Cisco Systems 520 series manual

Americas Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 527-0883 Cisco S ecure Router 520 S eries S of tw are Conf iguration Guide Customer Order Number: Text Part Number: OL -14210-01[...]

THE SPECIFICATION S AND INFORMATION RE GARDING THE PR ODUCTS IN THIS MA NUAL ARE SUBJECT T O CHANGE WITHOUT NOTICE. ALL STATEMENTS , INFORMATION, AND RECOMMENDATI ONS IN THI S MANUAL ARE BE LIEVED TO BE A CCURATE BUT ARE PRESENTED WI THOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSI BILITY FOR THEIR APPLICATION OF ANY P[...]

iii Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 CONTENTS Preface ix Objective ix Audience ix Organization x Conventi ons xi Related Documentation xvi Obtaining Documentation and Submitting a Serv ice Request xvii PART 1 Getting Started CHAPTER 1 Basic Router Co nfiguration 1-1 Viewing the De fault Configuration 1-2 Infor[...]

Contents iv Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 PART 2 Configuring Your Router for Ethernet and DSL Access CHAPTER 2 Sample Network Deployments 2-1 CHAPTER 3 Configuring PPP over Ethernet with NAT 3-1 Configure the Virtual Private Dialup Network Group Number 3-2 Configure the Fast Ethernet WAN Interfaces 3-3 Conf[...]

Contents v Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Apply the Crypto Map to the Physic al Interface 6-8 Create an Easy VPN Remote Configuratio n 6-9 Verifying Your Easy VPN Configuratio n 6-10 Configuration Example 6-10 CHAPTER 7 Configuring VPNs Using a n IPsec Tunnel a nd Generic Routing Encapsulation 7-1 Configure [...]

Contents vi Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Guidelines for Creating Access Groups 11-3 Configuring a CBAC Firewall 11-3 Configuring Cisco IOS Firewall IDS 11-4 Configuring VPNs 11-4 CHAPTER 12 Troubleshooting 12-1 Getting Started 12-1 Before Contacting Cisco or Your Reseller 12-1 ADSL Troubleshooting 12-2 ATM[...]

Contents vii Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Saving Configuration Changes A-6 Summary A-7 Where to Go Next A-7 APPENDIX B Concepts B-1 ADSL B-1 Network Protocols B-2 IP B-2 Routing Protocol Options B-2 RIP B-2 PPP Authentication P rotocols B-3 PAP B-3 CHAP B-3 TACACS+ B- 4 Network Interfaces B-4 Ethernet B-4 [...]

Contents viii Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Optional Variables C-4 Using the TFTP Download Command C-5 Configuration Register C-5 Changing th e Configurat ion Register Manually C-6 Changing th e Configuration Register Using Prompts C-6 Console Download C-7 Command Description C-7 Error Reporting C-8 Debug C[...]

ix Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface This preface describes the objectiv es, audience, org a nization, and co n ventions of this gui de, and describes related docu ments that ha ve additio nal information. It contains the follo wing sections: • Objecti ve, page ix • Audience, p age ix • Organizati[...]

x Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface Organization This guide is or ganized into the follo wing chapters and appendi x. Part 1: Getting Started Chapter 1 , “Basic Router Conf iguration” Describes how to conf igure basic router features and interfaces. Part 2: Configuring Y our Router for Ethernet and [...]

xi Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface Conventions This section descri bes the con vention s used in this guide. Note Means reader take note . Notes contain helpful suggestio ns or references to additio nal information and material. Caution This symbol means r eader be careful . In thi s situation, you mi[...]

xii Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface Attention IMPORT ANTES INFORMA TIONS DE SÉCURITÉ Ce symbole d'avertissement indique un danger . V ous vous trouvez dans une situation pouvant entraîner des blessures ou des do mmages corporels. A vant de travailler sur un équipement, soyez conscient des dan[...]

xiii Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface ¡Advertencia! INSTRUCCIONES IMPORT ANTES DE SEGURIDAD Este símbolo de aviso indica peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, conside re los riesgos de la corriente eléctrica y familiarícese con los procedimientos es[...]

xiv Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface Avi so INSTRUÇÕES IMPORT ANTES DE SEGURANÇA Este símbolo de aviso significa perigo. V ocê se encontra em uma situação em que há risco de le sões corporais. Antes de trabalhar com qualquer equipam ento, esteja ciente dos riscos que envolvem os circuitos elé[...]

xv Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface[...]

xvi Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface Related Documentation The Cisco Secure Router 520 Series pr oduct is shipped wi th a minimal set of printed do cumentation. Additional prod uct documentation is a vailable on Cisco.co m. In addition to the Cisco Secur e Router 520 Series Softwar e Config uration Gui[...]

xvii Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface Obtaining Documentation and Submitting a Service Request For info rmation on obtaining documentation, sub mitting a service request, and gatheri ng additional information, see the mont hly What’ s New in Cisco Pr oduct Documentation , which also li sts all ne w a[...]

xviii Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Preface[...]

P ART 1 Get ting Star ted[...]

[...]

CH A P T E R 1-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 1 Basic Router Configuration The Cisco Secure Router 520 Series r outers are designed for small b usinesses with up to 50 users and telew orkers who want secure connect i vity to corporate LANs and to th e Internet. These routers pro vide adv anced security fea[...]

1-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Con figuration Viewing the De fault Configuration Viewing the Default Configuration When the router first boots up, some basic confi gurat ion has already been performed. All of the LAN and W AN interfaces have been created, console and VTY ports are [...]

1-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Configuration Interface Port Labels – Order the appropriate li ne from your public tele phone service pro vider . Ensure that the ADSL signaling type is DMT (also called AN SI T1.413) or DMT Issue 2. Once you hav e collected the ap propriate informa[...]

1-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Con figuration Configuring Basic Parameters Configure Global Parameters Perform these steps to configure select ed gl obal parameters for your rout er: For complete in formation on the global paramet er commands, see the Cisco IOS Release 12.3 documen[...]

1-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Configuration Configuring Basic Parameters Based on the rou ter you hav e, configure th e W AN interface( s) by usin g one of the follo wing procedures: • Config ure the Fast Eth ernet W AN Interface • Config ure the A TM W AN Interface Configure [...]

1-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Con figuration Configuring Basic Parameters Perform these steps to conf igure the A TM interface, beginning in global conf iguration mode: Configure the Wireless Interface The wireless interface enables connection to the rout er through a wireless LAN[...]

1-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Configuration Configuring Basic Parameters Perform these steps to conf igure a loopback interface, beginni ng in global conf iguration mode: Configuration Example The loopback interf ace in this sample conf iguratio n is used to supp ort Network Ad dr[...]

1-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Con figuration Configuring Basic Parameters Last clearing of "show interface" counters never Queuing strategy: fifo Output queue 0/0, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bit[...]

1-9 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Configuration Configuring Basic Parameters For complete in formation about the co mmand line commands, see the Cisco IOS Rel ease 12.3 documentation set . Configuration Example The follo wing conf iguration shows th e command-line access commands. Y o[...]

1-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Con figuration Configuring Static Routes Configuring Static Routes Static routes pro vide fix ed routing paths through the network. Th ey are manually conf igured on the router . If the network topo logy changes, the static ro ute must be updated wit[...]

1-11 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Configuration Configuring Dyn amic Routes ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.108.1.0 is dire[...]

1-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 1 Basic Router Con figuration Configuring Dynamic Routes For complete in formation on the dynamic routi ng commands, see the Cisco IOS Release 12 .3 documentatio n set. For more general in formation on RIP , see Appendix B, “Concepts. ” Configuration Example Th[...]

P ART 2 Conf iguring Y our Router f o r Ethernet and DSL A ccess[...]

[...]

CH A P T E R 2-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 2 Sample Network Deployments This part of the softw are config uration guide presents a v ariety of possible Ethernet and Digital Subscriber Line (DSL)—based networ k conf igurations using the Cisco Secure Router 520 Ser ies router . Each scenario is describe[...]

2-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 2 Sample Network De ployments • Chapter 7, “Configuring VPNs Using an IPsec T u nnel and G eneric Ro uting Encapsu lation” • Chapter 8, “Configu ring a Simple Fire wall”[...]

CH A P T E R 3-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 3 Configuring PPP over Ethernet with NAT The Cisco Secure Router 520 Ethernet-to-Ethernet r outers su pport Point-to-Po int Protocol o ver Ethern et (PPPoE) clients and network address translat ion (N A T). Multiple PCs can be connected to the LAN behind the ro[...]

3-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 3 Configuring PPP over Ethernet with NAT Configure the Vir tual Private Dialup Network Group Number PPPoE The PPPoE Client feature on the router pro vides PPPoE client support on Ethernet interf aces. A dialer interface must be used f or cloning virtual access. Mult[...]

3-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 3 Configuri ng PPP over Ethern et with NAT Configure the Fast Ethern et WAN Interfaces Configure the Fast Ethernet WAN Interfaces In this scenario, the PPPoE client (your Cisco router ) communicates ov er a 10/100 Mbps-Ethernet interface on both t he inside and the [...]

3-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 3 Configuring PPP over Ethernet with NAT Configure the Dialer Interface Configure the Dialer Interface The dialer interface indicates ho w to handle traff i c from the clients, including, for e x ample, def ault routing information, t he encapsulation protocol, and [...]

3-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 3 Configuri ng PPP over Ethern et with NAT Configure Network Address Translation Configure Network Address Translation Network Address T r anslation (N A T) tr anslates packets from addresses that match a standard access list, using glob al addresses allocate d by t[...]

3-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 3 Configuring PPP over Ethernet with NAT Configure Netw ork Address Tran slation Perform these steps to configu re the outside Fast Ethernet W AN interf ace with dynamic N A T , beginni ng in global conf iguration mode: Command Purpose Step 1 ip nat pool name start [...]

3-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 3 Configuri ng PPP over Ethern et with NAT Configure Network Address Translation Note If you want to use N A T with a virtual-template interf ace, you must conf igure a loopback interf ace. See Chapter 1, “Basic Router Configuration, ” for informat ion on confi [...]

3-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 3 Configuring PPP over Ethernet with NAT Configuratio n Example Configuration Example The follo wing conf iguration example sho ws a portion of the configurat ion file for the PPPoE scenario described in th is chapter . The VLAN interface has an IP ad dress of 192.1[...]

3-9 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 3 Configuri ng PPP over Ethern et with NAT Configuration E xample Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0[...]

3-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 3 Configuring PPP over Ethernet with NAT Configuratio n Example[...]

CH A P T E R 4-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 4 Configuring PPP over ATM with NAT The Cisco Secure Router 520 ADSL-ov er-PO TS and Cisco Secure Router 520 ADSL-ov er-ISDN routers support Point-to-Point Protocol o ver Asynchronous T r ansfer Mode (PPPoA) clie nts and network address translation (N A T). Mul[...]

4-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 4 Configu ring PPP over ATM with N AT Configure the Dialer Interface In this scenario, the smal l business or remote user on the F ast Ethernet LAN can connect to an Internet service pro vider (ISP) using the follo wing protocols on the W AN connect ion: • Asymmet[...]

4-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 4 Configuring PPP over ATM with NAT Configure th e Dialer Interface Perform these steps to configure a dialer interface fo r the A TM interface on the ro uter , starting in global confi guration mode: Command Purpose Step 1 interfac e dialer dialer -r otary-gr oup-n[...]

4-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 4 Configu ring PPP over ATM with N AT Configure the Dialer Interface Repeat these steps for any ad ditional dialer interfac es or dialer pools needed. Step 8 exit Example: Router(config-if)# exit Router(config)# Exits the dialer 0 interface configuration. Step 9 dia[...]

4-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 4 Configuring PPP over ATM with NAT Configure the ATM WAN Interface Configure the ATM WAN Interface Perform these steps to conf igure the A TM interface, beginning in global conf iguration mode: Command Purpose Step 1 interface type number Example: Router(config)# i[...]

4-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 4 Configu ring PPP over ATM with N AT Configure DSL Signa ling Protocol Configure DSL Signaling Protocol DSL signaling must be conf igured on the A TM interf ace for connection to your ISP . The Cisco Secure Router 520 ADSL-o ver -POTS rou ters support ADSL signal i[...]

4-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 4 Configuring PPP over ATM with NAT Configure Network Address Translation Verify the Configuration Y ou can verify t hat the confi guration is set the way yo u want b y using the sho w dsl interface atm command from pri vileged EXEC mode. Configure Network Address T[...]

4-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 4 Configu ring PPP over ATM with N AT Configure Netw ork Address Tran slation Step 4 ip nat { inside | outside } Example: Router(config-if)# ip nat inside Router(config-if)# Applies NA T to the Fast Ethernet LAN interface as the inside interf ace. For details ab out[...]

4-9 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 4 Configuring PPP over ATM with NAT Configuration E xample Note If you want to use N A T with a virtual-template interf ace, you must conf igure a loopback interf ace. See Chapter 1, “Basic Router Configuration, ” for informat ion on conf iguring the loopback in[...]

4-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 4 Configu ring PPP over ATM with N AT Configuratio n Example ip mtu 1492 encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap ! ip classless ( default ) ! ip nat pool pool1 192.168.1.0 192.168.2.0 netmask 0.0.0.255 ip nat inside source list 1 inte[...]

CH A P T E R 5-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 5 Configuring a LAN with DHCP and VLANs The Cisco Secure Router 520 Ser ies routers supp ort clients on both phy sical LANs and virtual LANs (VLANs). The routers can u se the Dynamic Host Conf iguration Protocol (DHCP) to enable auto matic assignment of IP conf[...]

5-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 5 Configu ring a LAN with DHCP and VLANs Configure DHCP Note Whenev er you change server p roperties, you must relo ad the serv er with the configur ation data from the Network Re gistrar database. VLANs The Cisco Secure Router 520 Series rou ters support four F ast[...]

5-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 5 Configuring a LAN with DHCP and VLANs Configure DHCP Step 4 ip dhcp pool name Example: Router(config)# ip dhcp pool dpool1 Router(dhcp-config)# Creates a DHCP address pool on the router and enters DHCP pool conf iguration mode. The name ar gument can be a string o[...]

5-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 5 Configu ring a LAN with DHCP and VLANs Configure DHCP Configuration Example The follo wing conf iguration example sho ws a portion of the confi guration fi le for the DCHP confi guration described in this chapter . ip dhcp excluded-address 192.168.9.0 ! ip dhcp po[...]

5-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 5 Configuring a LAN with DHCP and VLANs Configure VLANs Message Sent BOOTREPLY 0 DHCPOFFER 0 DHCPACK 0 DHCPNAK 0 Router# Configure VLANs Perform these steps to conf igure VLANs on your router , beginning in pri vileged EXEC mode: Command Purpose Step 1 vlan database[...]

5-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 5 Configu ring a LAN with DHCP and VLANs Configure VLANs Assign a Switch Port to a VLAN Perform these steps to assign a sw itch port to a VLAN, begi nning in global conf iguration mode: Verify Your VLAN Configuration Use the follo wing commands to vie w your VLAN co[...]

5-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 5 Configuring a LAN with DHCP and VLANs Configure VLANs VLAN ISL Id: 3 Name: red-vlan Media Type: Ethernet VLAN 802.10 Id: 100003 State: Operational MTU: 1500 VLAN ISL Id: 1002 Name: fddi-default Media Type: FDDI VLAN 802.10 Id: 101002 State: Operational MTU: 1500 B[...]

5-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 5 Configu ring a LAN with DHCP and VLANs Configure VLANs VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 1002 1003 2 enet 100002 1500 - -[...]

CH A P T E R 6-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel The Cisco Secure Router 520 Ser ies routers support the creation of V irtual Priv ate Networks (VPNs). Cisco routers and other broadband de vices provide high-perfo rmance connections to the Internet , but [...]

6-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Cisco Easy VPN The Cisco Easy VPN client feature elimin ates much of the tedious conf iguration work b y implementing the Cisco Un ity Client prot ocol. This protoc ol a llo ws most VPN parameters, such as inter[...]

6-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Configure the I KE Policy Note The procedures in this chap ter assume that you h av e already conf igur ed basic router feat ures as well as PPPoE or PPPoA with N A T , DCHP and VLANs. If you hav e not performe [...]

6-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Configure Gro up Policy Information Configure Group Policy Information Perform these steps to conf igure the group policy , begin ning in global co nfigur ation mode: Step 5 group { 1 | 2 | 5 } Example: Router(c[...]

6-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Apply Mode Con figur ation to the Crypto Map Apply Mode Configuration to the Crypto Map Perform these steps to apply mode co nfiguratio n to the crypto map, be ginning in global conf iguration mode: Step 4 domai[...]

6-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Enable Policy Lookup Enable Policy Lookup Perform these steps to enable polic y lookup through AAA, be ginning in global configurati on mode: Configure IPsec Transforms and Protocols A transform set represents a[...]

6-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Configure the IPsec Cryp to Method and Paramete rs Perform these steps to specify the IPsec transform set and protocols, be ginning in global conf iguration mode: Note W ith manually establish ed security associ[...]

6-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Apply the Crypto Ma p to the Phys ical Interface Apply the Crypto Map to the Physical Interface The crypto maps must be applied to each interface through which IP Security (IPsec) traff ic flows. Applying the cr[...]

6-9 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Create an Easy VPN Remote Configuration Create an Easy VPN Remote Configuration The router acting as the IPsec remote router must create an Easy VPN remote configuration and assign it to the outgoing interf ace.[...]

6-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Verifying Your Easy VPN Configuration Verifying Your Easy VPN Configuration router# show crypto ipsec client ezvpn Tunnel name :ezvpnclient Inside interface list:vlan 1 Outside interface:fastethernet 4 Current [...]

6-11 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Configuration E xample username Cisco password 0 Cisco ! crypto isakm p policy 1 encryption 3des authentication pre-share group 2 lifetime 480 ! crypto isakmp client configuration group rtr-remote key secret-pa[...]

6-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Configuratio n Example[...]

CH A P T E R 7-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation The Cisco Secure Router 520 Ser ies routers support the creation of virtual pr iv ate networks (VPNs). Cisco routers and other broadband de vices provide high-perfo rmance connections to[...]

7-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configur ing VPNs Using an IP sec Tun nel and Generic Routing E ncapsulation Configure a VPN GRE Tunnels GRE tunnels are typi cally used to establish a VPN be tween t he Cisco router and a remote de vice that controls access to a priv ate ne twork, such as a co rp[...]

7-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encap sulation Configure a VPN Configure the IKE Policy Perform these steps to conf igure the Internet Ke y Exchange (IKE) policy , beginni ng in global confi guration mode: Command or Action Purpose Step [...]

7-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configur ing VPNs Using an IP sec Tun nel and Generic Routing E ncapsulation Configure a VPN Configure Group Policy Information Perform these steps to conf igure the group policy , begin ning in global co nfigur ation mode: Command or Action Purpose Step 1 crypto [...]

7-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encap sulation Configure a VPN Enable Policy Lookup Perform these steps to enable polic y lookup through AAA, be ginning in global conf iguration mode: Configure IPsec Transforms and Protocols A transform [...]

7-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configur ing VPNs Using an IP sec Tun nel and Generic Routing E ncapsulation Configure a VPN Perform these steps to specify the IPsec transform set and protocols, be ginning in global conf iguration mode: Note W ith manually establish ed security association s, th[...]

7-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encap sulation Configure a VPN Apply the Crypto Map to the Physical Interface The crypto maps must be applied to each interface through which IP sec traf fic flo w s. Applying the crypto map to the ph ysic[...]

7-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configur ing VPNs Using an IP sec Tun nel and Generic Routing E ncapsulation Configure a GRE Tunnel Configure a GRE Tunnel Perform these steps to conf igure a GRE tunnel, beginning in glob al conf iguration mode: Step 2 crypto map map-name Example: Router(config-i[...]

7-9 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encap sulation Configuration E xample Configuration Example The follo wing conf iguration example sho ws a portion of the config uration fi le for a VPN using a GRE tunnel scenario described in the precedi[...]

7-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configur ing VPNs Using an IP sec Tun nel and Generic Routing E ncapsulation Configuratio n Example tunnel source fastethernet 0 tunnel destination interface 192.168.101.1 ip route 20.20.20.0 255.255.255.0 tunnel 1 crypto isakm p policy 1 encryption 3des authenti[...]

7-11 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encap sulation Configuration E xample ! ! Utilize NAT overload in order to make best use of the ! single address provided by the ISP. ip nat inside source list 102 interface Ethernet1 overload ip classles[...]

7-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 7 Configur ing VPNs Using an IP sec Tun nel and Generic Routing E ncapsulation Configuratio n Example[...]

CH A P T E R 8-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 8 Configuring a Simple Firewall The Cisco Secure Router 520 Series routers support network traf fic filtering b y means of access lists. The routers also support packet inspection an d dynamic temporary access lists b y means of Context-Based Access Control (CB[...]

8-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 8 Config uring a Simple Firewall Figure 8-1 sho ws a network deplo yment using PPPoE or PPPoA with N A T and a fire wall. Figur e 8-1 Rout er with Fir ewall Configur ed In the confi guration e xample that follo ws, the fire wall is applied to the outsid e W AN inter[...]

8-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 8 Configuring a Simple Firewall Configure Acce ss Lists Note The procedures in this chap ter assume that you h av e already conf igur ed basic router feat ures as well as PPPoE or PPPoA with N A T . If you hav e not pe rformed these configurations tasks, see Ch apte[...]

8-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 8 Config uring a Simple Firewall Configure Inspection Rules Configure Inspection Rules Perform these steps to confi gure fire wall inspection rule s for all TCP and UDP traff ic, as well as specific application protocols as def ined by the security poli cy , beginni[...]

8-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 8 Configuring a Simple Firewall Configuration E xample Configuration Example A telecommuter is granted s ecure access to a corporat e network, using IPsec tunnel ing. Security to the home network is acco mplished through f irewal l inspec tion. The protocols that ar[...]

8-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 8 Config uring a Simple Firewall Configuratio n Example ip nat outside no cdp enable ! ! acl 103 defines traffic allowed from the peer for the IPsec tunnel. access-list 103 permit udp host 200.1.1.1 any eq isakmp access-list 103 permit udp host 200.1.1.1 eq isakmp a[...]

CH A P T E R 9-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 9 Configuring a Wireless LAN Connection The Cisco Secure Router 520 Series routers support a secur e, af fordabl e, and easy-to-use wireless LAN solution that combines mobility and fl exibility with the enterprise-class featur es required by net working profess[...]

9-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 9 Configu ring a Wireless LAN Connectio n Configure the Root Radio Statio n Configuration Tasks Perform the follo wing tasks to configu re this network scenario: • Config ure the Root Radio Station • Config ure Bridging on VLANs • Config ure Radio Station Subi[...]

9-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 9 Configuring a Wireless LAN Connection Configure the Ro ot Radio Station Step 3 encryption method algorithm ke y Example: Router(config-if)# encryption vlan 1 mode ciphers tkip Router(config-if)# Specifies the encrypti on method, algorithm, and ke y used to access [...]

9-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 9 Configu ring a Wireless LAN Connectio n Configure Bridging on VLA Ns Configure Bridging on VLANs Perform these steps to conf igure integrated routing and br idging on VLANs, be ginning in global confi guration mode: Step 10 power [ client | local ] [ cck [ number [...]

9-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 9 Configuring a Wireless LAN Connection Configure Radio Station Su binterfaces Repeat Step 2 through Step 6 abov e for each VLAN that requires a wireless inte rface. Configure Radio Station Subinterfaces Perform these steps to configure su binterfaces for each root [...]

9-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 9 Configu ring a Wireless LAN Connectio n Configuratio n Example Repeat these steps to configure more subinterfaces, as needed. Configuration Example The follo wing conf iguration example sho ws a portion of the confi guration fi le for the wireless LAN scenario des[...]

9-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 9 Configuring a Wireless LAN Connection Configuration E xample ! encryption vlan 1 mode ciphers tkip ! ssid cisco vlan 1 authentication open wpa-psk ascii 0 cisco123 authentication key-management wpa ! ssid ciscowep vlan 2 authentication open ! ssid ciscowpa vlan 3 [...]

9-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 9 Configu ring a Wireless LAN Connectio n Configuratio n Example no ip address bridge-group 3 bridge-group 3 spanning-disabled ! interface BVI1 ip address 10.0.1.1 255.255.255.0 ! interface BVI2 ip address 10.0.2.1 255.255.255.0 ! interface BVI3 ip address 10.0.3.1 [...]

P ART 3 Conf iguring A dditional F eatures and T r oubleshooting[...]

[...]

CH A P T E R 10-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 10 Additional Configuration Options This part of the softw are conf iguration guid e describes addi tional conf iguration options and troubleshooting t ips for the Cisco Secure Router 520 Series routers. The config uration options described i n this part inclu[...]

10-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 10 Additional Configuration Options[...]

CH A P T E R 11-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 11 Configuring Security Features This chapter gi ves an ov erview of authentication, au thorization, and accounting ( AAA), the primary Cisco frame work for implementing selected securi ty features that can be conf igured on the Cisco Secure Router 520 Series [...]

11-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 11 Configur ing Security Features Configuring AutoSecure For info rmation about confi guring AAA services and suppo rted security protocols, see the follo wing sections of the Cisco IOS Security Configuration Guide : • Config uring Authentication • Conf iguring[...]

11-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 11 Configuring Security Featur es Configuring a CBAC Firewall Access Groups A sequence of access list def initions bound together with a common name or number is called an access group. An access group is enabled for an interface during interface configur ation wit[...]

11-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 11 Configur ing Security Features Configuring Cisco IOS Firewall IDS Configuring Cisco IOS Firewall IDS Cisco IOS Fire wall Intrusion Detecti on System (IDS ) technolog y enhances perimeter fire wall protection by taking appropriate action on pack ets and flo ws th[...]

CH A P T E R 12-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 12 Troubleshooting Use the information in this chapter to help isolate problems you might encounter or to rule out the router as the source of a problem. This ch apter contains the following sections: • Getting Started • Before Contacting Cisco or Y our Re[...]

12-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troublesho oting ADSL Troublesho oting ADSL Troubleshooting If you e xperience trouble with the ADSL connection, v erify the follo wing: • The ADSL line is connected and i s using pins 3 and 4. F or more information on the ADSL connection, see the hardw are gu[...]

12-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troub leshooting ATM Troubleshoo ting Commands This command sends end-to-end O AM F5 packets, which are echoed back by the aggregator . show interface Command Use the show int erface command to display the status of all physical ports (Et hernet and A TM) and lo[...]

12-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troublesho oting ATM Troubleshooting Co mmands Ta b l e 12-1 describes possible command ou tput for the sho w interface command. Ta b l e 12-1 show int erf ace Command Output Descri ption Output Cause For A TM Interfac es A TM 0 is up, line protocol is up The A [...]

12-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troub leshooting ATM Troubleshoo ting Commands show atm interface Command T o display A TM-specifi c information about an A TM interface, use the show atm interface atm 0 command from pri vileged EXEC mode, as sh ow n in Example 12-3 . Example 12-3 Viewing Infor[...]

12-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troublesho oting ATM Troubleshooting Co mmands • T o disable debu gging, enter the undeb ug all command. • To u s e deb ug commands during a T elnet session on your r outer , enter the terminal monitor command. Caution Debug ging is assigned a high priority [...]

12-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troub leshooting ATM Troubleshoo ting Commands 00:03:00: DSL: 1: Modem state = 0x8 00:03:02: DSL: 2: Modem state = 0x10 00:03:05: DSL: 3: Modem state = 0x10 00:03:07: DSL: 4: Modem state = 0x10 00:03:09: DSL: Received response: 0x24 00:03:09: DSL: Showtime! 00:0[...]

12-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troublesho oting Software Upgrad e Methods Example 12-7 sho w s sample output for the deb ug atm packet co mmand. Example 12-7 Viewing A TM Pac k et Processing Router# debug atm packet Router# 01:23:48:ATM0(O): VCD:0x1 VPI:0x1 VCI:0x64 DM:0x0 SAP:AAAA CTL:03 OUI[...]

12-9 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troub leshooting Recovering a Lost Password Recovering a Lost Password T o recov er a lost enable or lost enable-secret passw ord: 1. Change the Configuration Re gister 2. Reset the Router 3. Reset the Passw ord and Sav e Y our Changes (for lost enable s ecret p[...]

12-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troublesho oting Recovering a Lost Pa ssword Cisco SR520W-ADSL (MPC8272) processor (revision 0x100) with 118784K/12288K bytes of memory. Processor board ID FOC09171CB7 MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10 4 FastEthernet interfaces 1 ATM interface [...]

12-11 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troub leshooting Recovering a Lost Password Step 7 Enter the enable command to enter enable mode. Conf iguration changes can be made only in en able mode: Router> enable The prompt changes to the pri vileged EXEC prompt: Router# Step 8 Enter the show startup[...]

12-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Chapter 12 Troublesho oting Recovering a Lost Pa ssword Step 3 Enter exit to e xit configuratio n mode: Router(config)# exit Note T o return to the conf iguration being used before you recov ered the lost enable password, do not sav e the configuration ch anges before reb[...]

P ART 4 Reference Inf ormation[...]

[...]

A-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 APPENDIX A Cisco IOS Software Basic Skills Understanding ho w to use Cisco IOS software can sa ve you time when you are conf iguring your router . If you need a refresher , take a fe w minutes to read this appendix. This appendix contain s the follo wing sections: • Confi[...]

A-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix A Cisco IOS Software Basic Skills Understandi ng Command Mode s Y ou can use the terminal emulation software to change settings for the type of de vice that is connected to the PC, in this case a rout er . Config ure the software to the follo wing standard VT -100 [...]

A-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix A Cisc o IOS Software Basic Skills Understanding Command Mode s Ta b l e A -2 Command Modes Summary Mode Access Method Prompt Exit and Entrance Method About This Mode User EXEC Begin a session with your router . Router> T o exit a router session, enter the logou[...]

A-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix A Cisco IOS Software Basic Skills Getting Help Getting Help Y ou can use the qu estion mark (?) a nd ar ro w ke ys to help you enter commands. For a list of a vailable commands at th at command mode, enter a questi on mark: Router> ? access-enable Create a tempo[...]

A-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix A Cisc o IOS Software Basic Skills Entering Glob al Configuration Mode Y ou can use two commands to do this: • enable secret password —A v ery secure, encrypted p assword • enable password —A less secure, unencrypted local password Both the enable and enabl[...]

A-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix A Cisco IOS Software Basic Skills Saving Configu ration Changes Abbreviating Commands Y ou only ha ve to enter enough ch aracters for the router to reco gnize the command as unique. This example sho ws how to enter the show versi on command: Router # sh v Undoing C[...]

A-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix A Cisc o IOS Software Basic Skills Summary Press Return to accept the default destination filename startup- conf ig , or enter your desired destination filename and p ress Return . It might take a minute or two to sa ve the conf iguration to NVRAM. Af ter the conf [...]

A-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix A Cisco IOS Software Basic Skills Where to Go Next[...]

B-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 APPENDIX B Concepts This appendix contains conceptual information that may be useful to In ternet service providers or network admin istrators when the y configure Cisco ro uters. T o revie w some typical network scenarios, see Chapter 2, “Sample Ne twork Deplo yments. ?[...]

B-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix B Concepts Network Pro tocols Network Protocols Network protoco ls enable the network to pass data fro m its source to a specif ic destination ov er LAN or W AN links. Routing address tables are included in the networ k protocols to pro vide the best path for movin[...]

B-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix B Concepts PPP Authentication Protocols PPP Authentication Protocols The Point-to-Point Pr otocol (PPP) encapsulates netwo rk layer protocol informat ion ov er point-to-point li nks. PPP originally emerged as an encapsula tion prot ocol for transporting IP traf fi [...]

B-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix B Concepts TACACS+ Note W e recommend us ing CHAP because it is th e more secure of the two protocols. TACACS+ Cisco Secure Router 520 Ser ies routers supp ort the T erminal Access Controller Access Control System Plus (T ACA CS+) protocol through T elnet. T A CACS[...]

B-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix B Concepts NAT PVC A PVC is a connection between remote hosts and ro uters. A PVC is establi shed for each A TM end node with which the router communicate s. The characteristi cs of the PVC that are established when it is created are set by the A TM adaptation laye[...]

B-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix B Concepts Easy IP (Phase 1) T r anslations can be static or dynamic. A static address translation establishes a one-to-one mapping between t he inside network an d the outsid e domain. Dyna mic address tran slations are de f ined by describing the local addresses [...]

B-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix B Concepts QoS QoS This section descri bes Quality of Service (QoS) parameter s, including the follo wing: • IP Precedence • PPP Fragmentation and Interlea ving • CBWFQ • RSVP • Lo w Latency Queuing QoS refers to the capability of a netw ork to prov ide b[...]

B-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix B Concepts QoS In general, multilink PPP wi th interlea ving is used in conjunc tion with CBWFQ and RSVP or IP Precedence to ensure voice packet deli very . Use mu ltilink PPP with interleaving and CBW FQ to def i ne ho w data is managed; use Resource Reserv ation [...]

B-9 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix B Concepts Access Lists Access Lists W ith basic standard and static e xtended access lists, you can approximate session f iltering by using the established ke yword with the permit command. The establis hed ke yword f ilters TCP packets based on whether the A CK o[...]

B-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix B Concepts Access Lists[...]

C-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 APPENDIX C ROM Monitor The R OM monitor firmware runs when the rout er is po we red up or reset. The f irmware helps to initialize the processor hardware an d boot the operating sy stem sof tware. Y ou can use the R OM monitor to perform certain conf iguration tasks, such a[...]

C-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix C ROM Monitor ROM Monitor Commands T imesaver Break (system interrupt) is alw ays enabled for 60 second s after the rout er reboots, re gardless of whether it is set to on or of f in the configurat ion register . During this 60-second windo w , you can break to the[...]

C-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix C ROM Monitor Command Descriptions Commands are case sensitiv e. Y ou can halt any comma nd by pressing the Break key on a terminal. If you are using a PC, most terminal emu lation programs halt a com mand when you press the Ctrl and the Break ke ys at the same tim[...]

C-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix C ROM Monitor Disaster Recover y with TFTP Down load TFTP Download Command Variables This section describes the syst em v ariables that can be set in R OM monitor mode and that are used during the TFTP download process. The re are both required variables an d optio[...]

C-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix C ROM Monitor Configuration Register Using the TFTP Download Command Perform these steps in R OM monitor mode to downl oad a file throu gh TFTP: Step 1 Use the appropriate commands t o enter all the required v ariables and any optional v ariables described in prece[...]

C-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix C ROM Monitor Configuratio n Register Changing the Configuration Register Manually T o change the virtual conf iguration register fro m the R OM monitor manually , enter the confreg command follo wed by the new v alue of the regi ster in he xadecimal format, as sho[...]

C-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix C ROM Monitor Console Download Console Download Y ou can use cons ole do wnload, a R OM monitor functio n, to do w nload either a software image or a confi guration file o ver the router console por t. After download, the f ile is either saved to the mini -flash me[...]

C-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix C ROM Monitor Debug Command s Error Reporting Because the R OM monitor console download uses the co nsole to perform the data transfer , when an error occurs during a data transfer, error messages are only displayed on the console once the data transfer is terminat[...]

C-9 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix C ROM Monitor Exiting the ROM Monitor FP: 0x80005f9c, PC: 0x80008118 FP: 0x80005fac, PC: 0x80008064 FP: 0x80005fc4, PC: 0xfff03d70 FP: 0x80005ffc, PC: 0x00000000 FP: 0x00000000, PC: 0x00000000 • meminfo —Displays size in bytes, starti ng address, av ailable ran[...]

C-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix C ROM Monitor Exiting the ROM Monitor[...]

D-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 APPENDIX D Common Port Assignments Ta b l e D-1 lists currently assign ed T ransmission Cont rol Protocol (TCP) port number s. T o the extent possible, the User Datagram Protocol (UDP) uses the same numbers. Ta b l e D-1 TCP P ort Numbers Port Keyword Description 0 — Rese[...]

D-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Appendix D Common Po rt Assignments 75 — Any pri vate dial-out service 77 — Any pri vate RJE service 79 FINGER Finger 95 SUPDUP SUPDUP Protocol 101 HOST N AME Network interface card (NIC) hostname server 102 ISO-TSAP ISO-Transport Service Access Point ( TSAP) 103 X400 X[...]

IN-1 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 INDEX Symbols -? command C-3 ? command A-4, C-3 A AAL B-5 AAL3/4 B-5 AAL5 B-5 abbreviating commands A-6 access groups 11-3 access lists applying to interfaces 8-4 configuration comman ds 11-2 configuring for firewalls 8-3, 9-2 description B-9 ACK bits B-9 Address Resolutio[...]

Index IN-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 configuration example 1-9 configuring 1-8 command modes A-2 to A-4 commands -? C-3 ? A-4 abbreviating A-6 access list 11-2 ATM troubleshooting 12-2 to 12-8 b C-3 b flash C-3 boot C-3 completing A-4 confreg C-6 context C-8 copy running-co nfig startup-config A-6 copy [...]

Index IN-3 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Fast Ethernet LAN interfaces 1-4 Fast Ethernet WA N interface 1-5 firewall 8-1 to 8-6 global parameters 1-4 GRE tunnel 7-8 group policy 6-4, 7-4 IKE policy 6-3, 7-3 inspection rules for firewalls 8-4 IPsec tunnel 6-1 loopback interface 1-6 to 1-8 NAT 4-7 PPPoE with N[...]

Index IN-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 extended access list, overview B-9 F Fast Ethernet LAN interfaces, configuring 1-4 Fast Ethernet WAN interface, configuring 1-5, 3-3 filtering See access lists firewalls access list configuration 8-3, 9-2 applying access lists to interfaces 8-4 applying inspection r [...]

Index IN-5 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 loopback interface, config uring 1-6 to 1-8 low laten cy queuing See LFQ M meminfo command C -9 metrics RIP B-2 mode configurat ion, applying to crypto m ap 6-5 modes See command modes N NAT configuration example 3-8, 4-9 configuring with PPPoA 4-7 configuring with P[...]

Index IN-6 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 protocols ATM B-4 Ethernet B-4 network B-2 network interface B-4 to B-5 PPP authentication B-3 routing overview B-2 to ?? PVC encapsulation types B-5 overview B-5 Q QoS parameters B-7 to B-8 queues, ATM B-8 R radio station subinterf aces, configuring 9-5 remote acces[...]

Index IN-7 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 troubleshooting co mmands, ATM 12-2 to 12-8 U UDP port numbers D-1 to D-2 undoing commands A-6 upgrading software, methods for 12-8 User Datagram Protocol See UDP user EXEC mode A-2, A-3 V variables, command listing A-4 VC B-5 verify DHCP server configurat ion 5-4 Ea[...]

Index IN-8 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01[...]