Cisco Systems C7200 инструкция обслуживания
- Просмотреть online или скачать инструкцию
- 62 страниц
- 1.13 mb
Идти на страницу of
Похожие руководства по эксплуатации
-
Network Cables
Cisco Systems 3000 SERIES
14 страниц 0.35 mb -
Network Cables
Cisco Systems STACKT150CM
17 страниц 0.53 mb -
Network Cables
Cisco Systems PI21AG
22 страниц 0.8 mb -
Network Cables
Cisco Systems 400
8 страниц 0.56 mb -
Network Cables
Cisco Systems C7200
62 страниц 1.13 mb -
Network Cables
Cisco Systems 4000 SERIES
14 страниц 0.35 mb -
Network Cables
Cisco Systems CB21AG
22 страниц 0.8 mb -
Network Cables
Cisco Systems OL-3560-02
16 страниц 0.5 mb
Хорошее руководство по эксплуатации
Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Cisco Systems C7200. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Cisco Systems C7200 или обучающее видео для пользователей. Условием остается четкая и понятная форма.
Что такое руководство?
Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Cisco Systems C7200 можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.
К сожалению немного пользователей находит время для чтения инструкций Cisco Systems C7200, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.
Из чего должно состоять идеальное руководство по эксплуатации?
Прежде всего в инструкции Cisco Systems C7200 должна находится:
- информация относительно технических данных устройства Cisco Systems C7200
- название производителя и год производства оборудования Cisco Systems C7200
- правила обслуживания, настройки и ухода за оборудованием Cisco Systems C7200
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам
Почему мы не читаем инструкций?
Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Cisco Systems C7200 это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Cisco Systems C7200 и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Cisco Systems, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Cisco Systems C7200, как это часто бывает в случае бумажной версии.
Почему стоит читать инструкции?
Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Cisco Systems C7200, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.
После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Cisco Systems C7200. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.
Содержание руководства
-
Страница 1
Corporate He adquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 C720 0 VS A (VP N S er vices A dapter) Installation and Conf iguration Guide Text Pa rt Nu mber: OL-9129- 02[...]
-
Страница 2
THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY PR[...]
-
Страница 3
iii C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 CONTENTS Preface vi i Audienc e vii Warnings vii Object ives viii Organi zation vi ii Relat ed D ocum ent atio n ix Obtain ing Docu mentati on ix Cisco. com ix Produc t Documentat ion DVD x Orderi ng Documenta tion x Document ation F eedback x Cisco Product Sec[...]
-
Страница 4
Cont ent s iv C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Disabl ing the VSA du ring Operation 1 - 6 Enabl ing/ Dis abling Sc heme 1 - 6 LEDs 1 - 7 Conn ecto rs 1 - 8 Slot L oca tion s 1 - 8 Cisco 72 04VXR Rou ter 1 - 8 Cisco 72 06VXR Rou ter 1 - 10 Prepari ng for Instal lation 2 - 1 Requir ed Tools an d Equ[...]
-
Страница 5
Content s v C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Changin g Exis ting Tran sforms 4 - 8 Transf orm Examp le 4 - 8 Config urin g IPSec 4 - 8 Ensuri ng T hat Acce ss L ists Ar e Compat ible with I PSec 4 - 8 Setti ng Global Li fet imes for IP Sec Secu rity Asso ciatio ns 4 - 8 Creati ng Cryp to Ac cess L[...]
-
Страница 6
Cont ent s vi C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02[...]
-
Страница 7
vii C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Preface This pr eface d escrib es the obj ectiv es and o rganization o f th is do cument and explains how to find additional info rmation on related prod ucts and services. This pref ace contains the fo llowin g sections: • Audienc e, pag e vii • W arnings,[...]
-
Страница 8
viii C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Objectiv es War ni n g IMPO RT ANT SAFETY INSTRUC TIONS This warning symbol means dang er . Y ou are in a sit uation that could cause bodily i njury . Before you work on any equipment, be awa re of the hazards involved with electrical circuitry and be [...]
-
Страница 9
ix C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Pre face Relat ed Docume ntation Related Documentation This sect ion lists docu mentation rela ted to your r outer and its function ality . Because we no longer ship the entire rou ter documentatio n set automatically with each system, this documentati on is av [...]
-
Страница 10
x C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Docum entation Fe edback Y ou can a ccess the Cisco website at this URL: http://www .cisc o.com Y ou can acce ss international Cisco websites at this U RL: http://www .cisco .com/public/co untries_languag es.shtml Product Docu mentation DVD The Product D [...]
-
Страница 11
xi C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Pre face Produc t Alerts an d Field Not ices A current list of security advisories, security notices, and security respo nses for Cisco products is av ailable at this URL: http://www .cisco .com/go/psir t T o see secu rity advis ories, sec urity notic es, and se[...]
-
Страница 12
xii C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Obtain ing Techni cal Ass istance T o acce ss the Produ ct Aler t T ool, y ou must be a registe red Cisco. com use r . (T o register as a Cisco. com user , go to this URL : http://tools.c isco.com/RPF/registe r/re gister .do ) Regi ster ed user s can ac[...]
-
Страница 13
xiii C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Pre face Obtaining Additional Publications and Information Submitting a Se rvice Request Using the online T A C Service Reque st T ool is the fastest way to ope n S3 an d S4 servi ce req uests. ( S3 and S4 service re quests are those in which your net work is [...]
-
Страница 14
xiv C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Obtainin g Addi tional Pub lications and Informat ion • The Cisco Pr o duct Quic k Refer ence Guide is a handy , compact refe rence tool that in cludes brief product overviews, key feature s, sample par t numbers, and abb reviated technic al specifica[...]
-
Страница 15
C HAPTER 1-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 1 Overview This ch apter de scribe s the C 72 0 0 V S A ( V P N S e rv ic e s A da p t e r ) an d contain s the fol lo wing sect ions: • Data En cry ption Over vie w , pa ge 1-1 • VSA Overvi e w , page 1-2 • Hardware Requ ired, page 1- 4 • Fea[...]
-
Страница 16
1-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view VSA Overvi ew • IKE—Int ernet Ke y Excha nge ( IKE) is a hybri d securi ty prot ocol th at imp lemen ts O akley and Skeme key exchanges insi de the I nterne t Secu rity Associat ion an d Key Management Protocol (ISAK MP) framework. I KE[...]
-
Страница 17
1-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview VSA Overview Note Th e C7200 VS A is only suppo rted on the Ci sco 7200VX R with the NPE -G2 pro cessor . The VS A featu res hard ware acce lerat ion for Ad vanced Encr yption Standard (AES), Data En crypti on Standa rd (DES), an d T riple [...]
-
Страница 18
1-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Hardware Req uired The VSA pro vides hardw are-ac celer ated suppor t for mult iple encry ption functions : • 128/192/2 56-bi t Advanced Enc rypti on Stan dard (AES) i n hard ware • Data E ncryptio n Stand ard (D ES) standa rd m ode wit[...]
-
Страница 19
1-5 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview Support ed Stan dards, MIBs, and RFCs Performanc e Ta b l e 1 - 2 lists the performance informat ion for the VSA. Supported Sta ndards, MIBs, and RFCs This section de scribes the standards, Manage ment Inf ormation Base s (MIBs), a nd Requ [...]
-
Страница 20
1-6 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Enablin g/Disa bling the VS A Enabling/Disab ling the VSA This section includ es the followin g topics: • Disabling the V SA during O per ation , page 1-6 • Enab ling/D isabling Scheme , pa ge 1-6 The VS A crypto car d does not suppo rt[...]
-
Страница 21
1-7 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview LEDs LEDs The VSA has one LED, as sho wn in Figure 1-3 . T able 1 - 4 Syst em is in Ru n-time Oper ation Condition Sy stem is Configured Insert ing t he VSA The VSA runs in power-off, but you need to perf orm a sys tem rel oad or a reset to[...]
-
Страница 22
1-8 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Connecto rs Figur e 1 -3 VSA LED The follo wing condit io ns must be met be for e the ena ble d LED goes on: • The VS A is cor rect ly co nnecte d to th e back plan e and rece iving power . • The system b us recognizes the VSA. If eithe[...]
-
Страница 23
1-9 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview Slot Lo cations Figur e 1 -4 Cisco 7204VXR Rout er - F r ont Vi ew 2 E T H E R N E T - 1 0 B F L EN R X 0 1 2 3 4 T X R X TX RX TX R X T X R X TX Cisco 7200 S E R IE S XVR 0 4 1 3 EN 0 7 1 2 3 4 5 6 SERIAL-EIA/TIA-232 1 2 3 ENABLED M I I L [...]
-
Страница 24
1-10 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Slot Locations Cisc o 7206 VXR Ro uter The VS A is supported in the I/O co ntroll er port on the Cisco 7206V XR route r (see 4 in Figure 1- 5 ). Figur e 1 -5 Cisco 7206VXR - F ron t View 1 Bl ank p ort adap ter 3 VSA in the I/O contro ller[...]
-
Страница 25
C HAPTER 2-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 2 Preparing for Installation This chap ter describes t he general e quipment, safet y , and site prepara tion requirem ents for insta lling the C 72 0 0 VS A ( V PN S e r v ic e s A da p t e r ). This chapte r cont ains t he fol low ing sections : •[...]
-
Страница 26
2-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 2 Prepar ing for Installation Hardwa re and Softwar e Requirem ents Softwa re Re quireme nts Ta b l e 2 - 1 lists the recommended minimum Cisco IOS softw are release requ ired to use the VSA in supporte d rou ter or switc h plat forms . Use the sh ow ve[...]
-
Страница 27
2-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 2 Prepa ring for Inst allation Online Insertion and Removal (OIR) • The V SA mo dule d oes no t suppor t Onl ine I nsertion and Removal (OIR). See “Ena bling /Di sabli ng the VSA” sect ion on page 1-6 for details. • Per packet count det ails fo[...]
-
Страница 28
2-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 2 Prepar ing for Installation Safety Guideli nes hazardous voltages and currents inside the chassi s; they contain electromag netic interference (EMI) that might disrupt other equipment; a nd they direct the flow of coolin g air through the chassis. Do [...]
-
Страница 29
2-5 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 2 Prepa ring for Inst allation Compliance with U.S. Expo rt Laws and Regulations Regarding Encryption Compliance wi th U.S. Export La ws and Regula tions Regarding Encryption This pr oduct perfor ms en crypti on and is regul ated for export by the U .S[...]
-
Страница 30
2-6 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 2 Prepar ing for Installation Complian ce with U.S . Export La ws and Regu lations Regarding En cryption[...]
-
Страница 31
C HAPTER 3-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 3 Removing and Installing the VSA This chap ter descr ibes ho w to remov e the C7 2 00 V S A ( V PN S e rv i c es Ad a p t er ) from th e supported platfor ms and how to install a new or replac ement VS A. Before you begin insta llation, read Chapt er[...]
-
Страница 32
3-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 3 Removin g and Installing the VSA Online Ins ertion an d Removal (OIR) Online Insertion and Removal (OIR) The VSA plugs into the I/O controller slot of the Cisco 7200 VXR series chassis. The VSA crypto car d does not sup port OIR. Th e VSA boo ts up on[...]
-
Страница 33
3-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 3 Removing and In stalling the VSA VSA Removal and Installation Foll ow these steps to remove and insert the VSA in the Cisco 7200VXR series rout ers: Step 1 T urn the p ower switch t o the off position and th en r emove the power cable . (Op tional on[...]
-
Страница 34
3-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 3 Removin g and Installing the VSA VSA Remova l and In stallati on[...]
-
Страница 35
C HAPTER 4-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 4 Configuring the VSA This c hapter conta ins th e infor mat ion an d proc edures need ed to c onfigure the C72 00 -V SA ( VP N S er vi ce s Ad a p t e r) . Thi s chapter co ntains the f ollo wing sect ions: • Overview , page 4-1 • Configuration T[...]
-
Страница 36
4-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s • Disabling VSA ( Optio nal), page 4 -4 (optio nal) • V erif ying IK E and IPSec Co nfigurations, p age 4- 15 (optio nal) • Configuring I PSec C onfiguration Example , page 4-18 (o ptiona l) Note Y ou [...]
-
Страница 37
4-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o con figure an IKE po licy , use t he fol lowing comm ands beginning in gl obal c onfigurat ion mod e: Command Purp ose Step 1 Router(config)# crypto isakmp policy priority Def ines a n IK E polic y an d[...]
-
Страница 38
4-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s For detailed informat ion on creating IKE policie s, refer to the “Conf igurin g Internet K ey Exchange Securit y Protocol” chapter in the Secu rity Conf igura tion Guide publication. Disabling VSA (Opti[...]
-
Страница 39
4-5 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s • Select ing Appro priate T ransforms • The Cry pto T ran sform Con f igura tion Mo de • Chan ging Exis ting T ran sfor ms • T rans form Ex ample A transform set is an ac ceptabl e combin ation of s[...]
-
Страница 40
4-6 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Ta b l e 4 - 1 shows allowed tran sform combi nati ons for the A H and ESP prot ocols. Examples of acceptabl e trans form combinati ons are as f ollo ws: • ah-md 5-hma c • esp- de s • esp- 3de s and es[...]
-
Страница 41
4-7 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s IPSec Protocols: AH and ESP Both the AH and ESP p rotocols imp lement secur ity service s for IPSec. AH pro vides data auth entication and ant ireplay serv ices. ESP provid es packet en cryption and option [...]
-
Страница 42
4-8 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Changing Existing Transforms If on e or more t ran sforms ar e spe cified i n the crypto ipsec transf orm-set co mmand for an exist ing transform set, the sp ecif ied transfo rms will rep lace th e existin g[...]
-
Страница 43
4-9 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o chan ge a glob al lifeti me fo r IPSec sec urity assoc iations , use one or more of the foll owing commands : Note Th e cl ear comman ds in Step 5 belo w ar e in E XEC or enabl e mode (see “Usin g th [...]
-
Страница 44
4-10 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Creating Crypto Access Lists Crypto access lists d ef ine which IP traf f ic will be protected b y encrypti on. (These access lists a re not the same as reg ular access lists, whic h determine what traf f i[...]
-
Страница 45
4-11 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o create cryp to map entries that will use IKE to establish the security associations, use the follo wing comman ds starti ng in glob al configurat ion mode : Step 4 Router(config-crypto-m)# set transfor[...]
-
Страница 46
4-12 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Creating Dynamic Crypto M aps A dyna mic c rypto m ap ent ry is a cr ypto m ap e ntry w ith so me par ameters not configured. The mi ssing paramet ers are later dynami cally configured (as t he resu lt of a[...]
-
Страница 47
4-13 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s Step 3 Router(config-crypto-m)# match address access-list-id (Opt ional ) Acc esses list numbe r or na me of an exte nded acc ess list. Th is access list deter mines which tra ff ic should be protecte d by[...]
-
Страница 48
4-14 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s T o add a dyna mic c rypto map set in to a cr ypto map set , us e the following c ommand in gl obal configurati on m ode: Applying Crypto Map Sets to Inter faces Apply a crypto ma p set to each interface th[...]
-
Страница 49
4-15 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o view in format ion ab out y our IPSec con figuration, use one o r more of th e fol lowing comm ands i n EXEC mod e: Verifying IKE a nd IPSe c Configuratio ns T o view informati on about you r IPSec con[...]
-
Страница 50
4-16 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Verifying the Configuration Some co nfiguration change s take e f fect only after subseq uent se curity assoc iations a re negoti ated. For the ne w settings to tak e ef fect immediately , clear th e existi[...]
-
Страница 51
4-17 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s remote ident (addr/mask/prot/port): (172.21.114.67/255.255.255.255/0/0) current_peer: 172.21.114.67 PERMIT, flags={origin_is_acl,} #pkts encaps: 10, #pkts encrypt: 10, #pkts digest 10 #pkts decaps: 10, #pk[...]
-
Страница 52
4-18 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rat ion Ex ampl es Configuration E xamples This section pro vides the foll owin g config uration ex amples: • Configuring I KE Pol icies E xample , page 4-18 • Configuring I PSec C onfiguration Example , page 4-18 •[...]
-
Страница 53
4-19 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Basic IPSec Configuration Illustration The crypto map is appl ied to an interf ace: interface Serial0 ip address 10.0.0.2 crypto map toRemoteSite Note In this ex ample, I KE must be enabled. Basic IPSec Configur ation Ill ustrat[...]
-
Страница 54
4-20 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Bas ic I PSec Co nf igur atio n Il lust rat ion Note In the preceding e xample, th e encryptio n DES of polic y 15 would not ap pear in the writte n conf iguration because this is the def ault va lue for the encr yption algorithm [...]
-
Страница 55
4-21 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Troubl eshoo ting T ips A crypto m ap joins t he transform set a nd specif ies wher e the pr otected traf fic is sent ( the remote IPSec peer): crypto map toRemoteSite 10 ipsec-isakmp match address 101 set peer 10.0.0.3 set tran[...]
-
Страница 56
4-22 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Troubl esh oot ing Ti ps Decrypted PHY I/F:0x0000000000000000 TUNNEL I/F: 0x0000000000000000 SPI Error PHY I/F:0x0000000000000000 TUNNEL I/F: 0x0000000000000000 Pass clear PHY I/F:0x0000000000000000 TUNNEL I/F: 0x0000000000000000 [...]
-
Страница 57
4-23 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Monitoring and Maintaining the VSA T o see if th e IKE/IPSec p ackets ar e being re dire cted to the VSA for IKE nego tiation an d IPSec encr yption and decryp tio n, enter the show crypto eli command. Th e fo llowing is sampl e[...]
-
Страница 58
4-24 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Monitorin g and Maint aining the VSA The crypt o ipsec ipv4 deny-po licy {ju mp | clear | drop} comma nd helps yo u av oid this problem . The clear keyword al lows a deny address ra nge to be progr ammed i n hardwa re, the deny ad[...]
-
Страница 59
IN-1 C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 INDEX A acceler ation mo dule, VPN ( see VA M) 1 - 1 acces s-list ( encryption ) comman d 4 - 10 B basic IPSec c onfigura tion 4 - 19 illustration 4 - 19 C cables , conne ctors, and pi nouts 1 - 8 cautions, warnings a nd 3 - 2 clear crypto sa co mmand 4 - 14, [...]
-
Страница 60
Index IN-2 C7200 VSA (VPN Services Ada pter) In stallation and Con figuration Gu ide OL-9129-02 I IKE config uring 1 - 6, 4 - 2 conf iguring po licies ex ampl e 4 - 18 insertion a nd removal, online 3 - 2 interpr eter, EX EC command 4 - 2 IPSec access lists 4 - 8 monitori ng 4 - 16 transform sets defining 4 - 5 IPSec (IPSec network sec urity protoc[...]
-
Страница 61
Inde x IN-3 C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 requir ements 2 - 2 software an d hardware compatab ility ix, 2 - 2 standards supported 1 - 5 T This 2 - 1 tools and equ ipment , require d 2 - 1 V VAM handling 3 - 1 VPN Accelera tion Modul e (see VAM) 1 - 1 VSA featu res 1 - 4 handling 3 - 1 monitorin[...]
-
Страница 62
Index IN-4 C7200 VSA (VPN Services Ada pter) In stallation and Con figuration Gu ide OL-9129-02[...]