Cisco Systems SM-ISM, SA-ISA manual Features, Feature Description

Page 19

Chapter 1 Overview

Features

CA—In addition, Certificate Authority (CA) interoperability is provided in support of the IPSec standard, using Certificate Enrollment Protocol (CEP). CEP permits Cisco IOS devices and CAs to communicate so that your Cisco IOS device can obtain and use digital certificates from the CA. Although IPSec can be implemented in your network without the use of a CA, using a CA provides manageability and scalability for IPSec.

The component technologies implemented for IPSec include:

DES and Triple DES—The Data Encryption Standard (DES) and Triple DES (3DES) are used to encrypt packet data. Cisco IOS implements the 3-key triple DES and DES-CBC with Explicit IV. Cipher Block Chaining (CBC) requires an initialization vector (IV) to start encryption. The IV is explicitly given in the IPSec packet.

MD5 (HMAC variant)—MD5 is a hash algorithm. HMAC is a keyed hash variant used to authenticate data.

SHA (HMAC variant)—SHA is a hash algorithm. HMAC is a keyed hash variant used to authenticate data.

IPSec as implemented in Cisco IOS software supports the following additional standards:

AH—Authentication Header is a security protocol that provides data authentication and optional antireplay services.

The AH protocol allows for the use of various authentication algorithms; Cisco IOS has implemented the mandatory MD5 and SHA (HMAC variants) authentication algorithms. The AH protocol provides antireplay services.

ESP—Encapsulating Security Payload is a security protocol that provides data privacy services, optional data authentication, and antireplay services. ESP encapsulates the data to be protected. The ESP protocol allows for the use of various cipher algorithms and (optionally) various authentication algorithms. Cisco IOS software implements the mandatory 56-bit DES-CBC with Explicit IV or Triple DES as the encryption algorithm, and MD5 or SHA (HMAC variants) as the authentication algorithms. The updated ESP protocol provides antireplay services.

Features

This section describes the ISA/ISM features, as listed in Table 1-1.

Table 1-1 Features

Feature

Description

 

 

Physical

Integrated Service Adapter (ISA)

 

Integrated Service Module (ISM)

 

 

Platform Support

Cisco 7100 series

 

Cisco 7120 series and Cisco 7140 series

 

Cisco 7200 series and Cisco 7200VXR series (ISA only)1

 

Cisco 7202, Cisco 7204, and Cisco 7206

 

Cisco 7204VXR and Cisco 7206VXR

 

 

Hardware Prerequisites

None

 

 

Throughput

Up to full duplex DS3 (90 Mbps) using 3DES

 

 

Integrated Services Adapter and Integrated Services Module Installation and Configuration

 

OL-3575-01 B0

1-3

 

 

 

Page 18 Page 20
Image 19
Page 18 Page 20
Contents Text Part Number OL-3575-01 B0 Corporate HeadquartersCopyright 1999- 2003 Cisco Systems, Inc All rights reserved N T E N T S Configuring the ISA and ISM Objectives PrefaceAudience Installation WarningBoldface font Document OrganizationDocument Conventions Section Title DescriptionIndicates a comment line Italic screen fontVii Terms and AcronymsViii Related DocumentationCisco 7100 series routers Cisco.com Obtaining DocumentationOrdering Documentation Documentation CD-ROMDocumentation Feedback Technical Assistance Center Obtaining Technical AssistanceCisco TAC Escalation Center Obtaining Additional Publications and Information Xiv ISA and ISM Overview OverviewData Encryption Overview Feature Description FeaturesCisco 7100 Series Routers Slot Numbering Port Adapter Slot Locations on the Supported PlatformsPort adapter in slot ISM in slot Cisco 7200 Series Routers Slot NumberingLEDs LEDsLED Label Color State Function BootOL-3575-01 B0 Required Tools and Equipment Preparing for InstallationPlatform Recommended Minimum Cisco IOS Release ISA and ISA ISA with VAM Safety GuidelinesSafety Warnings Encryption mppe commandPreparing for Installation Safety Guidelines Preventing Electrostatic Discharge Damage Electrical Equipment GuidelinesOL-3575-01 B0 Handling the ISA or the ISM Removing and Installing the ISA and the ISMHandling the ISM Online Insertion and RemovalRemoving and Installing the ISA and the ISM ISA or ISM Removal and Installation Step Cisco 7100 Series-Removing and Installing the ISMGuide Cisco 7200 Series-Removing and Installing the ISAOverview Configuring the ISA and ISMEnabling Mppe Using the Exec Command InterpreterEnter controller configuration mode on Enables Mppe encryptionSpecify the encryption algorithm Configuring IKEConfig-isakmp command mode Identify the policy to create, and enterCreating Crypto Access Lists Configuring IPSecDefining a Transform Set Step Command Purpose Creating Crypto Maps Exit crypto map configuration mode Crypto map configuration modeSpecify an extended access list. This Access list determines which traffic isApply a crypto map set to an interface Verifying ConfigurationExit interface configuration mode Applying Crypto Maps to InterfacesCommand Purpose Router# show crypto ipsec sa interface Ethernet0 IPSec Example Configuring the ISA and ISM IPSec ExampleRouter B Configuration OL-3575-01 B0 D E IN-2
Top Page Image Contents