Cisco Systems
C7200
manual
IN-4
Troubleshooting
Install
Condition System is Configured
Creating Crypto Access Lists
Command Purpose
Connectors
Safety
Authorization
Submitting a Service Request
Features
Page 62
Index
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
IN-4
OL-9129-02
Page 61
Page 62
Image 62
Page 61
Page 62
Contents
Corporate Headquarters
Text Part Number OL-9129-02
Page
N T E N T S
Preventing Electrostatic Discharge Damage 2
Creating Dynamic Crypto Maps 4
OL-9129-02
Preface
Audience
Chapter Title Description
Objectives
Organization
Cisco.com
Related Documentation
Obtaining Documentation
Product Documentation DVD Ordering Documentation
Documentation Feedback
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Product Alerts and Field Notices
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Obtaining Additional Publications and Information
Submitting a Service Request
Definitions of Service Request Severity
Xiv
Overview
Data Encryption Overview
VSA Overview
Screws Handle Status LED light
VSA Module Front View
Feature Description/Benefit
Features
This section describes the VSA features, as listed in Table
Hardware Required
Standards
Supported Standards, MIBs, and RFCs
Performance
MIBs
Disabling the VSA during Operation
Command Purpose
Enabling/Disabling the VSA
Enabling/Disabling Scheme
LEDs
Condition System is Configured
Command Description of VSA Behavior
Slot Locations
Connectors
See -2for the VSA connectors
Cisco 7204VXR Router
Port adapter VSA in I/O controller slot Port adapter lever
Cisco 7204VXR Router Front View
Cisco 7206VXR Router
Cisco 7206VXR Front View
Required Tools and Equipment
Hardware and Software Requirements
Restrictions
Software Requirements
Hardware Requirements
Platform
Online Insertion and Removal OIR
Safety Guidelines
Safety Warnings
Electrical Equipment Guidelines
Preventing Electrostatic Discharge Damage
Preparing for Installation
OL-9129-02
Handling the VSA
VSA circuit board is sensitive to ESD damage
VSA Removal and Installation
This section describes how to remove and install the VSA
Removing and Installing the VSA VSA Removal and Installation
OL-9129-02
Configuration Tasks
Overview
Using the Exec Command Interpreter
Configuring an IKE Policy
Optional Specifies the authentication method within an IKE
Key Management Protocol Isakmp policy configuration
Config-isakmp mode
Signatures as the authentication method
Configuring a Transform Set
Disabling VSA Optional
Defining a Transform Set
Transform type Description
Selecting Appropriate Transforms
Crypto Transform Configuration Mode
IPSec Protocols AH and ESP
Setting Global Lifetimes for IPSec Security Associations
Configuring IPSec
Ensuring That Access Lists Are Compatible with IPSec
Changing Existing Transforms
Step Command Purpose
Creating Crypto Access Lists
Creating Crypto Map Entries
ESP authenticator algorithm
Only one transform set can be specified when IKE is
Authenticator keys if the transform set includes an
Exits crypto-map configuration mode and return to
Creating Dynamic Crypto Maps
If this is configured, the data flow identity proposed
Optional Accesses list number or name of an
Extended access list. This access list determines
For this crypto access list
Monitoring and Maintaining IPSec
Applying Crypto Map Sets to Interfaces
Verifying IKE and IPSec Configurations
Router# show crypto isakmp policy
Verifying the Configuration
Currentpeer 172.21.114.67 PERMIT, flags=originisacl
Configuring IPSec Configuration Example
Configuration Examples
Configuring IKE Policies Example
This section provides the following configuration examples
Crypto map is applied to an interface
Basic IPSec Configuration Illustration
Router a Configuration
Specify the parameters to be used during an IKE negotiation
Router B Configuration
Transform set defines how the traffic will be protected
Troubleshooting Tips
Router# show diag
Tunnel I/F
Using Deny Policies in Access Lists
Monitoring and Maintaining the VSA
Monitor and Maintenance Commands
Configuration Guidelines and Restrictions
D E
Set session-key command Set transform-set command
Sa command, clear crypto Entries, creating
Set pfs command
Features Handling Monitoring and maintaining 4 Overview
Handling VPN Acceleration Module see VAM 1
IN-4
Related pages
What are the benefits of using
AQUOS LINK
with Sharp TVs?
Top
Page
Image
Contents