Go to page of
Similar user manuals
-
Network Cables
Cisco Systems STACKT150CM
17 pages 0.53 mb -
Network Cables
Cisco Systems NI-1
28 pages 0.31 mb -
Network Cables
Cisco Systems C7200
62 pages 1.13 mb -
Network Cables
Cisco Systems 3000 SERIES
14 pages 0.35 mb -
Network Cables
Cisco Systems 400
8 pages 0.56 mb -
Network Cables
Cisco Systems 500-CS SERIES
14 pages 0.35 mb -
Network Cables
Cisco Systems 4000 SERIES
14 pages 0.35 mb -
Network Cables
Cisco Systems OL-3560-02
16 pages 0.5 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Cisco Systems C7200, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Cisco Systems C7200 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Cisco Systems C7200. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Cisco Systems C7200 should contain:
- informations concerning technical data of Cisco Systems C7200
- name of the manufacturer and a year of construction of the Cisco Systems C7200 item
- rules of operation, control and maintenance of the Cisco Systems C7200 item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Cisco Systems C7200 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Cisco Systems C7200, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Cisco Systems service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Cisco Systems C7200.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Cisco Systems C7200 item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
Corporate He adquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 C720 0 VS A (VP N S er vices A dapter) Installation and Conf iguration Guide Text Pa rt Nu mber: OL-9129- 02[...]
-
Page 2
THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY PR[...]
-
Page 3
iii C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 CONTENTS Preface vi i Audienc e vii Warnings vii Object ives viii Organi zation vi ii Relat ed D ocum ent atio n ix Obtain ing Docu mentati on ix Cisco. com ix Produc t Documentat ion DVD x Orderi ng Documenta tion x Document ation F eedback x Cisco Product Sec[...]
-
Page 4
Cont ent s iv C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Disabl ing the VSA du ring Operation 1 - 6 Enabl ing/ Dis abling Sc heme 1 - 6 LEDs 1 - 7 Conn ecto rs 1 - 8 Slot L oca tion s 1 - 8 Cisco 72 04VXR Rou ter 1 - 8 Cisco 72 06VXR Rou ter 1 - 10 Prepari ng for Instal lation 2 - 1 Requir ed Tools an d Equ[...]
-
Page 5
Content s v C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Changin g Exis ting Tran sforms 4 - 8 Transf orm Examp le 4 - 8 Config urin g IPSec 4 - 8 Ensuri ng T hat Acce ss L ists Ar e Compat ible with I PSec 4 - 8 Setti ng Global Li fet imes for IP Sec Secu rity Asso ciatio ns 4 - 8 Creati ng Cryp to Ac cess L[...]
-
Page 6
Cont ent s vi C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02[...]
-
Page 7
vii C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Preface This pr eface d escrib es the obj ectiv es and o rganization o f th is do cument and explains how to find additional info rmation on related prod ucts and services. This pref ace contains the fo llowin g sections: • Audienc e, pag e vii • W arnings,[...]
-
Page 8
viii C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Objectiv es War ni n g IMPO RT ANT SAFETY INSTRUC TIONS This warning symbol means dang er . Y ou are in a sit uation that could cause bodily i njury . Before you work on any equipment, be awa re of the hazards involved with electrical circuitry and be [...]
-
Page 9
ix C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Pre face Relat ed Docume ntation Related Documentation This sect ion lists docu mentation rela ted to your r outer and its function ality . Because we no longer ship the entire rou ter documentatio n set automatically with each system, this documentati on is av [...]
-
Page 10
x C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Docum entation Fe edback Y ou can a ccess the Cisco website at this URL: http://www .cisc o.com Y ou can acce ss international Cisco websites at this U RL: http://www .cisco .com/public/co untries_languag es.shtml Product Docu mentation DVD The Product D [...]
-
Page 11
xi C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Pre face Produc t Alerts an d Field Not ices A current list of security advisories, security notices, and security respo nses for Cisco products is av ailable at this URL: http://www .cisco .com/go/psir t T o see secu rity advis ories, sec urity notic es, and se[...]
-
Page 12
xii C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Obtain ing Techni cal Ass istance T o acce ss the Produ ct Aler t T ool, y ou must be a registe red Cisco. com use r . (T o register as a Cisco. com user , go to this URL : http://tools.c isco.com/RPF/registe r/re gister .do ) Regi ster ed user s can ac[...]
-
Page 13
xiii C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Pre face Obtaining Additional Publications and Information Submitting a Se rvice Request Using the online T A C Service Reque st T ool is the fastest way to ope n S3 an d S4 servi ce req uests. ( S3 and S4 service re quests are those in which your net work is [...]
-
Page 14
xiv C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Obtainin g Addi tional Pub lications and Informat ion • The Cisco Pr o duct Quic k Refer ence Guide is a handy , compact refe rence tool that in cludes brief product overviews, key feature s, sample par t numbers, and abb reviated technic al specifica[...]
-
Page 15
C HAPTER 1-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 1 Overview This ch apter de scribe s the C 72 0 0 V S A ( V P N S e rv ic e s A da p t e r ) an d contain s the fol lo wing sect ions: • Data En cry ption Over vie w , pa ge 1-1 • VSA Overvi e w , page 1-2 • Hardware Requ ired, page 1- 4 • Fea[...]
-
Page 16
1-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view VSA Overvi ew • IKE—Int ernet Ke y Excha nge ( IKE) is a hybri d securi ty prot ocol th at imp lemen ts O akley and Skeme key exchanges insi de the I nterne t Secu rity Associat ion an d Key Management Protocol (ISAK MP) framework. I KE[...]
-
Page 17
1-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview VSA Overview Note Th e C7200 VS A is only suppo rted on the Ci sco 7200VX R with the NPE -G2 pro cessor . The VS A featu res hard ware acce lerat ion for Ad vanced Encr yption Standard (AES), Data En crypti on Standa rd (DES), an d T riple [...]
-
Page 18
1-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Hardware Req uired The VSA pro vides hardw are-ac celer ated suppor t for mult iple encry ption functions : • 128/192/2 56-bi t Advanced Enc rypti on Stan dard (AES) i n hard ware • Data E ncryptio n Stand ard (D ES) standa rd m ode wit[...]
-
Page 19
1-5 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview Support ed Stan dards, MIBs, and RFCs Performanc e Ta b l e 1 - 2 lists the performance informat ion for the VSA. Supported Sta ndards, MIBs, and RFCs This section de scribes the standards, Manage ment Inf ormation Base s (MIBs), a nd Requ [...]
-
Page 20
1-6 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Enablin g/Disa bling the VS A Enabling/Disab ling the VSA This section includ es the followin g topics: • Disabling the V SA during O per ation , page 1-6 • Enab ling/D isabling Scheme , pa ge 1-6 The VS A crypto car d does not suppo rt[...]
-
Page 21
1-7 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview LEDs LEDs The VSA has one LED, as sho wn in Figure 1-3 . T able 1 - 4 Syst em is in Ru n-time Oper ation Condition Sy stem is Configured Insert ing t he VSA The VSA runs in power-off, but you need to perf orm a sys tem rel oad or a reset to[...]
-
Page 22
1-8 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Connecto rs Figur e 1 -3 VSA LED The follo wing condit io ns must be met be for e the ena ble d LED goes on: • The VS A is cor rect ly co nnecte d to th e back plan e and rece iving power . • The system b us recognizes the VSA. If eithe[...]
-
Page 23
1-9 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview Slot Lo cations Figur e 1 -4 Cisco 7204VXR Rout er - F r ont Vi ew 2 E T H E R N E T - 1 0 B F L EN R X 0 1 2 3 4 T X R X TX RX TX R X T X R X TX Cisco 7200 S E R IE S XVR 0 4 1 3 EN 0 7 1 2 3 4 5 6 SERIAL-EIA/TIA-232 1 2 3 ENABLED M I I L [...]
-
Page 24
1-10 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Slot Locations Cisc o 7206 VXR Ro uter The VS A is supported in the I/O co ntroll er port on the Cisco 7206V XR route r (see 4 in Figure 1- 5 ). Figur e 1 -5 Cisco 7206VXR - F ron t View 1 Bl ank p ort adap ter 3 VSA in the I/O contro ller[...]
-
Page 25
C HAPTER 2-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 2 Preparing for Installation This chap ter describes t he general e quipment, safet y , and site prepara tion requirem ents for insta lling the C 72 0 0 VS A ( V PN S e r v ic e s A da p t e r ). This chapte r cont ains t he fol low ing sections : •[...]
-
Page 26
2-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 2 Prepar ing for Installation Hardwa re and Softwar e Requirem ents Softwa re Re quireme nts Ta b l e 2 - 1 lists the recommended minimum Cisco IOS softw are release requ ired to use the VSA in supporte d rou ter or switc h plat forms . Use the sh ow ve[...]
-
Page 27
2-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 2 Prepa ring for Inst allation Online Insertion and Removal (OIR) • The V SA mo dule d oes no t suppor t Onl ine I nsertion and Removal (OIR). See “Ena bling /Di sabli ng the VSA” sect ion on page 1-6 for details. • Per packet count det ails fo[...]
-
Page 28
2-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 2 Prepar ing for Installation Safety Guideli nes hazardous voltages and currents inside the chassi s; they contain electromag netic interference (EMI) that might disrupt other equipment; a nd they direct the flow of coolin g air through the chassis. Do [...]
-
Page 29
2-5 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 2 Prepa ring for Inst allation Compliance with U.S. Expo rt Laws and Regulations Regarding Encryption Compliance wi th U.S. Export La ws and Regula tions Regarding Encryption This pr oduct perfor ms en crypti on and is regul ated for export by the U .S[...]
-
Page 30
2-6 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 2 Prepar ing for Installation Complian ce with U.S . Export La ws and Regu lations Regarding En cryption[...]
-
Page 31
C HAPTER 3-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 3 Removing and Installing the VSA This chap ter descr ibes ho w to remov e the C7 2 00 V S A ( V PN S e rv i c es Ad a p t er ) from th e supported platfor ms and how to install a new or replac ement VS A. Before you begin insta llation, read Chapt er[...]
-
Page 32
3-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 3 Removin g and Installing the VSA Online Ins ertion an d Removal (OIR) Online Insertion and Removal (OIR) The VSA plugs into the I/O controller slot of the Cisco 7200 VXR series chassis. The VSA crypto car d does not sup port OIR. Th e VSA boo ts up on[...]
-
Page 33
3-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 3 Removing and In stalling the VSA VSA Removal and Installation Foll ow these steps to remove and insert the VSA in the Cisco 7200VXR series rout ers: Step 1 T urn the p ower switch t o the off position and th en r emove the power cable . (Op tional on[...]
-
Page 34
3-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 3 Removin g and Installing the VSA VSA Remova l and In stallati on[...]
-
Page 35
C HAPTER 4-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 4 Configuring the VSA This c hapter conta ins th e infor mat ion an d proc edures need ed to c onfigure the C72 00 -V SA ( VP N S er vi ce s Ad a p t e r) . Thi s chapter co ntains the f ollo wing sect ions: • Overview , page 4-1 • Configuration T[...]
-
Page 36
4-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s • Disabling VSA ( Optio nal), page 4 -4 (optio nal) • V erif ying IK E and IPSec Co nfigurations, p age 4- 15 (optio nal) • Configuring I PSec C onfiguration Example , page 4-18 (o ptiona l) Note Y ou [...]
-
Page 37
4-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o con figure an IKE po licy , use t he fol lowing comm ands beginning in gl obal c onfigurat ion mod e: Command Purp ose Step 1 Router(config)# crypto isakmp policy priority Def ines a n IK E polic y an d[...]
-
Page 38
4-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s For detailed informat ion on creating IKE policie s, refer to the “Conf igurin g Internet K ey Exchange Securit y Protocol” chapter in the Secu rity Conf igura tion Guide publication. Disabling VSA (Opti[...]
-
Page 39
4-5 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s • Select ing Appro priate T ransforms • The Cry pto T ran sform Con f igura tion Mo de • Chan ging Exis ting T ran sfor ms • T rans form Ex ample A transform set is an ac ceptabl e combin ation of s[...]
-
Page 40
4-6 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Ta b l e 4 - 1 shows allowed tran sform combi nati ons for the A H and ESP prot ocols. Examples of acceptabl e trans form combinati ons are as f ollo ws: • ah-md 5-hma c • esp- de s • esp- 3de s and es[...]
-
Page 41
4-7 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s IPSec Protocols: AH and ESP Both the AH and ESP p rotocols imp lement secur ity service s for IPSec. AH pro vides data auth entication and ant ireplay serv ices. ESP provid es packet en cryption and option [...]
-
Page 42
4-8 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Changing Existing Transforms If on e or more t ran sforms ar e spe cified i n the crypto ipsec transf orm-set co mmand for an exist ing transform set, the sp ecif ied transfo rms will rep lace th e existin g[...]
-
Page 43
4-9 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o chan ge a glob al lifeti me fo r IPSec sec urity assoc iations , use one or more of the foll owing commands : Note Th e cl ear comman ds in Step 5 belo w ar e in E XEC or enabl e mode (see “Usin g th [...]
-
Page 44
4-10 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Creating Crypto Access Lists Crypto access lists d ef ine which IP traf f ic will be protected b y encrypti on. (These access lists a re not the same as reg ular access lists, whic h determine what traf f i[...]
-
Page 45
4-11 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o create cryp to map entries that will use IKE to establish the security associations, use the follo wing comman ds starti ng in glob al configurat ion mode : Step 4 Router(config-crypto-m)# set transfor[...]
-
Page 46
4-12 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Creating Dynamic Crypto M aps A dyna mic c rypto m ap ent ry is a cr ypto m ap e ntry w ith so me par ameters not configured. The mi ssing paramet ers are later dynami cally configured (as t he resu lt of a[...]
-
Page 47
4-13 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s Step 3 Router(config-crypto-m)# match address access-list-id (Opt ional ) Acc esses list numbe r or na me of an exte nded acc ess list. Th is access list deter mines which tra ff ic should be protecte d by[...]
-
Page 48
4-14 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s T o add a dyna mic c rypto map set in to a cr ypto map set , us e the following c ommand in gl obal configurati on m ode: Applying Crypto Map Sets to Inter faces Apply a crypto ma p set to each interface th[...]
-
Page 49
4-15 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o view in format ion ab out y our IPSec con figuration, use one o r more of th e fol lowing comm ands i n EXEC mod e: Verifying IKE a nd IPSe c Configuratio ns T o view informati on about you r IPSec con[...]
-
Page 50
4-16 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Verifying the Configuration Some co nfiguration change s take e f fect only after subseq uent se curity assoc iations a re negoti ated. For the ne w settings to tak e ef fect immediately , clear th e existi[...]
-
Page 51
4-17 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s remote ident (addr/mask/prot/port): (172.21.114.67/255.255.255.255/0/0) current_peer: 172.21.114.67 PERMIT, flags={origin_is_acl,} #pkts encaps: 10, #pkts encrypt: 10, #pkts digest 10 #pkts decaps: 10, #pk[...]
-
Page 52
4-18 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rat ion Ex ampl es Configuration E xamples This section pro vides the foll owin g config uration ex amples: • Configuring I KE Pol icies E xample , page 4-18 • Configuring I PSec C onfiguration Example , page 4-18 •[...]
-
Page 53
4-19 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Basic IPSec Configuration Illustration The crypto map is appl ied to an interf ace: interface Serial0 ip address 10.0.0.2 crypto map toRemoteSite Note In this ex ample, I KE must be enabled. Basic IPSec Configur ation Ill ustrat[...]
-
Page 54
4-20 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Bas ic I PSec Co nf igur atio n Il lust rat ion Note In the preceding e xample, th e encryptio n DES of polic y 15 would not ap pear in the writte n conf iguration because this is the def ault va lue for the encr yption algorithm [...]
-
Page 55
4-21 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Troubl eshoo ting T ips A crypto m ap joins t he transform set a nd specif ies wher e the pr otected traf fic is sent ( the remote IPSec peer): crypto map toRemoteSite 10 ipsec-isakmp match address 101 set peer 10.0.0.3 set tran[...]
-
Page 56
4-22 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Troubl esh oot ing Ti ps Decrypted PHY I/F:0x0000000000000000 TUNNEL I/F: 0x0000000000000000 SPI Error PHY I/F:0x0000000000000000 TUNNEL I/F: 0x0000000000000000 Pass clear PHY I/F:0x0000000000000000 TUNNEL I/F: 0x0000000000000000 [...]
-
Page 57
4-23 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Monitoring and Maintaining the VSA T o see if th e IKE/IPSec p ackets ar e being re dire cted to the VSA for IKE nego tiation an d IPSec encr yption and decryp tio n, enter the show crypto eli command. Th e fo llowing is sampl e[...]
-
Page 58
4-24 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Monitorin g and Maint aining the VSA The crypt o ipsec ipv4 deny-po licy {ju mp | clear | drop} comma nd helps yo u av oid this problem . The clear keyword al lows a deny address ra nge to be progr ammed i n hardwa re, the deny ad[...]
-
Page 59
IN-1 C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 INDEX A acceler ation mo dule, VPN ( see VA M) 1 - 1 acces s-list ( encryption ) comman d 4 - 10 B basic IPSec c onfigura tion 4 - 19 illustration 4 - 19 C cables , conne ctors, and pi nouts 1 - 8 cautions, warnings a nd 3 - 2 clear crypto sa co mmand 4 - 14, [...]
-
Page 60
Index IN-2 C7200 VSA (VPN Services Ada pter) In stallation and Con figuration Gu ide OL-9129-02 I IKE config uring 1 - 6, 4 - 2 conf iguring po licies ex ampl e 4 - 18 insertion a nd removal, online 3 - 2 interpr eter, EX EC command 4 - 2 IPSec access lists 4 - 8 monitori ng 4 - 16 transform sets defining 4 - 5 IPSec (IPSec network sec urity protoc[...]
-
Page 61
Inde x IN-3 C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 requir ements 2 - 2 software an d hardware compatab ility ix, 2 - 2 standards supported 1 - 5 T This 2 - 1 tools and equ ipment , require d 2 - 1 V VAM handling 3 - 1 VPN Accelera tion Modul e (see VAM) 1 - 1 VSA featu res 1 - 4 handling 3 - 1 monitorin[...]
-
Page 62
Index IN-4 C7200 VSA (VPN Services Ada pter) In stallation and Con figuration Gu ide OL-9129-02[...]