A -
B -
C -
D -
E -
F -
G -
I -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
V -
W -
Index
A
access control list
See ACL
access port
configuration (example) 3-27
configuring 3-7
ACL
crypto, described 2-2
platform, configuring 8-15
sequenced, configuring 8-16
Advanced Encryption Standard. See AES.
AES
configuration (example) 7-22, 8-20
configuring 7-2, 8-2
aggregatable global unicode address. See AGU.
AGU 8-18
anti-replay window size, configuring 8-5
B
BFG
configuration (example) 11-19
configuring 11-10
troubleshooting 13-21
blade failure group. See BFG.
blank filler plate 13-25
C
CAC
configuration (examples) 7-23
configuring 7-15
Call Admission Control. See CAC.
certificate autoenrollment
configuration (example) 9-59
configuring 9-26
certificate revocation list. See CRL. 9-2
certificate security attribute-based access control
configuration (example) 9-61
configuring 9-41
certificate to ISAKMP profile mapping
configuration (examples) 7-22
configuring 7-5
clear crypto sa command 13-20
console error messages
SSC-600 13-2
VSPA 13-2
CoS 6-3, 6-8
CRL 9-2
crypto ACL 2-2
crypto conditional debug support 13-22
crypto-connect mode
configuring ports 3-4
defined 2-3
guidelines and restrictions 3-5
crypto key generate rsa command 9-4
crypto map 2-2
crypto pki trustpoint command 9-4
D
Dead Peer Detection. See DPD.
debug crypto ace b2b command 13-21
deny policy enhancements
configuration (example) 8-26
diagnostics 13-3
direct HTTP enrollment with CA servers
configuration (examples) 9-54
configuring 9-15
distinguished name-based crypto maps
configuration (example) 8-24
configuring 8-13
dMLPPP (Multilink PPP)
with IPSec VPN SPA 3-20
DMVPN
configuring 10-2
DMVPN (Dynamic Multipoint VPN)
hub in configuration (example) 10-18
spoke configuration (example) 10-19, 10-20
DPD
configuration (examples) 7-24
configuring 7-17
Dynamic Multipoint VPN
See DMVPN 10-2
E
Easy VPN client, configuring 10-16
Easy VPN remote RSA signature
configuring 10-16
Easy VPN server
configuring 10-15
enhanced 10-15
router-side configuration (example) 10-21
encrypted preshared key
configuration (example) 7-23
configuring 7-13
F
front door VRF
See FVRF 4-2
FVRF
defined 4-2
not supported on spoke 10-3
G
Generic Routing Encapsulation. See GRE tunneling.
GRE tunneling
configuration (example) 3-38
configuring 3-21
takeover criteria 3-23
I
IKE policy
troubleshooting 13-22
inside port, configuring 3-6
inside VLAN 1-1
inside VRF (IVRF)
See IVRF 4-2
interface VLAN 1-1
IP multicast over a GRE tunnel
configuration (example) 3-42, 4-31
configuring 3-25
IP multicast over a VTI tunnel
configuration (example) 4-35
IPsec anti-replay window size
configuration (examples) 8-21
configuring 8-5
IPsec NAT transparency, configuring 7-19
IPsec preferred peer
configuration (examples) 8-23
configuring 8-8
IPsec prefragmentation
configuration (examples) 5-13
IPsec security association (SA) idle timer
configuration (examples) 8-24
configuring 8-12
IPsec stateful failover using a blade failure group (BFG)
configuration (example) 11-19
configuring 11-10
IPsec stateless failover using HSRP
active chassis configuration (example) 11-15
configuring 11-3
remote router configuration (example) 11-16
IPsec VPN accounting
configuration (example) 12-9
configuring 12-4
IPsec VPN monitoring
configuration (example) 12-10
configuring 12-2
IPv6 IPsec
configuration 8-18
configuration (example) 8-26
support 8-17
ISAKMP keyrings and peer filtering
configuration (example) 7-22
IVRF
defined 4-2
K
key rollover for certificate renewal
configuration (examples) 9-59
configuring 9-30
L
LAF
configuring 5-2
LDAP 9-2
Lightweight Directory Access Protocol. See LDAP.
Look-Ahead Fragmentation. See LAF.
M
manual certificate enrollment (TFTP and cut-and-paste)
configuration (examples) 9-56
configuring 9-21
maximum transmission unit. See MTU.
mGRE
enabling 10-3
modulus
of RSA key 9-4
MTU
configuring 5-11
Multicast over a GRE tunnel
configuration (example) 3-42, 4-31
configuring 3-25
Multicast over a VTI tunnel
configuration (example) 4-35
multiple RSA key pairs
configuration (example) 9-53
configuring 9-3
multiple VSPAs in a chassis
configuration (example) 11-12
configuring 11-2
multipoint GRE
See mGRE 10-3
N
NAT keepalives
configuration (example) 7-24
Next Hop Resolution Protocol
See NHRP 10-2
NHRP 10-2
O
OCSP
configuration (example) 9-60
configuring 9-37
OIR
for carrier card 1-2
for module 1-2
for SPAs 13-25
Online Certificate Status Protocol. See OCSP.
online diagnostics 13-3
online insertion and removal. See OIR.
outside port, configuring 3-6
P
parameter command 9-17
persistent self-signed certificates
configuration (examples) 9-63
configuring 9-49
PIM 3-25
PKI AAA authorization using the entire subject name
configuration (example) 9-62
configuring 9-45
PKI query multiple servers during certificate revocation check
configuration (example) 9-60
configuring 9-36
port VLAN 1-1
PPP (Point-to-Point Protocol)
with IPSec VPN SPA 3-20
protected private key storage
configuration (example) 9-53
configuring 9-5
Q
QoS
carrier, configuration (example) 6-13
configuring 6-1
module, configuration (example) 6-13
platform, configuration (example) 6-11
quality of service. See QoS.
query mode definition per trustpoint
configuration (example) 9-54
configuring 9-12
query multiple servers during certificate revocation check
configuration (example) 9-60
configuring 9-36
R
Reverse Route Injection. See RRI.
routed port
configuration (example) 3-30
configuring 3-10
RRI
configuring 8-3
rsakeypair command 9-4
RSA signature storage, configuring 10-16
S
Safenet IPSec client support
configuration (example) 7-22
security associations
clearing 13-20
set identity command 8-14
show commands
for VSPA 13-7
show crypto ace redundancy 13-18
show crypto ace redundancy command 13-18
show crypto ca certificates 13-12
show crypto ca trustpoints command 13-12
show crypto eli command 1-11
show crypto engine accelerator statistic command 1-11, 13-4
show crypto ipsec sa command 7-20, 13-9
show crypto ipsec transform-set command 13-9
show crypto isakmp policy command 13-8
show crypto isakmp sa command 13-10
show crypto key mypublickey rsa command 13-11
show crypto key pubkey-chain rsa command 13-11
show crypto map command 13-9
show crypto redundancy linecard-group command 13-18
show crypto session 13-13
show crypto sockets command 13-18
show crypto vlan command 13-7, 13-8, 13-19
show diagbus command 13-3
show hw-module slot fpd command 13-6
show interfaces trunk command 13-8
show interfaces tunnel 13-13
show ip mroute command 13-19
show ip nhrp command 13-18
show module command 1-10
show redundancy linecard-group command 13-18
source interface selection for outgoing traffic with certificate authority
configuration (example) 9-62
configuring 9-47
subslots
description 1-2
system error messages
SSC-600 13-2
VSPA 13-2
T
transform sets
troubleshooting 13-22
trunk port
configuration (example) 3-32
configuring 3-14
trustpoint CA
configuration (example) 9-54
configuring 9-8
V
Virtual Tunnel Interface. See VTI.
VPN sessions, monitoring and managing 12-2
VRF-aware IPSec. See VRF mode.
VRF instance, defined 4-2
VRF-lite 2-9
VRF mode
configuration (examples) 4-21
configuring VTI 4-15
defined 2-4, 4-1
front door VRF (FVRF) 4-2
guidelines and restrictions 4-4
inside VRF (IVRF) 4-2
with chassis-to-chassis stateless failover
configuring 11-10
without tunnel protection 4-5
with tunnel protection 4-11
VSPA
VPN running state, displaying 3-20
VTI
configuring in VRF mode 4-15
defined 4-15
W
WAN interfaces
ATM configuration (example) 3-35
configuring 3-19
POS configuration (example) 3-36
serial port configuration (example) 3-37
WS-IPSEC-3 1-2
WS-SSC-600 1-2