Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/newdedyk/domains/bkmanuals.com/public_html/includes/pages/manual_inc.php on line 26
Cisco Systems C7200 manuale d’uso - BKManuals

Cisco Systems C7200 manuale d’uso

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

Vai alla pagina of

Un buon manuale d’uso

Le regole impongono al rivenditore l'obbligo di fornire all'acquirente, insieme alle merci, il manuale d’uso Cisco Systems C7200. La mancanza del manuale d’uso o le informazioni errate fornite al consumatore sono la base di una denuncia in caso di inosservanza del dispositivo con il contratto. Secondo la legge, l’inclusione del manuale d’uso in una forma diversa da quella cartacea è permessa, che viene spesso utilizzato recentemente, includendo una forma grafica o elettronica Cisco Systems C7200 o video didattici per gli utenti. La condizione è il suo carattere leggibile e comprensibile.

Che cosa è il manuale d’uso?

La parola deriva dal latino "instructio", cioè organizzare. Così, il manuale d’uso Cisco Systems C7200 descrive le fasi del procedimento. Lo scopo del manuale d’uso è istruire, facilitare lo avviamento, l'uso di attrezzature o l’esecuzione di determinate azioni. Il manuale è una raccolta di informazioni sull'oggetto/servizio, un suggerimento.

Purtroppo, pochi utenti prendono il tempo di leggere il manuale d’uso, e un buono manuale non solo permette di conoscere una serie di funzionalità aggiuntive del dispositivo acquistato, ma anche evitare la maggioranza dei guasti.

Quindi cosa dovrebbe contenere il manuale perfetto?

Innanzitutto, il manuale d’uso Cisco Systems C7200 dovrebbe contenere:
- informazioni sui dati tecnici del dispositivo Cisco Systems C7200
- nome del fabbricante e anno di fabbricazione Cisco Systems C7200
- istruzioni per l'uso, la regolazione e la manutenzione delle attrezzature Cisco Systems C7200
- segnaletica di sicurezza e certificati che confermano la conformità con le norme pertinenti

Perché non leggiamo i manuali d’uso?

Generalmente questo è dovuto alla mancanza di tempo e certezza per quanto riguarda la funzionalità specifica delle attrezzature acquistate. Purtroppo, la connessione e l’avvio Cisco Systems C7200 non sono sufficienti. Questo manuale contiene una serie di linee guida per funzionalità specifiche, la sicurezza, metodi di manutenzione (anche i mezzi che dovrebbero essere usati), eventuali difetti Cisco Systems C7200 e modi per risolvere i problemi più comuni durante l'uso. Infine, il manuale contiene le coordinate del servizio Cisco Systems in assenza dell'efficacia delle soluzioni proposte. Attualmente, i manuali d’uso sotto forma di animazioni interessanti e video didattici che sono migliori che la brochure suscitano un interesse considerevole. Questo tipo di manuale permette all'utente di visualizzare tutto il video didattico senza saltare le specifiche e complicate descrizioni tecniche Cisco Systems C7200, come nel caso della versione cartacea.

Perché leggere il manuale d’uso?

Prima di tutto, contiene la risposta sulla struttura, le possibilità del dispositivo Cisco Systems C7200, l'uso di vari accessori ed una serie di informazioni per sfruttare totalmente tutte le caratteristiche e servizi.

Dopo l'acquisto di successo di attrezzature/dispositivo, prendere un momento per familiarizzare con tutte le parti del manuale d'uso Cisco Systems C7200. Attualmente, sono preparati con cura e tradotti per essere comprensibili non solo per gli utenti, ma per svolgere la loro funzione di base di informazioni e di aiuto.

Sommario del manuale d’uso

  • Pagina 1

    Corporate He adquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 C720 0 VS A (VP N S er vices A dapter) Installation and Conf iguration Guide Text Pa rt Nu mber: OL-9129- 02[...]

  • Pagina 2

    THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY PR[...]

  • Pagina 3

    iii C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 CONTENTS Preface vi i Audienc e vii Warnings vii Object ives viii Organi zation vi ii Relat ed D ocum ent atio n ix Obtain ing Docu mentati on ix Cisco. com ix Produc t Documentat ion DVD x Orderi ng Documenta tion x Document ation F eedback x Cisco Product Sec[...]

  • Pagina 4

    Cont ent s iv C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Disabl ing the VSA du ring Operation 1 - 6 Enabl ing/ Dis abling Sc heme 1 - 6 LEDs 1 - 7 Conn ecto rs 1 - 8 Slot L oca tion s 1 - 8 Cisco 72 04VXR Rou ter 1 - 8 Cisco 72 06VXR Rou ter 1 - 10 Prepari ng for Instal lation 2 - 1 Requir ed Tools an d Equ[...]

  • Pagina 5

    Content s v C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Changin g Exis ting Tran sforms 4 - 8 Transf orm Examp le 4 - 8 Config urin g IPSec 4 - 8 Ensuri ng T hat Acce ss L ists Ar e Compat ible with I PSec 4 - 8 Setti ng Global Li fet imes for IP Sec Secu rity Asso ciatio ns 4 - 8 Creati ng Cryp to Ac cess L[...]

  • Pagina 6

    Cont ent s vi C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02[...]

  • Pagina 7

    vii C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Preface This pr eface d escrib es the obj ectiv es and o rganization o f th is do cument and explains how to find additional info rmation on related prod ucts and services. This pref ace contains the fo llowin g sections: • Audienc e, pag e vii • W arnings,[...]

  • Pagina 8

    viii C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Objectiv es War ni n g IMPO RT ANT SAFETY INSTRUC TIONS This warning symbol means dang er . Y ou are in a sit uation that could cause bodily i njury . Before you work on any equipment, be awa re of the hazards involved with electrical circuitry and be [...]

  • Pagina 9

    ix C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Pre face Relat ed Docume ntation Related Documentation This sect ion lists docu mentation rela ted to your r outer and its function ality . Because we no longer ship the entire rou ter documentatio n set automatically with each system, this documentati on is av [...]

  • Pagina 10

    x C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Docum entation Fe edback Y ou can a ccess the Cisco website at this URL: http://www .cisc o.com Y ou can acce ss international Cisco websites at this U RL: http://www .cisco .com/public/co untries_languag es.shtml Product Docu mentation DVD The Product D [...]

  • Pagina 11

    xi C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Pre face Produc t Alerts an d Field Not ices A current list of security advisories, security notices, and security respo nses for Cisco products is av ailable at this URL: http://www .cisco .com/go/psir t T o see secu rity advis ories, sec urity notic es, and se[...]

  • Pagina 12

    xii C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Obtain ing Techni cal Ass istance T o acce ss the Produ ct Aler t T ool, y ou must be a registe red Cisco. com use r . (T o register as a Cisco. com user , go to this URL : http://tools.c isco.com/RPF/registe r/re gister .do ) Regi ster ed user s can ac[...]

  • Pagina 13

    xiii C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 Pre face Obtaining Additional Publications and Information Submitting a Se rvice Request Using the online T A C Service Reque st T ool is the fastest way to ope n S3 an d S4 servi ce req uests. ( S3 and S4 service re quests are those in which your net work is [...]

  • Pagina 14

    xiv C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Preface Obtainin g Addi tional Pub lications and Informat ion • The Cisco Pr o duct Quic k Refer ence Guide is a handy , compact refe rence tool that in cludes brief product overviews, key feature s, sample par t numbers, and abb reviated technic al specifica[...]

  • Pagina 15

    C HAPTER 1-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 1 Overview This ch apter de scribe s the C 72 0 0 V S A ( V P N S e rv ic e s A da p t e r ) an d contain s the fol lo wing sect ions: • Data En cry ption Over vie w , pa ge 1-1 • VSA Overvi e w , page 1-2 • Hardware Requ ired, page 1- 4 • Fea[...]

  • Pagina 16

    1-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view VSA Overvi ew • IKE—Int ernet Ke y Excha nge ( IKE) is a hybri d securi ty prot ocol th at imp lemen ts O akley and Skeme key exchanges insi de the I nterne t Secu rity Associat ion an d Key Management Protocol (ISAK MP) framework. I KE[...]

  • Pagina 17

    1-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview VSA Overview Note Th e C7200 VS A is only suppo rted on the Ci sco 7200VX R with the NPE -G2 pro cessor . The VS A featu res hard ware acce lerat ion for Ad vanced Encr yption Standard (AES), Data En crypti on Standa rd (DES), an d T riple [...]

  • Pagina 18

    1-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Hardware Req uired The VSA pro vides hardw are-ac celer ated suppor t for mult iple encry ption functions : • 128/192/2 56-bi t Advanced Enc rypti on Stan dard (AES) i n hard ware • Data E ncryptio n Stand ard (D ES) standa rd m ode wit[...]

  • Pagina 19

    1-5 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview Support ed Stan dards, MIBs, and RFCs Performanc e Ta b l e 1 - 2 lists the performance informat ion for the VSA. Supported Sta ndards, MIBs, and RFCs This section de scribes the standards, Manage ment Inf ormation Base s (MIBs), a nd Requ [...]

  • Pagina 20

    1-6 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Enablin g/Disa bling the VS A Enabling/Disab ling the VSA This section includ es the followin g topics: • Disabling the V SA during O per ation , page 1-6 • Enab ling/D isabling Scheme , pa ge 1-6 The VS A crypto car d does not suppo rt[...]

  • Pagina 21

    1-7 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview LEDs LEDs The VSA has one LED, as sho wn in Figure 1-3 . T able 1 - 4 Syst em is in Ru n-time Oper ation Condition Sy stem is Configured Insert ing t he VSA The VSA runs in power-off, but you need to perf orm a sys tem rel oad or a reset to[...]

  • Pagina 22

    1-8 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Connecto rs Figur e 1 -3 VSA LED The follo wing condit io ns must be met be for e the ena ble d LED goes on: • The VS A is cor rect ly co nnecte d to th e back plan e and rece iving power . • The system b us recognizes the VSA. If eithe[...]

  • Pagina 23

    1-9 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 1 Ov erview Slot Lo cations Figur e 1 -4 Cisco 7204VXR Rout er - F r ont Vi ew 2 E T H E R N E T - 1 0 B F L EN R X 0 1 2 3 4 T X R X TX RX TX R X T X R X TX Cisco 7200 S E R IE S XVR 0 4 1 3 EN 0 7 1 2 3 4 5 6 SERIAL-EIA/TIA-232 1 2 3 ENABLED M I I L [...]

  • Pagina 24

    1-10 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Ch apter 1 Over view Slot Locations Cisc o 7206 VXR Ro uter The VS A is supported in the I/O co ntroll er port on the Cisco 7206V XR route r (see 4 in Figure 1- 5 ). Figur e 1 -5 Cisco 7206VXR - F ron t View 1 Bl ank p ort adap ter 3 VSA in the I/O contro ller[...]

  • Pagina 25

    C HAPTER 2-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 2 Preparing for Installation This chap ter describes t he general e quipment, safet y , and site prepara tion requirem ents for insta lling the C 72 0 0 VS A ( V PN S e r v ic e s A da p t e r ). This chapte r cont ains t he fol low ing sections : •[...]

  • Pagina 26

    2-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 2 Prepar ing for Installation Hardwa re and Softwar e Requirem ents Softwa re Re quireme nts Ta b l e 2 - 1 lists the recommended minimum Cisco IOS softw are release requ ired to use the VSA in supporte d rou ter or switc h plat forms . Use the sh ow ve[...]

  • Pagina 27

    2-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 2 Prepa ring for Inst allation Online Insertion and Removal (OIR) • The V SA mo dule d oes no t suppor t Onl ine I nsertion and Removal (OIR). See “Ena bling /Di sabli ng the VSA” sect ion on page 1-6 for details. • Per packet count det ails fo[...]

  • Pagina 28

    2-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 2 Prepar ing for Installation Safety Guideli nes hazardous voltages and currents inside the chassi s; they contain electromag netic interference (EMI) that might disrupt other equipment; a nd they direct the flow of coolin g air through the chassis. Do [...]

  • Pagina 29

    2-5 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 2 Prepa ring for Inst allation Compliance with U.S. Expo rt Laws and Regulations Regarding Encryption Compliance wi th U.S. Export La ws and Regula tions Regarding Encryption This pr oduct perfor ms en crypti on and is regul ated for export by the U .S[...]

  • Pagina 30

    2-6 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 2 Prepar ing for Installation Complian ce with U.S . Export La ws and Regu lations Regarding En cryption[...]

  • Pagina 31

    C HAPTER 3-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 3 Removing and Installing the VSA This chap ter descr ibes ho w to remov e the C7 2 00 V S A ( V PN S e rv i c es Ad a p t er ) from th e supported platfor ms and how to install a new or replac ement VS A. Before you begin insta llation, read Chapt er[...]

  • Pagina 32

    3-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 3 Removin g and Installing the VSA Online Ins ertion an d Removal (OIR) Online Insertion and Removal (OIR) The VSA plugs into the I/O controller slot of the Cisco 7200 VXR series chassis. The VSA crypto car d does not sup port OIR. Th e VSA boo ts up on[...]

  • Pagina 33

    3-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 3 Removing and In stalling the VSA VSA Removal and Installation Foll ow these steps to remove and insert the VSA in the Cisco 7200VXR series rout ers: Step 1 T urn the p ower switch t o the off position and th en r emove the power cable . (Op tional on[...]

  • Pagina 34

    3-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 3 Removin g and Installing the VSA VSA Remova l and In stallati on[...]

  • Pagina 35

    C HAPTER 4-1 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 4 Configuring the VSA This c hapter conta ins th e infor mat ion an d proc edures need ed to c onfigure the C72 00 -V SA ( VP N S er vi ce s Ad a p t e r) . Thi s chapter co ntains the f ollo wing sect ions: • Overview , page 4-1 • Configuration T[...]

  • Pagina 36

    4-2 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s • Disabling VSA ( Optio nal), page 4 -4 (optio nal) • V erif ying IK E and IPSec Co nfigurations, p age 4- 15 (optio nal) • Configuring I PSec C onfiguration Example , page 4-18 (o ptiona l) Note Y ou [...]

  • Pagina 37

    4-3 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o con figure an IKE po licy , use t he fol lowing comm ands beginning in gl obal c onfigurat ion mod e: Command Purp ose Step 1 Router(config)# crypto isakmp policy priority Def ines a n IK E polic y an d[...]

  • Pagina 38

    4-4 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s For detailed informat ion on creating IKE policie s, refer to the “Conf igurin g Internet K ey Exchange Securit y Protocol” chapter in the Secu rity Conf igura tion Guide publication. Disabling VSA (Opti[...]

  • Pagina 39

    4-5 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s • Select ing Appro priate T ransforms • The Cry pto T ran sform Con f igura tion Mo de • Chan ging Exis ting T ran sfor ms • T rans form Ex ample A transform set is an ac ceptabl e combin ation of s[...]

  • Pagina 40

    4-6 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Ta b l e 4 - 1 shows allowed tran sform combi nati ons for the A H and ESP prot ocols. Examples of acceptabl e trans form combinati ons are as f ollo ws: • ah-md 5-hma c • esp- de s • esp- 3de s and es[...]

  • Pagina 41

    4-7 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s IPSec Protocols: AH and ESP Both the AH and ESP p rotocols imp lement secur ity service s for IPSec. AH pro vides data auth entication and ant ireplay serv ices. ESP provid es packet en cryption and option [...]

  • Pagina 42

    4-8 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Changing Existing Transforms If on e or more t ran sforms ar e spe cified i n the crypto ipsec transf orm-set co mmand for an exist ing transform set, the sp ecif ied transfo rms will rep lace th e existin g[...]

  • Pagina 43

    4-9 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o chan ge a glob al lifeti me fo r IPSec sec urity assoc iations , use one or more of the foll owing commands : Note Th e cl ear comman ds in Step 5 belo w ar e in E XEC or enabl e mode (see “Usin g th [...]

  • Pagina 44

    4-10 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Creating Crypto Access Lists Crypto access lists d ef ine which IP traf f ic will be protected b y encrypti on. (These access lists a re not the same as reg ular access lists, whic h determine what traf f i[...]

  • Pagina 45

    4-11 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o create cryp to map entries that will use IKE to establish the security associations, use the follo wing comman ds starti ng in glob al configurat ion mode : Step 4 Router(config-crypto-m)# set transfor[...]

  • Pagina 46

    4-12 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Creating Dynamic Crypto M aps A dyna mic c rypto m ap ent ry is a cr ypto m ap e ntry w ith so me par ameters not configured. The mi ssing paramet ers are later dynami cally configured (as t he resu lt of a[...]

  • Pagina 47

    4-13 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s Step 3 Router(config-crypto-m)# match address access-list-id (Opt ional ) Acc esses list numbe r or na me of an exte nded acc ess list. Th is access list deter mines which tra ff ic should be protecte d by[...]

  • Pagina 48

    4-14 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s T o add a dyna mic c rypto map set in to a cr ypto map set , us e the following c ommand in gl obal configurati on m ode: Applying Crypto Map Sets to Inter faces Apply a crypto ma p set to each interface th[...]

  • Pagina 49

    4-15 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s T o view in format ion ab out y our IPSec con figuration, use one o r more of th e fol lowing comm ands i n EXEC mod e: Verifying IKE a nd IPSe c Configuratio ns T o view informati on about you r IPSec con[...]

  • Pagina 50

    4-16 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rati on Task s Verifying the Configuration Some co nfiguration change s take e f fect only after subseq uent se curity assoc iations a re negoti ated. For the ne w settings to tak e ef fect immediately , clear th e existi[...]

  • Pagina 51

    4-17 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Config ura tion Task s remote ident (addr/mask/prot/port): (172.21.114.67/255.255.255.255/0/0) current_peer: 172.21.114.67 PERMIT, flags={origin_is_acl,} #pkts encaps: 10, #pkts encrypt: 10, #pkts digest 10 #pkts decaps: 10, #pk[...]

  • Pagina 52

    4-18 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Conf igu rat ion Ex ampl es Configuration E xamples This section pro vides the foll owin g config uration ex amples: • Configuring I KE Pol icies E xample , page 4-18 • Configuring I PSec C onfiguration Example , page 4-18 •[...]

  • Pagina 53

    4-19 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Basic IPSec Configuration Illustration The crypto map is appl ied to an interf ace: interface Serial0 ip address 10.0.0.2 crypto map toRemoteSite Note In this ex ample, I KE must be enabled. Basic IPSec Configur ation Ill ustrat[...]

  • Pagina 54

    4-20 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Bas ic I PSec Co nf igur atio n Il lust rat ion Note In the preceding e xample, th e encryptio n DES of polic y 15 would not ap pear in the writte n conf iguration because this is the def ault va lue for the encr yption algorithm [...]

  • Pagina 55

    4-21 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Troubl eshoo ting T ips A crypto m ap joins t he transform set a nd specif ies wher e the pr otected traf fic is sent ( the remote IPSec peer): crypto map toRemoteSite 10 ipsec-isakmp match address 101 set peer 10.0.0.3 set tran[...]

  • Pagina 56

    4-22 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Troubl esh oot ing Ti ps Decrypted PHY I/F:0x0000000000000000 TUNNEL I/F: 0x0000000000000000 SPI Error PHY I/F:0x0000000000000000 TUNNEL I/F: 0x0000000000000000 Pass clear PHY I/F:0x0000000000000000 TUNNEL I/F: 0x0000000000000000 [...]

  • Pagina 57

    4-23 C7200 VSA (VPN Services Adap ter) In stallati on and Conf iguration Gui de OL-9129-02 Chapter 4 Conf iguring the VSA Monitoring and Maintaining the VSA T o see if th e IKE/IPSec p ackets ar e being re dire cted to the VSA for IKE nego tiation an d IPSec encr yption and decryp tio n, enter the show crypto eli command. Th e fo llowing is sampl e[...]

  • Pagina 58

    4-24 C7200 VSA (VPN Service s Adapter) Insta llation a nd Configurat ion Guide OL-9129-02 Chapter 4 Configuring the VSA Monitorin g and Maint aining the VSA The crypt o ipsec ipv4 deny-po licy {ju mp | clear | drop} comma nd helps yo u av oid this problem . The clear keyword al lows a deny address ra nge to be progr ammed i n hardwa re, the deny ad[...]

  • Pagina 59

    IN-1 C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 INDEX A acceler ation mo dule, VPN ( see VA M) 1 - 1 acces s-list ( encryption ) comman d 4 - 10 B basic IPSec c onfigura tion 4 - 19 illustration 4 - 19 C cables , conne ctors, and pi nouts 1 - 8 cautions, warnings a nd 3 - 2 clear crypto sa co mmand 4 - 14, [...]

  • Pagina 60

    Index IN-2 C7200 VSA (VPN Services Ada pter) In stallation and Con figuration Gu ide OL-9129-02 I IKE config uring 1 - 6, 4 - 2 conf iguring po licies ex ampl e 4 - 18 insertion a nd removal, online 3 - 2 interpr eter, EX EC command 4 - 2 IPSec access lists 4 - 8 monitori ng 4 - 16 transform sets defining 4 - 5 IPSec (IPSec network sec urity protoc[...]

  • Pagina 61

    Inde x IN-3 C7200 VSA (VPN Service s Adapter) Installation a nd Configur ation Gui de OL-9129-02 requir ements 2 - 2 software an d hardware compatab ility ix, 2 - 2 standards supported 1 - 5 T This 2 - 1 tools and equ ipment , require d 2 - 1 V VAM handling 3 - 1 VPN Accelera tion Modul e (see VAM) 1 - 1 VSA featu res 1 - 4 handling 3 - 1 monitorin[...]

  • Pagina 62

    Index IN-4 C7200 VSA (VPN Services Ada pter) In stallation and Con figuration Gu ide OL-9129-02[...]