Manuals / Cisco Systems / Computer Equipment / Network Cables

Cisco Systems C7200 manual Objectives, Organization, Overview, Preparing for Installation, viii

Models: C7200

1 62

Download 62 pages 7.3 Kb

Page 8

Objectives

Preface

Objectives

Warning IMPORTANT SAFETY INSTRUCTIONS

This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. To see translations of the warnings that appear in this publication, refer to the translated safety warnings that accompanied this device.

Note: SAVE THESE INSTRUCTIONS

Note: This documentation is to be used in conjunction with the specific product installation guide that shipped with the product. Please refer to the Installation Guide, Configuration Guide, or other enclosed additional documentation for further details.

Objectives

This document contains instructions and procedures for installing and configuring the C7200 VSA (VPN Services Adapter), a double-width acceleration module supported on the Cisco 7204VXR and

Cisco 7206VXR routers with the NPE-G2 processor.

The part number for the VSA is C7200-VSA(=).

Note To ensure compliance with U.S. export laws and regulations, and to prevent future problems, see the “Compliance with U.S. Export Laws and Regulations Regarding Encryption” section on page 2-5for specific, important information.

Organization

This document contains the following chapters:

Chapter	Title	Description

1	Overview	Describes the VSA and VSA LED displays.

2	Preparing for Installation	Describes safety considerations, tools required, and
		procedures you should perform before the actual
		installation.

3	Removing and Installing the VSA	Describes the procedures for installing and removing
		the VSA from the supported platform.

4	Configuring the VSA	Describes procedures needed to configure the VSA in
		the Cisco 7200VXR series routers.

C7200 VSA (VPN Services Adapter) Installation and Configuration Guide

	viii	OL-9129-02

Image 8

Cisco Systems C7200 Objectives, Organization, Overview, Preparing for Installation, Removing and Installing the VSA, viii

Contents

C7200 VSA VPN Services Adapter Installation and Configuration Guide Corporate HeadquartersCisco Systems, Inc 170 West Tasman Drive San Jose, CA 800 553-NETS Fax 408Turn the television or radio antenna until the interference stops Features Definitions of Service Request SeverityC O N T E N T S PrefaceThe Crypto Transform Configuration Mode 4 Configuration Tasks 4Safety Warnings Removing and Installing the VSAVerifying the Configuration 4 Router A ConfigurationRouter B Configuration Troubleshooting TipsOL-9129-02 ContentsC7200 VSA VPN Services Adapter Installation and Configuration Guide Preface AudienceWarnings Audience, page Warnings, page Objectives, page Organization, pagePreparing for Installation Removing and Installing the VSAConfiguring the VSA ObjectivesCisco.com Related DocumentationObtaining Documentation Documentation Feedback Cisco Product Security OverviewProduct Documentation DVD Ordering DocumentationFor emergencies only - security-alert@cisco.com Reporting Security Problems in Cisco ProductsProduct Alerts and Field Notices http//tools.cisco.com/RPF/register/register.do Obtaining Technical AssistanceCisco Technical Support & Documentation Website Submitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information xiiiThe Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL Hardware Required, page Features, page Enabling/Disabling the VSA, page LEDs, page Connectors, pageOverview Data Encryption OverviewVSA Overview Screws Features Hardware RequiredFeature Description/BenefitSupported Standards, MIBs, and RFCs PerformanceStandards MIBsDisables the C7200 VSA Enables the C7200 VSA after it has beendisabled Enabling/Disabling the VSAno crypto engine slot accelerator 0 -See Table LEDsHw-module slot 0 shutdown -Not supported Connectors Slot LocationsCisco 7204VXR Router Cisco 7204VXR Router, page Cisco 7206VXR Router, pageC7200 VSA VPN Services Adapter Installation and Configuration Guide ENABLEDFigure 1-4 Cisco 7204VXR Router - Front View Chapter 1 Overview Slot LocationsCisco 7206VXR Router 1-10C7200 VSA VPN Services Adapter Installation and Configuration Guide Figure 1-5 Cisco 7206VXR - Front ViewPreparing for Installation Online Insertion and Removal OIR, page Safety Guidelines, pageRequired Tools and Equipment Hardware and Software RequirementsSoftware Requirements Hardware RequirementsRestrictions PlatformSafety Guidelines Safety WarningsSafety Warnings, page Electrical Equipment Guidelines, page Online Insertion and Removal OIRElectrical Equipment Guidelines Preventing Electrostatic Discharge DamageCompliance with U.S. Export Laws and Regulations Regarding Encryption Compliance with U.S. Export Laws and Regulations Regarding EncryptionChapter 2 Preparing for Installation C7200 VSA VPN Services Adapter Installation and Configuration GuideCompliance with U.S. Export Laws and Regulations Regarding Encryption OL-9129-02Removing and Installing the VSA Warnings and Cautions, page VSA Removal and Installation, pageHandling the VSA Handling the VSA, page Online Insertion and Removal OIR, pageVSA Removal and Installation Warnings and CautionsThe safety cover is an integral part of the product. Do not operate the unit without the safety cover installed. Operating the unit without the cover in place will invalidate the safety approvals and pose a risk of fire and electrical hazards Online Insertion and Removal OIRStep 3 Unscrew the screws holding the VSA in the slot Chapter 3 Removing and Installing the VSA VSA Removal and InstallationC7200 VSA VPN Services Adapter Installation and Configuration Guide OL-9129-02Configuring the VSA Configuration TasksOverview, page Configuration Tasks, page Configuration Examples, page Basic IPSec Configuration Illustration, pageUsing the EXEC Command Interpreter Configuring an IKE PolicyVerifying IKE and IPSec Configurations, page 4-15 optional Configuring IPSec Configuration Example, page 4-18 optionalDefines an IKE policy and enters Internet Security Association Configuring a Transform Set Disables VSAVSA will be enabled after the next system rebootThe Crypto Transform Configuration Mode Changing Existing Transforms Defining a Transform SetSelecting Appropriate Transforms Transform ExampleAuthentication Transform is used, you must ESP Authentication Transform Pick up toah-md5-hmac ah-sha-hmacThe Crypto Transform Configuration Mode IPSec Protocols AH and ESPSelecting Appropriate Transforms esp-aes and esp-sha-hmac ah-sha-hmac and esp-aes and esp-sha-hmacConfiguring IPSec Ensuring That Access Lists Are Compatible with IPSecSetting Global Lifetimes for IPSec Security Associations Ensuring That Access Lists Are Compatible with IPSec requiredCommand StepPurpose Router# clear crypto sa spi destination-addressCreating Crypto Access Lists Creating Crypto Map Entries4-10 Routerconfig# ip access-list extended name4-11 spi cipher hex-key-string authenticatoresp spi cipher hex-key-string authenticator Routerconfig-crypto-m# set session-key inbound ahThis is the only configuration statement required in Creating Dynamic Crypto MapsCreates a dynamic crypto map entry Specifies which transform sets are allowed for thePurpose 4-13Command 4-14 Monitoring and Maintaining IPSecApplying Crypto Map Sets to Interfaces Verifying IKE and IPSec Configurations Displays your transform set configurationDisplays your crypto map configuration Displays information about IPSec security associationsVerifying the Configuration 4-164-17 Chapter 4 Configuring the VSA Configuration TasksC7200 VSA VPN Services Adapter Installation and Configuration Guide OL-9129-02Configuration Examples Configuring IKE Policies ExampleConfiguring IPSec Configuration Example Configuring IKE Policies Example, page4-19 Basic IPSec Configuration IllustrationRouter A Configuration Router B Configuration 4-20Troubleshooting Tips 4-21Router# show diag Router# show crypto engine accelerator statisticC7200 VSA VPN Services Adapter Installation and Configuration Guide 4-22Chapter 4 Configuring the VSA Troubleshooting Tips Using Deny Policies in Access Lists Using Deny Policies in Access Lists, pageMonitor and Maintenance Commands, page Monitoring and Maintaining the VSAMonitor and Maintenance Commands Configuration Guidelines and RestrictionsDisplays integrated service adapter as part of the interfaces Verifies the VSA is currently processing crypto packetsI N D E IN-1definition IN-2creating 4 IN-3 IN-4 C7200 VSA VPN Services Adapter Installation and Configuration GuideIndex OL-9129-02