N T E N T S | Cisco Systems C7200 specs

C O N T E N T S

Preface	vii
Audience		vii
Warnings		vii
Objectives		viii
Organization viii
Related Documentation ix
Obtaining Documentation				ix
Cisco.com			ix
Product Documentation DVD					x
Ordering Documentation x
Documentation Feedback				x
Cisco Product Security Overview					x
Reporting Security Problems in Cisco Products						xi
Product Alerts and Field Notices					xi
Obtaining Technical Assistance					xii
Cisco Technical Support & Documentation Website xii
Submitting a Service Request					xiii
Definitions of Service Request Severity xiii
Obtaining Additional Publications and Information						xiii
Overview	1 - 1
Data Encryption Overview				1 - 1
VSA Overview			1 - 2
Hardware Required 1 - 4
Features		1 - 4
Performance			1 - 5
Supported Standards, MIBs, and RFCs 1 - 5
Standards			1 - 5
MIBs		1 - 5
RFCs		1 - 5
Enabling/Disabling the VSA				1 - 6

C7200 VSA (VPN Services Adapter) Installation and Configuration Guide

	OL-9129-02	iii

Image 3

Cisco Systems C7200 manual N T E N T S

Contents

Text Part Number OL-9129-02 Corporate HeadquartersPage N T E N T S Preventing Electrostatic Discharge Damage 2 Creating Dynamic Crypto Maps 4 OL-9129-02 Audience Preface Objectives OrganizationChapter Title Description Related Documentation Obtaining DocumentationCisco.com Documentation Feedback Cisco Product Security OverviewProduct Documentation DVD Ordering Documentation Product Alerts and Field Notices Reporting Security Problems in Cisco Products Cisco Technical Support & Documentation Website Obtaining Technical Assistance Submitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information Xiv Data Encryption Overview Overview VSA Overview VSA Module Front View Screws Handle Status LED light Hardware Required FeaturesThis section describes the VSA features, as listed in Table Feature Description/Benefit MIBs Supported Standards, MIBs, and RFCsPerformance Standards Enabling/Disabling Scheme Command PurposeEnabling/Disabling the VSA Disabling the VSA during Operation Condition System is Configured Command Description of VSA BehaviorLEDs Cisco 7204VXR Router ConnectorsSee -2for the VSA connectors Slot Locations Cisco 7204VXR Router Front View Port adapter VSA in I/O controller slot Port adapter lever Cisco 7206VXR Front View Cisco 7206VXR Router Hardware and Software Requirements Required Tools and Equipment Platform Software RequirementsHardware Requirements Restrictions Safety Guidelines Safety WarningsOnline Insertion and Removal OIR Preventing Electrostatic Discharge Damage Electrical Equipment Guidelines Preparing for Installation OL-9129-02 VSA circuit board is sensitive to ESD damage Handling the VSA This section describes how to remove and install the VSA VSA Removal and Installation Removing and Installing the VSA VSA Removal and Installation OL-9129-02 Overview Configuration Tasks Configuring an IKE Policy Using the Exec Command Interpreter Signatures as the authentication method Key Management Protocol Isakmp policy configurationConfig-isakmp mode Optional Specifies the authentication method within an IKE Disabling VSA Optional Configuring a Transform Set Defining a Transform Set Transform type Description Crypto Transform Configuration Mode IPSec Protocols AH and ESPSelecting Appropriate Transforms Changing Existing Transforms Configuring IPSecEnsuring That Access Lists Are Compatible with IPSec Setting Global Lifetimes for IPSec Security Associations Step Command Purpose Creating Crypto Map Entries Creating Crypto Access Lists Exits crypto-map configuration mode and return to Only one transform set can be specified when IKE isAuthenticator keys if the transform set includes an ESP authenticator algorithm Creating Dynamic Crypto Maps For this crypto access list Optional Accesses list number or name of anExtended access list. This access list determines If this is configured, the data flow identity proposed Applying Crypto Map Sets to Interfaces Monitoring and Maintaining IPSec Router# show crypto isakmp policy Verifying IKE and IPSec Configurations Verifying the Configuration Currentpeer 172.21.114.67 PERMIT, flags=originisacl This section provides the following configuration examples Configuration ExamplesConfiguring IKE Policies Example Configuring IPSec Configuration Example Basic IPSec Configuration Illustration Router a ConfigurationCrypto map is applied to an interface Router B Configuration Transform set defines how the traffic will be protectedSpecify the parameters to be used during an IKE negotiation Router# show diag Troubleshooting Tips Tunnel I/F Monitoring and Maintaining the VSA Using Deny Policies in Access Lists Configuration Guidelines and Restrictions Monitor and Maintenance Commands D E Sa command, clear crypto Entries, creating Set pfs commandSet session-key command Set transform-set command Handling VPN Acceleration Module see VAM 1 Features Handling Monitoring and maintaining 4 Overview IN-4