Manuals / Cisco Systems / Computer Equipment / Network Cables

Cisco Systems C7200 C O N T E N T S, Preface, Organization, Related Documentation, Features, MIBs

Models: C7200

1 62

Page 3

C O N T E N T S

Preface	vii
Audience		vii
Warnings		vii
Objectives		viii
Organization viii
Related Documentation ix
Obtaining Documentation				ix
Cisco.com			ix
Product Documentation DVD					x
Ordering Documentation x
Documentation Feedback				x
Cisco Product Security Overview					x
Reporting Security Problems in Cisco Products						xi
Product Alerts and Field Notices					xi
Obtaining Technical Assistance					xii
Cisco Technical Support & Documentation Website xii
Submitting a Service Request					xiii
Definitions of Service Request Severity xiii
Obtaining Additional Publications and Information						xiii
Overview	1 - 1
Data Encryption Overview				1 - 1
VSA Overview			1 - 2
Hardware Required 1 - 4
Features		1 - 4
Performance			1 - 5
Supported Standards, MIBs, and RFCs 1 - 5
Standards			1 - 5
MIBs		1 - 5
RFCs		1 - 5
Enabling/Disabling the VSA				1 - 6

C7200 VSA (VPN Services Adapter) Installation and Configuration Guide

	OL-9129-02	iii

Page 3

Image 3

Contents

800 553-NETS Fax 408 C7200 VSA VPN Services Adapter Installation and Configuration GuideCorporate Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CATurn the television or radio antenna until the interference stops Preface FeaturesDefinitions of Service Request Severity C O N T E N T SRemoving and Installing the VSA The Crypto Transform Configuration Mode 4Configuration Tasks 4 Safety WarningsTroubleshooting Tips Verifying the Configuration 4Router A Configuration Router B ConfigurationContents C7200 VSA VPN Services Adapter Installation and Configuration GuideOL-9129-02 Audience, page Warnings, page Objectives, page Organization, page PrefaceAudience WarningsObjectives Preparing for InstallationRemoving and Installing the VSA Configuring the VSARelated Documentation Obtaining DocumentationCisco.com Ordering Documentation Documentation FeedbackCisco Product Security Overview Product Documentation DVDReporting Security Problems in Cisco Products Product Alerts and Field NoticesFor emergencies only - security-alert@cisco.com Obtaining Technical Assistance Cisco Technical Support & Documentation Websitehttp//tools.cisco.com/RPF/register/register.do xiii Submitting a Service RequestDefinitions of Service Request Severity Obtaining Additional Publications and InformationThe Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL Data Encryption Overview Hardware Required, page Features, pageEnabling/Disabling the VSA, page LEDs, page Connectors, page OverviewVSA Overview Screws Description/Benefit FeaturesHardware Required FeatureMIBs Supported Standards, MIBs, and RFCsPerformance StandardsEnabling/Disabling the VSA Disables the C7200 VSAEnables the C7200 VSA after it has been disabledLEDs Hw-module slot 0 shutdown -Not supportedno crypto engine slot accelerator 0 -See Table Cisco 7204VXR Router, page Cisco 7206VXR Router, page ConnectorsSlot Locations Cisco 7204VXR RouterChapter 1 Overview Slot Locations C7200 VSA VPN Services Adapter Installation and Configuration GuideENABLED Figure 1-4 Cisco 7204VXR Router - Front ViewFigure 1-5 Cisco 7206VXR - Front View Cisco 7206VXR Router1-10 C7200 VSA VPN Services Adapter Installation and Configuration GuideHardware and Software Requirements Preparing for InstallationOnline Insertion and Removal OIR, page Safety Guidelines, page Required Tools and EquipmentPlatform Software RequirementsHardware Requirements RestrictionsOnline Insertion and Removal OIR Safety GuidelinesSafety Warnings Safety Warnings, page Electrical Equipment Guidelines, pagePreventing Electrostatic Discharge Damage Electrical Equipment GuidelinesCompliance with U.S. Export Laws and Regulations Regarding Encryption Compliance with U.S. Export Laws and Regulations Regarding EncryptionOL-9129-02 Chapter 2 Preparing for InstallationC7200 VSA VPN Services Adapter Installation and Configuration Guide Compliance with U.S. Export Laws and Regulations Regarding EncryptionHandling the VSA, page Online Insertion and Removal OIR, page Removing and Installing the VSAWarnings and Cautions, page VSA Removal and Installation, page Handling the VSAOnline Insertion and Removal OIR VSA Removal and InstallationWarnings and Cautions The safety cover is an integral part of the product. Do not operate the unit without the safety cover installed. Operating the unit without the cover in place will invalidate the safety approvals and pose a risk of fire and electrical hazardsStep 3 Unscrew the screws holding the VSA in the slot OL-9129-02 Chapter 3 Removing and Installing the VSAVSA Removal and Installation C7200 VSA VPN Services Adapter Installation and Configuration GuideBasic IPSec Configuration Illustration, page Configuring the VSAConfiguration Tasks Overview, page Configuration Tasks, page Configuration Examples, pageConfiguring IPSec Configuration Example, page 4-18 optional Using the EXEC Command InterpreterConfiguring an IKE Policy Verifying IKE and IPSec Configurations, page 4-15 optionalDefines an IKE policy and enters Internet Security Association system reboot Configuring a Transform SetDisables VSA VSA will be enabled after the nextTransform Example The Crypto Transform Configuration Mode Changing Existing TransformsDefining a Transform Set Selecting Appropriate Transformsah-sha-hmac Authentication Transform is used, you mustESP Authentication Transform Pick up to ah-md5-hmacesp-aes and esp-sha-hmac ah-sha-hmac and esp-aes and esp-sha-hmac The Crypto Transform Configuration ModeIPSec Protocols AH and ESP Selecting Appropriate TransformsEnsuring That Access Lists Are Compatible with IPSec required Configuring IPSecEnsuring That Access Lists Are Compatible with IPSec Setting Global Lifetimes for IPSec Security AssociationsRouter# clear crypto sa spi destination-address CommandStep PurposeRouterconfig# ip access-list extended name Creating Crypto Access ListsCreating Crypto Map Entries 4-10Routerconfig-crypto-m# set session-key inbound ah 4-11spi cipher hex-key-string authenticator esp spi cipher hex-key-string authenticatorSpecifies which transform sets are allowed for the This is the only configuration statement required inCreating Dynamic Crypto Maps Creates a dynamic crypto map entry4-13 CommandPurpose Monitoring and Maintaining IPSec Applying Crypto Map Sets to Interfaces4-14 Displays information about IPSec security associations Verifying IKE and IPSec ConfigurationsDisplays your transform set configuration Displays your crypto map configuration4-16 Verifying the ConfigurationOL-9129-02 4-17Chapter 4 Configuring the VSA Configuration Tasks C7200 VSA VPN Services Adapter Installation and Configuration GuideConfiguring IKE Policies Example, page Configuration ExamplesConfiguring IKE Policies Example Configuring IPSec Configuration ExampleBasic IPSec Configuration Illustration Router A Configuration4-19 4-20 Router B ConfigurationRouter# show crypto engine accelerator statistic Troubleshooting Tips4-21 Router# show diag4-22 Chapter 4 Configuring the VSA Troubleshooting TipsC7200 VSA VPN Services Adapter Installation and Configuration Guide Monitoring and Maintaining the VSA Using Deny Policies in Access ListsUsing Deny Policies in Access Lists, page Monitor and Maintenance Commands, pageVerifies the VSA is currently processing crypto packets Monitor and Maintenance CommandsConfiguration Guidelines and Restrictions Displays integrated service adapter as part of the interfacesIN-1 I N D EIN-2 creating 4definition IN-3 OL-9129-02 IN-4C7200 VSA VPN Services Adapter Installation and Configuration Guide Index

C O N T E N T S

viii

Organization viii

Related Documentation ix

Ordering Documentation x

xiii

Definitions of Service Request Severity xiii

Hardware Required 1 - 4

Supported Standards, MIBs, and RFCs 1 - 5