Cisco Systems C7200 manual Product Alerts and Field Notices

Page 11

Preface

Product Alerts and Field Notices

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material.

Product Alerts and Field Notices

Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive Cisco Product Alerts and Cisco Field Notices by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information.

C7200 VSA (VPN Services Adapter) Installation and Configuration Guide

 

OL-9129-02

xi

 

Image 11
Contents Text Part Number OL-9129-02 Corporate HeadquartersPage N T E N T S Preventing Electrostatic Discharge Damage 2 Creating Dynamic Crypto Maps 4 OL-9129-02 Audience PrefaceChapter Title Description ObjectivesOrganization Cisco.com Related DocumentationObtaining Documentation Product Documentation DVD Ordering Documentation Documentation FeedbackCisco Product Security Overview Product Alerts and Field Notices Reporting Security Problems in Cisco ProductsCisco Technical Support & Documentation Website Obtaining Technical AssistanceObtaining Additional Publications and Information Submitting a Service RequestDefinitions of Service Request Severity Xiv Data Encryption Overview OverviewVSA Overview VSA Module Front View Screws Handle Status LED lightHardware Required FeaturesThis section describes the VSA features, as listed in Table Feature Description/BenefitMIBs Supported Standards, MIBs, and RFCsPerformance StandardsEnabling/Disabling Scheme Command PurposeEnabling/Disabling the VSA Disabling the VSA during OperationLEDs Condition System is ConfiguredCommand Description of VSA Behavior Cisco 7204VXR Router ConnectorsSee -2for the VSA connectors Slot LocationsCisco 7204VXR Router Front View Port adapter VSA in I/O controller slot Port adapter leverCisco 7206VXR Front View Cisco 7206VXR RouterHardware and Software Requirements Required Tools and EquipmentPlatform Software RequirementsHardware Requirements RestrictionsOnline Insertion and Removal OIR Safety GuidelinesSafety Warnings Preventing Electrostatic Discharge Damage Electrical Equipment GuidelinesPreparing for Installation OL-9129-02 VSA circuit board is sensitive to ESD damage Handling the VSAThis section describes how to remove and install the VSA VSA Removal and InstallationRemoving and Installing the VSA VSA Removal and Installation OL-9129-02 Overview Configuration TasksConfiguring an IKE Policy Using the Exec Command InterpreterSignatures as the authentication method Key Management Protocol Isakmp policy configurationConfig-isakmp mode Optional Specifies the authentication method within an IKEDisabling VSA Optional Configuring a Transform SetDefining a Transform Set Transform type Description Selecting Appropriate Transforms Crypto Transform Configuration ModeIPSec Protocols AH and ESP Changing Existing Transforms Configuring IPSecEnsuring That Access Lists Are Compatible with IPSec Setting Global Lifetimes for IPSec Security AssociationsStep Command Purpose Creating Crypto Map Entries Creating Crypto Access ListsExits crypto-map configuration mode and return to Only one transform set can be specified when IKE isAuthenticator keys if the transform set includes an ESP authenticator algorithmCreating Dynamic Crypto Maps For this crypto access list Optional Accesses list number or name of anExtended access list. This access list determines If this is configured, the data flow identity proposedApplying Crypto Map Sets to Interfaces Monitoring and Maintaining IPSecRouter# show crypto isakmp policy Verifying IKE and IPSec ConfigurationsVerifying the Configuration Currentpeer 172.21.114.67 PERMIT, flags=originisacl This section provides the following configuration examples Configuration ExamplesConfiguring IKE Policies Example Configuring IPSec Configuration ExampleCrypto map is applied to an interface Basic IPSec Configuration IllustrationRouter a Configuration Specify the parameters to be used during an IKE negotiation Router B ConfigurationTransform set defines how the traffic will be protected Router# show diag Troubleshooting TipsTunnel I/F Monitoring and Maintaining the VSA Using Deny Policies in Access ListsConfiguration Guidelines and Restrictions Monitor and Maintenance CommandsD E Set session-key command Set transform-set command Sa command, clear crypto Entries, creatingSet pfs command Handling VPN Acceleration Module see VAM 1 Features Handling Monitoring and maintaining 4 OverviewIN-4