Chapter 4 Configuring the VSA
Configuration Tasks
•Disabling VSA (Optional), page
•Verifying IKE and IPSec Configurations, page
•Configuring IPSec Configuration Example, page
Note You can configure a static crypto map, create a dynamic crypto map, or add a dynamic crypto map into a static crypto map. Refer to the configuration examples and tech notes located online at: http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_configuration_examples_list.html.
Optionally, you can configure certification authority (CA) interoperability (refer to the “Configuring Certification Authority Interoperability” chapter in the Security Configuration Guide).
Using the EXEC Command Interpreter
You modify the configuration of your router through the software command interpreter called the EXEC (also called enable mode). You must enter the privileged level of the EXEC command interpreter with the enable command before you can use the configure command to configure a new interface or change the existing configuration of an interface. The system prompts you for a password if one has been set.
The system prompt for the privileged level ends with a pound sign (#) instead of an angle bracket (>). At the console terminal, use the following procedure to enter the privileged level:
Step 1 At the
Router> enable
Password:
Step 2 Enter the password (the password is case sensitive). For security purposes, the password is not displayed. When you enter the correct password, the system displays the
Router#
This completes the procedure for entering the privileged level of the EXEC command interpreter.
Configuring an IKE Policy
If you do not specify a value for a parameter, the default value is assigned. For information on default values, refer to the “IP Security and Encryption” chapter of the Security Command Reference publication.
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
|
| |
|