Cisco VPN Services Port Adapter Configuration Guide
Index
Downloads: This chapterpdf (PDF - 198.0KB) The complete bookPDF (PDF - 8.37MB) | Feedback

Index

Table Of Contents

A - B - C - D - E - F - G - I - K - L - M - N - O - P - Q - R - S - T - V - W -

Index

A

access control list

See ACL

access port

configuration (example) 3-27

configuring 3-7

ACL

crypto, described 2-2

platform, configuring 8-15

sequenced, configuring 8-16

Advanced Encryption Standard. See AES.

AES

configuration (example) 7-22, 8-20

configuring 7-2, 8-2

aggregatable global unicode address. See AGU.

AGU 8-18

anti-replay window size, configuring 8-5

B

BFG

configuration (example) 11-19

configuring 11-10

troubleshooting 13-21

blade failure group. See BFG.

blank filler plate 13-25

C

CAC

configuration (examples) 7-23

configuring 7-15

Call Admission Control. See CAC.

certificate autoenrollment

configuration (example) 9-59

configuring 9-26

certificate revocation list. See CRL. 9-2

certificate security attribute-based access control

configuration (example) 9-61

configuring 9-41

certificate to ISAKMP profile mapping

configuration (examples) 7-22

configuring 7-5

clear crypto sa command 13-20

console error messages

SSC-600 13-2

VSPA 13-2

CoS 6-3, 6-8

CRL 9-2

crypto ACL 2-2

crypto conditional debug support 13-22

crypto-connect mode

configuring ports 3-4

defined 2-3

guidelines and restrictions 3-5

crypto key generate rsa command 9-4

crypto map 2-2

crypto pki trustpoint command 9-4

D

Dead Peer Detection. See DPD.

debug crypto ace b2b command 13-21

deny policy enhancements

configuration (example) 8-26

diagnostics 13-3

direct HTTP enrollment with CA servers

configuration (examples) 9-54

configuring 9-15

distinguished name-based crypto maps

configuration (example) 8-24

configuring 8-13

dMLPPP (Multilink PPP)

with IPSec VPN SPA 3-20

DMVPN

configuring 10-2

DMVPN (Dynamic Multipoint VPN)

hub in configuration (example) 10-18

spoke configuration (example) 10-19, 10-20

DPD

configuration (examples) 7-24

configuring 7-17

Dynamic Multipoint VPN

See DMVPN 10-2

E

Easy VPN client, configuring 10-16

Easy VPN remote RSA signature

configuring 10-16

Easy VPN server

configuring 10-15

enhanced 10-15

router-side configuration (example) 10-21

encrypted preshared key

configuration (example) 7-23

configuring 7-13

F

front door VRF

See FVRF 4-2

FVRF

defined 4-2

not supported on spoke 10-3

G

Generic Routing Encapsulation. See GRE tunneling.

GRE tunneling

configuration (example) 3-38

configuring 3-21

takeover criteria 3-23

I

IKE policy

troubleshooting 13-22

inside port, configuring 3-6

inside VLAN 1-1

inside VRF (IVRF)

See IVRF 4-2

interface VLAN 1-1

IP multicast over a GRE tunnel

configuration (example) 3-42, 4-31

configuring 3-25

IP multicast over a VTI tunnel

configuration (example) 4-35

IPsec anti-replay window size

configuration (examples) 8-21

configuring 8-5

IPsec NAT transparency, configuring 7-19

IPsec preferred peer

configuration (examples) 8-23

configuring 8-8

IPsec prefragmentation

configuration (examples) 5-13

IPsec security association (SA) idle timer

configuration (examples) 8-24

configuring 8-12

IPsec stateful failover using a blade failure group (BFG)

configuration (example) 11-19

configuring 11-10

IPsec stateless failover using HSRP

active chassis configuration (example) 11-15

configuring 11-3

remote router configuration (example) 11-16

IPsec VPN accounting

configuration (example) 12-9

configuring 12-4

IPsec VPN monitoring

configuration (example) 12-10

configuring 12-2

IPv6 IPsec

configuration 8-18

configuration (example) 8-26

support 8-17

ISAKMP keyrings and peer filtering

configuration (example) 7-22

IVRF

defined 4-2

K

key rollover for certificate renewal

configuration (examples) 9-59

configuring 9-30

L

LAF

configuring 5-2

LDAP 9-2

Lightweight Directory Access Protocol. See LDAP.

Look-Ahead Fragmentation. See LAF.

M

manual certificate enrollment (TFTP and cut-and-paste)

configuration (examples) 9-56

configuring 9-21

maximum transmission unit. See MTU.

mGRE

enabling 10-3

modulus

of RSA key 9-4

MTU

configuring 5-11

Multicast over a GRE tunnel

configuration (example) 3-42, 4-31

configuring 3-25

Multicast over a VTI tunnel

configuration (example) 4-35

multiple RSA key pairs

configuration (example) 9-53

configuring 9-3

multiple VSPAs in a chassis

configuration (example) 11-12

configuring 11-2

multipoint GRE

See mGRE 10-3

N

NAT keepalives

configuration (example) 7-24

Next Hop Resolution Protocol

See NHRP 10-2

NHRP 10-2

O

OCSP

configuration (example) 9-60

configuring 9-37

OIR

for carrier card 1-2

for module 1-2

for SPAs 13-25

Online Certificate Status Protocol. See OCSP.

online diagnostics 13-3

online insertion and removal. See OIR.

outside port, configuring 3-6

P

parameter command 9-17

persistent self-signed certificates

configuration (examples) 9-63

configuring 9-49

PIM 3-25

PKI AAA authorization using the entire subject name

configuration (example) 9-62

configuring 9-45

PKI query multiple servers during certificate revocation check

configuration (example) 9-60

configuring 9-36

port VLAN 1-1

PPP (Point-to-Point Protocol)

with IPSec VPN SPA 3-20

protected private key storage

configuration (example) 9-53

configuring 9-5

Q

QoS

carrier, configuration (example) 6-13

configuring 6-1

module, configuration (example) 6-13

platform, configuration (example) 6-11

quality of service. See QoS.

query mode definition per trustpoint

configuration (example) 9-54

configuring 9-12

query multiple servers during certificate revocation check

configuration (example) 9-60

configuring 9-36

R

Reverse Route Injection. See RRI.

routed port

configuration (example) 3-30

configuring 3-10

RRI

configuring 8-3

rsakeypair command 9-4

RSA signature storage, configuring 10-16

S

Safenet IPSec client support

configuration (example) 7-22

security associations

clearing 13-20

set identity command 8-14

show commands

for VSPA 13-7

show crypto ace redundancy 13-18

show crypto ace redundancy command 13-18

show crypto ca certificates 13-12

show crypto ca trustpoints command 13-12

show crypto eli command 1-11

show crypto engine accelerator statistic command 1-11, 13-4

show crypto ipsec sa command 7-20, 13-9

show crypto ipsec transform-set command 13-9

show crypto isakmp policy command 13-8

show crypto isakmp sa command 13-10

show crypto key mypublickey rsa command 13-11

show crypto key pubkey-chain rsa command 13-11

show crypto map command 13-9

show crypto redundancy linecard-group command 13-18

show crypto session 13-13

show crypto sockets command 13-18

show crypto vlan command 13-7, 13-8, 13-19

show diagbus command 13-3

show hw-module slot fpd command 13-6

show interfaces trunk command 13-8

show interfaces tunnel 13-13

show ip mroute command 13-19

show ip nhrp command 13-18

show module command 1-10

show redundancy linecard-group command 13-18

source interface selection for outgoing traffic with certificate authority

configuration (example) 9-62

configuring 9-47

subslots

description 1-2

system error messages

SSC-600 13-2

VSPA 13-2

T

transform sets

troubleshooting 13-22

trunk port

configuration (example) 3-32

configuring 3-14

trustpoint CA

configuration (example) 9-54

configuring 9-8

V

Virtual Tunnel Interface. See VTI.

VPN sessions, monitoring and managing 12-2

VRF-aware IPSec. See VRF mode.

VRF instance, defined 4-2

VRF-lite 2-9

VRF mode

configuration (examples) 4-21

configuring VTI 4-15

defined 2-4, 4-1

front door VRF (FVRF) 4-2

guidelines and restrictions 4-4

inside VRF (IVRF) 4-2

with chassis-to-chassis stateless failover

configuring 11-10

without tunnel protection 4-5

with tunnel protection 4-11

VSPA

VPN running state, displaying 3-20

VTI

configuring in VRF mode 4-15

defined 4-15

W

WAN interfaces

ATM configuration (example) 3-35

configuring 3-19

POS configuration (example) 3-36

serial port configuration (example) 3-37

WS-IPSEC-3 1-2

WS-SSC-600 1-2