Cisco Systems SM-ISM, SA-ISA manual Configuring the ISA and ISM, Overview

Page 37

C H A P T E R 4

Configuring the ISA and ISM

This chapter contains the information and procedures needed to configure the ISA or the ISM in the Cisco 7100 series VPN routers and Cisco 7200 series routers. This chapter contains the following sections:

•Overview, page 4-1

•Using the EXEC Command Interpreter, page 4-2

•Enabling MPPE, page 4-2

•Configuring IKE, page 4-3

•Configuring IPSec, page 4-4

•Creating Crypto Maps, page 4-7

•Applying Crypto Maps to Interfaces, page 4-9

•Verifying Configuration, page 4-9

•IPSec Example, page 4-12

Overview

On power up if the enabled LED is on, the ISA or the ISM is fully functional and does not require any configuration commands. However, for the ISA or the ISM to provide encryption services, you must complete the steps in the following sections:

•Enabling MPPE, page 4-2(required)

•Configuring IKE, page 4-3(required)

•Configuring IPSec, page 4-4(required)

•Creating Crypto Maps, page 4-7(required)

Optionally, you can configure Certification Authority (CA) interoperability (refer to the “Configuring Certification Authority Interoperability” chapter in the Security Configuration Guide publication).

The ISA or the ISM provides encryption services for any interface in Cisco 7100 series and Cisco 7200 series routers. If you have previously configured IPSec on the router and you install an ISA or an ISM, the ISA or the ISM automatically performs encryption services.

Note There are no interfaces to configure on the ISA or the ISM.

Integrated Services Adapter and Integrated Services Module Installation and Configuration

	OL-3575-01 B0	4-1

Image 37

Contents Text Part Number OL-3575-01 B0 Corporate HeadquartersCopyright 1999- 2003 Cisco Systems, Inc All rights reserved N T E N T S Configuring the ISA and ISM Objectives PrefaceAudience Installation WarningDocument Conventions Document OrganizationSection Title Description Boldface fontIndicates a comment line Italic screen fontVii Terms and AcronymsViii Related DocumentationCisco 7100 series routers Cisco.com Obtaining DocumentationOrdering Documentation Documentation CD-ROMDocumentation Feedback Technical Assistance Center Obtaining Technical AssistanceCisco TAC Escalation Center Obtaining Additional Publications and InformationXiv ISA and ISM Overview OverviewData Encryption Overview Feature Description FeaturesCisco 7100 Series Routers Slot Numbering Port Adapter Slot Locations on the Supported PlatformsPort adapter in slot ISM in slot Cisco 7200 Series Routers Slot NumberingLEDs LEDsLED Label Color State Function BootOL-3575-01 B0 Required Tools and Equipment Preparing for InstallationPlatform Recommended Minimum Cisco IOS Release Safety Warnings Safety GuidelinesEncryption mppe command ISA and ISA ISA with VAMPreparing for Installation Safety Guidelines Preventing Electrostatic Discharge Damage Electrical Equipment GuidelinesOL-3575-01 B0 Handling the ISA or the ISM Removing and Installing the ISA and the ISMHandling the ISM Online Insertion and RemovalRemoving and Installing the ISA and the ISM ISA or ISM Removal and Installation Step Cisco 7100 Series-Removing and Installing the ISMGuide Cisco 7200 Series-Removing and Installing the ISAOverview Configuring the ISA and ISMEnter controller configuration mode on Using the Exec Command InterpreterEnables Mppe encryption Enabling MppeConfig-isakmp command mode Configuring IKEIdentify the policy to create, and enter Specify the encryption algorithmCreating Crypto Access Lists Configuring IPSecDefining a Transform Set Step Command Purpose Creating Crypto Maps Specify an extended access list. This Crypto map configuration modeAccess list determines which traffic is Exit crypto map configuration modeExit interface configuration mode Verifying ConfigurationApplying Crypto Maps to Interfaces Apply a crypto map set to an interfaceCommand Purpose Router# show crypto ipsec sa interface Ethernet0 IPSec Example Configuring the ISA and ISM IPSec ExampleRouter B Configuration OL-3575-01 B0 D E IN-2