Guest

Cisco IP Solution Center

Release Notes for Cisco IP Solution Center, 3.2

  • Viewing Options

  • PDF (297.5 KB)
  • Feedback
Cisco IP Solution Center Release Notes, 3.2

Table Of Contents

Cisco IP Solution Center Release Notes, 3.2

Contents

Introduction

System Recommendations

Materials

New and Changed Information for Release 3.2 of ISC

API Support

Cisco CNS Configuration Engine 1.4 Software Support

Color-coded Table Cells

Copying an Object

Customer Context

Documentation

Dynamic IP Addresses in GRE + IPsec Policy

Easy VPN Support for Network-based IPsec

Firewall Service Module (FWSM) Support Discontinued for Catalyst 6500 and Cisco 7600

IPsec High Availability

Object and Service Groups in Firewall Provisioning

Oracle Support

QoS Match-All Filter

Repository Migration and Upgrading to ISC 3.2

Ring Topology Enhancement

Role Based Access Control

Security Management GUI

Topology

Turbo ACL in Firewall Provisioning

Unmanaged Multi-VRF (MVRF) CE Support

User Defined Shortcuts

User Configurable Pre-shared Keys

Documentation Road Map for Cisco IP Solution Center, 3.2

Known Problems in Cisco IP Solution Center, Release 3.2

Obtaining Documentation

Cisco.com

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco Technical Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Cisco IP Solution Center Release Notes, 3.2


June 26, 2007

All documentation, including this Cisco IP Solution Center Release Notes, 3.2 document and any or all of the parts of the Release 3.2 documentation set, might be upgraded.

The Cisco IP Solution Center software is referred to as ISC.

The information in this Cisco IP Solution Center Release Notes, 3.2 document gives you an overview of this release and helps you understand it at a high level. Please read this document prior to reading any other manual for ISC.

All ISC patches are available at: http://www.cisco.com/cgi-bin/tablebuild.pl/isc (where in tablebuild.pl, the last character is the lower-case letter "l").

To download and upload configuration files to and from the VPN 3000 concentrator, the only supported mechanism is SSH.

If one or more users is logged into a VPN 3000 concentrator through a web interface or through telnet, ISC cannot download to the VPN 3000. Prior to deploying a service request in ISC for a VPN 3000, you must log out of all active sessions to this VPN 3000.

The supported Sybase and Oracle databases behave differently. All GUI queries are case insensitive for Sybase and case sensitive for Oracle.

Contents

The information in this release note is organized into the following sections:

Contents

Introduction

System Recommendations

Materials

New and Changed Information for Release 3.2 of ISC

Documentation Road Map for Cisco IP Solution Center, 3.2

Known Problems in Cisco IP Solution Center, Release 3.2

Obtaining Documentation

Documentation Feedback

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

Cisco IP Solution Center (ISC), 3.2 is a follow-on release to Cisco IP Solution Center (ISC), 3.1.

This product uses the web-based GUI introduced in ISC 3.0 to improve usability and in this release introduces a new Security Management GUI.

This product uses the four-tiered architecture introduced in ISC 3.0 and designed for modularity, reusability, front-end scalability, back-end scalability, and high availability. All the ISC solutions: L2VPN Management (including Virtual Private LAN Services (VPLS)), MPLS VPN Management, and Security Management, as well as Quality of Service (QoS) are distributed on the same product CD. Security Management is a combination of IPsec, Firewall, and Network Address Translation (NAT), all of which are individually licensed. The types of IPsec are all licensed as one: IPsec Site-to-Site; IPsec Remote Access; and Network-based IPsec VPN Management (the mapping of IPsec to MPLS).

System Recommendations

The system recommendations and requirements are listed in Chapter 1, "System Recommendations" of Cisco IP Solution Center Installation Guide, 3.2. The recommendation is to thoroughly review this list before even planning your installation, to be sure you have all the hardware and software you need to successfully install.

Materials

The entire documentation set for Cisco IP Solution Center, 3.2 can be accessed at:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/3_2

The following documents comprise the ISC 3.2 documentation set.

General documentation:

Cisco IP Solution Center Documentation Guide, 3.2

Cisco IP Solution Center Release Notes, 3.2

Cisco IP Solution Center Installation Guide, 3.2

Cisco IP Solution Center System Error Messages, 3.2

Cisco IP Solution Center API Programmer Guide, 3.2

Index: Cisco IP Solution Center API Programmer Reference, 3.2

Integrated VPN Management Suite documentation:

Cisco IP Solution Center Integrated VPN Management Suite Infrastructure Reference, 3.2

Cisco IP Solution Center Integrated VPN Management Suite L2VPN User Guide, 3.2

Cisco IP Solution Center Integrated VPN Management Suite MPLS VPN User Guide, 3.2

Cisco IP Solution Center Integrated VPN Management Suite Network-Based IPsec VPN User Guide, 3.2

Cisco IP Solution Center Integrated VPN Management Suite Quality of Service User Guide, 3.2

Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2

Security Management Suite documentation:

Cisco IP Solution Center Security Management Suite Infrastructure Reference, 3.2

Cisco IP Solution Center Security Management Suite Quality of Service User Guide, 3.2

Cisco IP Solution Center Security Management Suite Security User Guide, 3.2


Note All documentation might be upgraded.


New and Changed Information for Release 3.2 of ISC

The following are topics for this ISC Release 3.2 (listed alphabetically):

API Support

Cisco CNS Configuration Engine 1.4 Software Support

Color-coded Table Cells

Copying an Object

Customer Context

Documentation

Dynamic IP Addresses in GRE + IPsec Policy

Easy VPN Support for Network-based IPsec

Firewall Service Module (FWSM) Support Discontinued for Catalyst 6500 and Cisco 7600

IPsec High Availability

Object and Service Groups in Firewall Provisioning

Oracle Support

QoS Match-All Filter

Repository Migration and Upgrading to ISC 3.2

Ring Topology Enhancement

Role Based Access Control

Security Management GUI

Topology

Turbo ACL in Firewall Provisioning

Unmanaged Multi-VRF (MVRF) CE Support

User Defined Shortcuts

User Configurable Pre-shared Keys

API Support

ISC 3.2 adds the following Application Program Interface (API) support:

API error message improvements

Command download

Configuration download

Range checking in the validation schema for security features

Reporting feature for queries on inventory, topology, and services. Canned reports are shipped with the product to allow customer modification, extension, or cloning.

NAT service requests, including static and dynamic translations, failover devices, and traffic re-direct

VPLS inventory, policies, and service requests

Cisco CNS Configuration Engine 1.4 Software Support

ISC supports the Cisco CNS IE2100 appliance running the Cisco CNS Configuration Engine 1.4 software in addition to the previously supported 1.3.x software.

Color-coded Table Cells

Colors now indicate the state of the items in the Service Request table, the Task table, and the Device table.

Copying an Object

Devices (Cisco IOS, Catalyst OS, Terminal Server, VPN 3000, Firewall (PIX), and IE2100), Policies (IPsec Site-to-Site, IPsec Remote Access, Firewall, QoS, L2VPN, VPLS, and MPLS), Users, and User Roles have a Copy function that allows you to copy an existing object, edit it to be a new object, and save it with a new name. This saves steps from starting from the beginning to create an object.

Customer Context

In Customer Context, you can save the Customer name and then subsequent windows will only contain information for that customer. You can override this by changing your filtering criteria. The advantage of Customer Context is to focus only on information for a specified Customer.

Documentation

In addition to documenting the new features for ISC 3.2, descriptions of more system error messages are added and a new Security Management Suite of manuals to support the new Security Management GUI is introduced.

Dynamic IP Addresses in GRE + IPsec Policy

ISC now supports the provisioning of spokes that have a dynamically assigned IP address in a site-to-site IPsec VPN using GRE + IPsec policy. Previously, the only supported policies for a dynamic IP address scenario was DMVPN or pure IPsec. To utilize this new feature, an IP address pool must be associated with the IPsec VPN service request.

Easy VPN Support for Network-based IPsec

In addition to the pure IPsec and GRE + IPsec policy types, ISC also supports the Easy VPN policy for Network-based IPsec VPNs. This enables you to use Easy VPN for IPsec tunnels from the CE to the PE router.

Firewall Service Module (FWSM) Support Discontinued for Catalyst 6500 and Cisco 7600

Support for the Firewall Service Module (FWSM) 1.1 for the Catalyst 6500 and Cisco 7600 that was introduced in ISC 3.1 is no longer available.

IPsec High Availability

For site-to-site IPsec VPNs, ISC now supports provisioning of the IPsec High Availability feature. This enables a backup head-end router to take over active IPsec tunnels when the primary head-end router fails. Both IPsec state failover and normal failover scenarios are supported. This is implemented using the following protocols: State Synchronization Protocol (SSP) and Hot Standby Router Protocol (HSRP).

Object and Service Groups in Firewall Provisioning

ISC now provisions object and service groups for PIX when deploying a firewall policy.

Oracle Support

ISC 3.2 support for an Oracle database has been tested with Oracle 9.2.0.1. If you would like to use another version of Oracle, see Oracle's compatibility information.

QoS Match-All Filter

Traffic Classification under each Class of Service in ISC 3.0 and ISC 3.1 IP QoS Policy uses an OR filter to classify traffic. This OR filter is implicit and is not exposed in the GUI. In ISC 3.2, Traffic Classification has been enhanced to explicitly support the OR filter (match-any option in the GUI) and the new AND filter (match-all option in the GUI).

Repository Migration and Upgrading to ISC 3.2

ISC provides scripts to migrate your 1.x or 2.x VPNSC repository to ISC 3.2 and to upgrade your ISC 3.1 or 3.1 plus patches repository to ISC 3.2.

If you want to upgrade from ISC 3.0 to ISC 3.2, you must contact ISC Marketing, e-mail: isc-mktg@cisco.com.

Ring Topology Enhancement

ISC now provides full support for Ring Topology. A PE-POP can now be part of a Ring.

Role Based Access Control

In the Administration tab, you will see the new Object Groups capability. An object group consists of objects such as devices, interface, and named physical circuits. A User Role associated with Object Group(s) provides instance level of access granularity for users.

Detailed user permission reports are also now available.

Security Management GUI

ISC 3.2 supports a totally new GUI workflow for Security Management only. This new GUI supports Site-to-Site VPN, Remote Access VPN, Firewall, Network Address Translation (NAT), and IP QoS services. When you install ISC, you will make a decision of whether to accept the default of Full Menus for the GUI that is a follow-on to previous versions of ISC or the Security Management Menus for the new Security Management GUI. You also have the opportunity to switch between the two GUIs. The documentation for this new GUI is known as the Security Management Suite. The documentation that is a follow-on to the GUI introduced in Release 3.0 is now known as the Integrated VPN Management Suite.

Topology

A new look and feel has been added to topology. Topology now provides a more readable display of networks with enhanced amount of details, both in interactive and printed format. Better support is now also available for exporting topology views as images or scalable vector graphics (SVG).

Turbo ACL in Firewall Provisioning

Firewall policies now support a Turbo ACL option. This is used to optimize lookup for access control lists (ACLs) that contain 19 or more entries.

Unmanaged Multi-VRF (MVRF) CE Support

A Multi-VRF CE can now be configured with an Unmanaged Management Type. When an Unmanaged Management Type is configured on a Multi-VRF CE, ISC does not upload or download configurations to the device. To facilitate the provisioning process, the service provider can send a configuration to the customer, who can implement it manually. This behavior is consistent with the Unmanaged Management Type currently supported on the regular CE.

User Defined Shortcuts

You can now use Shortcuts for ease of navigation specific to your day to day operation needs. You can define multiple shortcuts for different work flows specific to your operation environment.

User Configurable Pre-shared Keys

Previously, ISC only supported automatically generated pre-shared keys for IPsec VPNs. In ISC 3.2, you can now configure some or all of these pre-shared keys.

Documentation Road Map for Cisco IP Solution Center, 3.2

This section describes documentation resources to help you find information about the Cisco IP Solution Center (ISC), 3.2.

The entire documentation set for Cisco IP Solution Center, 3.2 can be accessed at:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/3_2

The following documents comprise the ISC 3.2 documentation set.

General documentation (these documents are listed in the recommended reading order):

1. Cisco IP Solution Center Documentation Guide, 3.2

The contents of this document are:

Product Documentation Set (URLs for all the documentation in this documentation set)

Obtaining Documentation

Documentation Feedback

Obtaining Technical Assistance

Obtaining Additional Publications and Information

2. Cisco IP Solution Center Release Notes, 3.2

The contents of this document are:

Introduction

System Recommendations

Materials

New and Changed Information for Release 3.2 of ISC

Documentation Road Map for Cisco IP Solution Center, 3.2

Known Problems in Cisco IP Solution Center, Release 3.2

Obtaining Documentation

Documentation Feedback

Obtaining Technical Assistance

Obtaining Additional Publications and Information

3. Cisco IP Solution Center Installation Guide, 3.2

The contents of this document are:

System Recommendations

Installing and Logging Into ISC

Setting Up Oracle for ISC

Setting Up Cisco CNS IE2100 Appliances Running Cisco CNS Configuration Engine 1.3.x and 1.4 Software with ISC

Back Up and Restore of ISC Repository and Standby System

Troubleshooting

4. Cisco IP Solution Center System Error Messages, 3.2

The contents of this document are:

API Message Format

System Error Messages

5. Cisco IP Solution Center API Programmer Guide, 3.2

The contents of this document are:

Introduction

Getting Started

Common APIs

Monitoring APIs

Using Templates

MPLS Provisioning

L2VPN Provisioning

VPLS Provisioning

QoS Provisioning

IPsec Provisioning

NAT Provisioning

Firewall Provisioning

GUI to API Mapping

Implementing a Notification Servlet

6. Index: Cisco IP Solution Center API Programmer Reference, 3.2

The contents of this index are:

XML Examples

Schema Document

Integrated VPN Management Suite documentation (these documents are listed alphabetically):

Cisco IP Solution Center Integrated VPN Management Suite Infrastructure Reference, 3.2

The contents of this document are:

Getting Started

WatchDog Commands

Service Inventory > Inventory and Connection Manager

Service Inventory > Inventory and Connection Manager > Inventory Manager

Service Inventory > Deployment Flow Manager and Service Inventory > Device Console

Service Design

Monitoring

Administration

Cisco CNS IE2100 Appliances

Property Settings

Glossary

Cisco IP Solution Center Integrated VPN Management Suite L2VPN User Guide, 3.2

The contents of this document are:

ISC L2VPN and VPLS Concepts

Setting up the ISC Service

Creating an L2VPN Policy

Managing an L2VPN Service Request

Creating a VPLS Policy

Managing a VPLS Service Request

Auditing and Reports

Cisco IP Solution Center Integrated VPN Management Suite MPLS VPN User Guide, 3.2

The contents of this document are:

IP Solution Center—MPLS VPN

Provisioning an Unmanaged Multi-VRF CE

MPLS VPN Service Policies

MPLS VPN Service Requests

Provisioning Regular PE-CE Links

Provisioning MVRFCE PE-CE Links

Provisioning Management VPN

Provisioning Cable Services

Provisioning Carrier Supporting Carrier

Provisioning Multiple Devices

Spanning Multiple Autonomous Systems

Setting Up the Network

Service Request Transition States

Troubleshooting MPLS VPN

Cisco IP Solution Center Integrated VPN Management Suite Network-Based IPsec VPN User Guide, 3.2

The contents of this document are:

Preparing for Network-Based IPsec VPN Provisioning

One-Box Solution for IPsec-to-MPLS Mapping

Two-Box Solution for IPsec-to-MPLS Mapping

Provisioning Network-Based IPsec VPN Services

Using ISC FAQ

Cisco IP Solution Center Integrated VPN Management Suite Quality of Service User Guide, 3.2

The contents of this document are:

ISC Quality of Service Concepts

Network Architecture

QoS Service Model Overview

Prerequisites and Assumptions

Provisioning Process for IP QoS

QoS Policy Parameters

Applying QoS Policies to VPN Services

Auditing and Reports

Sample Configurations

Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2

The contents of this document are:

ISC Security Concepts

Preparing for Security Provisioning

Site-to-Site VPN Services

Remote Access VPN Services

NAT Services

Firewall Services

Provisioning Services

Updating and Modifying Pre-shared Keys

Security Management Suite documentation (these documents are listed alphabetically):

Cisco IP Solution Center Security Management Suite Infrastructure Reference, 3.2

The contents of this document are:

Getting Started

WatchDog Commands

Administration

Inventory Manager

Policy Design

Provision

Monitoring

Cisco CNS IE2100 Appliances

Property Settings

Glossary

Cisco IP Solution Center Security Management Suite Quality of Service User Guide, 3.2

The contents of this document are:

ISC Quality of Service Concepts

Network Architecture

QoS Service Model Overview

Prerequisites and Assumptions

Provisioning Process for IP QoS

IP QoS Policy Parameters

Managing and Auditing Policy Configurations

Sample Configurations

Cisco IP Solution Center Security Management Suite Security User Guide, 3.2

The contents of this document are:

ISC Security Concepts

Preparing for Security Provisioning

Site-to-Site VPN Services

Remote Access VPN Services

NAT Services

Firewall Services

Managing Policy Configurations

Updating and Modifying Pre-shared Keys

Known Problems in Cisco IP Solution Center, Release 3.2

To find known problems in Cisco IP Solution Center, use the following URL:

http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl

You need to log into CCO.

You can search for specific bugs or search for a range by product name. This tool enables you to query for keywords, severity, range, or version.

The results display bug ID and title, found-in version, fixed-in version, and status. The bug ID is a hyperlink to detailed information for the bug ID's product, component, severity, first found-in, and release notes.

The results could be displayed in a feature matrix or spreadsheet.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/index.shtml

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can send comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.

Cisco Technical Support Website

The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool automatically provides recommended solutions. If your issue is not resolved using the recommended resources, your service request will be assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553 2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://cisco.com/univercd/cc/td/doc/pcat/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html