your computer and GMM:

   1. Open the Cisco AnyConnect client on your computer.
      Tip: If necessary, click Download to install the AnyConnect VPN client software on your computer.

      

   2. In the AnyConnect client, enter the "Remote Access Server" address that appears under AnyConnect VPN Profile, and click Connect. This is GMM's VPN address.

   3. Click Connect.

   4. Enter the username and password from the AnyConnectVPNProfile, when prompted, and click OK.

      • These are the credentials used to establish a VPN connection, and are valid on the selected gateway for the time requested.
      • Click the icon and enter your GMM credentials to display the VPN password.

   5. Wait for the VPN connection to be established.

4. Use the applications on your computer to connect and interact with the gateway and connected devices (assets).

   • You can connect to:
     • The gateway's IP address.
     • IP devices connected on your LAN (if the gateway's template subnet configuration has not been customized).
   • The IP addresses are displayed in the Remote VPN Access window under Remote Access Details and Connected Devices.

5. Audit log entries will be created when either the remote access request is created or has expired.

   1. Go to Tools > Audit Logs.
   2. Select:
      • Entity Type: Gateway.
      • Audit Type: Remote access granted or Remote access revoked.
      • Source: All
      • Gateways: Select the gateways to include in the audit log.
   3. Click Run.

Gateway diagnostics menu (EMM)

Use an SSH connection between the gateway and a computer to run predefined IOS commands for troubleshooting and device status. You can use SSH over a VPN connection, from any IP reachable network, or using a physical console cable.

Notes

• This feature is available only on gateways provisioned using the Cisco GMM Gateway Provisioning Tool (GPT) version 1.83 or later. To use this feature with gateways that have already been provisioned and added to GMM, submit a support request from the Cisco GMM Cloud Application or contact ciscokinetic.io-support@cisco.com.
• This feature uses the Embedded Menu Manager (EMM) menu.
• This feature is available only for IR8xx gateways.

Procedure

1. Connect to the gateway using either a USB cable or a SSH connection.

   1. Option 1: Connect a USB cable from your computer to the gateway console port.
   2. Option 2: Create a VPN connection between your computer and the gateway as described in Remote management.
      1. Launch an SSH client on your computer.
      2. In the SSH client, enter the gateway IP address.

2. Enter the default username: operator.

3. Enter the password:

   • If the gateway is not claimed in the GMM admin console, Enter operator.

   • If the gateway is claimed, go to Gateway > Gateways, select the gateway and click the Summary tab. Enter the password displayed for the Diagnostics Console.

     

4. From the Diagnostics Menu (see below), enter a number for one of the predefined Cisco IOS commands and press Enter.

5. Follow the onscreen prompts for additional options, if necessary.

For example:

================================================================================
Cisco Kinetic Diagnostics Menu v1.83

Enter ?# for item help
--------------------------------------------------------------------------------
1. Exit
2. Show Version
3. Show interfaces brief
4. Show interface detail
5. Show Cellular modem and GPS
6. Show VPN status
7. Network Testing
8. Advanced Operations

Enter selection: