Table Of Contents
Cisco IOS Security Configuration Guide, Release 12.3
Overview
Part 1: Authentication, Authorization, and Accounting (AAA)
Part 2: Security Server Protocols
Part 3: Traffic Filtering and Firewalls
Part 4: IP Security and Encryption
Part 5: Other Security Features
Part 6: Appendixes
New-Features List and Feature Guide Book-Level PDF for Cisco IOS Security, Release 12.3
Book Index to the Cisco IOS Security Configuration Guide, Release 12.2
Book-Level PDF for Cisco IOS Security Configuration Guide, Release 12.2
Cisco IOS Security Configuration Guide, Release 12.3
The Cisco IOS Security Configuration Guide, Release 12.3 (known as a "virtual configuration guide") consists of the Cisco IOS Release 12.2 configuration guide and new-feature documentation for Cisco IOS Releases 12.2 T and 12.3(1).
In some cases, information contained in the new-feature documentation for Cisco IOS Release 12.3(1) and early-deployment Cisco IOS releases numbered 12.2 T augments or supersedes content in the Cisco IOS Release 12.2 configuration guides. New-feature documentation in later 12.2 T releases may replace new-feature documentation in earlier 12.2 T releases.
The following outline includes links to Cisco IOS Release 12.2 chapters and Cisco IOS Release 12.2 T new-feature documentation. Use these documents to configure your Cisco IOS Release 12.3 features.
Overview
•
Chapter: About Cisco IOS Software Documentation for Release 12.3 (12.3 document)
•Chapter: Using Cisco IOS Software for Release 12.3 (12.3 document)
•Chapter: Security Overview (12.2 document; also pertains to 12.3*)
Part 1: Authentication, Authorization, and Accounting (AAA)
•Chapter: AAA Overview (12.2 document; also pertains to 12.3*)
•Chapter: Configuring Authentication (12.2 document; also pertains to 12.3*)
–New Feature: MS CHAP V2 (12.2(13)T document)
–New Feature: RADIUS EAP Support (12.2(13)T document)
–New Feature: RADIUS Packet of Disconnect (12.2(8)T document
•Chapter: Configuring Authorization (12.2 document; also pertains to 12.3*)
–New Feature: PKI Integration with AAA Server (12.3(1) document)
•Chapter: Configuring Accounting (12.2 document; also pertains to 12.3*)
Part 2: Security Server Protocols
•Chapter: Configuring RADIUS (12.2 document; also pertains to 12.3*)
–New Feature: ACL Default Direction (12.2(4)T document)
–New Feature: Enable Multilink PPP via RADIUS for Preauthentication User (12.2(11)T document)
–New Feature: Enhanced Test Command (12.2(4)T document)
–New Feature: Offload Server Accounting Enhancement (12.2(4)T document)
–New Feature: Per VRF AAA (12.2(13)T document)
–New Feature: RADIUS Attribute Screening (12.2(4)T document)
–New Feature: RADIUS Centralized Filter Management (12.2(13)T document)
–New Feature: RADIUS Debug Enhancements (12.2(11)T document)
–New Feature: RADIUS Logical Line ID (12.2(13)T document)
–New Feature: RADIUS Route Download (12.2(8)T document)
–New Feature: RADIUS Support of 56-Bit Acct Session-Id (12.2(15)T document)
–New Feature: RADIUS Tunnel Preference for Load Balancing and Fail-Over (12.2(11)T document)
–New Feature: Subscriber Service Switch (12.2(13)T document)
–New Feature: RADIUS Server Reorder on Failure (12.3(1) document)
•Chapter: Configuring TACACS+ (12.2 document; also pertains to 12.3*)
•Chapter: Configuring Kerberos (12.2 document; also pertains to 12.3*)
Part 3: Traffic Filtering and Firewalls
•Chapter: Access Control Lists: Overview and Guidelines (12.2 document; also pertains to 12.3*)
•Chapter: Cisco IOS Firewall Overview (12.2 document; also pertains to 12.3*)
•Chapter: Configuring Lock-and-Key Security (Dynamic Access Lists) (12.2 document; also pertains to 12.3*)
•Chapter: Configuring IP Session Filtering (Reflexive Access Lists) (12.2 document; also pertains to 12.3*)
•Chapter: Configuring TCP Intercept (Preventing Denial-of-Service Attacks) (12.2 document; also pertains to 12.3*)
•Chapter: Configuring Context-Based Access Control (12.2 document; also pertains to 12.3*)
–New Feature: Cisco IOS Firewall Performance Improvements (12.2(8)T document)
–New Feature: Firewall N2H2 Support (12.2(15)T document)
–New Feature: Firewall Stateful Inspection of ICMP (12.2(15)T document)
–New Feature: Firewall Support for SIP (12.2(15)T document)
–New Feature: Firewall Websense URL Filtering (12.2(15)T document)
–New Feature: Firewall Support of Skinny Client Control Protocol (SCCP) (12.3(1) document)
•Chapter: Configuring Cisco IOS Firewall Intrusion Detection System (12.2 document; also pertains to 12.3*)
–New Feature: Firewall Intrusion Detection System Signature Enhancements (12.2(15)T document)
•Chapter: Configuring Authentication Proxy (12.2 document; also pertains to 12.3*)
–New Feature: Firewall Support of HTTPS Authentication Proxy (12.2(15)T document)
–New Feature: Firewall Authentication Proxy for FTP and Telnet Sessions (12.3(1) document)
•Chapter: Configuring Port to Application Mapping (12.2 document; also pertains to 12.3*)
Part 4: IP Security and Encryption
•Chapter: IP Security and Encryption Overview (12.2 document; also pertains to 12.3*)
•Chapter: Configuring IPSec Network Security (12.2 document; also pertains to 12.3*)
–New Feature: Ability to Disable Extended Authentication for Static IPSec Peers (12.2(4)T document)
–New Feature: DES/3DES/AES VPN Encryption and Compression Module (AIM-VPN/EPII &
AIM-VPN/HPII) (12.2(13)T document)
–New Feature: DF Bit Override Functionality with IPSec Tunnels (12.2(2)T document)
–New Feature: Distinguished Name Based Crypto Maps (12.2(4)T document)
–New Feature: Dynamic Multipoint VPN (DMVPN) (12.2(13)T document)
–New Feature: IPSec NAT Transparency (12.2(13)T document)
–New Feature: IPSec Passive Mode (12.2(13)T document)
–New Feature: IPSec Security Association Idle Timers (12.2(15)T document)
–New Feature: IPSec—SNMP Support (12.2(4)T document)
–New Feature: IPSec VPN Accounting (12.2(15)T document)
–New Feature: IPSec VPN High Availability Enhancements (12.2(11)T document)
–New Feature: L2TP Security (12.2(4)T document)
–New Feature: Low Latency Queuing (LLQ) for IPSec Encryption Engines (12.2(13)T document)
–New Feature: Pre-Fragmentation for IPSec VPNs (12.2(13)T document)
–New Feature: Software IPPCP (LZS) with Hardware Encryption (12.2(13)T document)
–New Feature: VPN Acceleration Module (12.2(13)T document)
–New Feature: VRF-Aware IPSec (12.2(15)T document)
•Chapter: Configuring Certification Authority Interoperability (12.2 document; also pertains to 12.3*)
–New Feature: Certificate Autoenrollment (12.2(8)T document)
–New Feature: Certificate Enrollment Enhancements (12.2(8)T document)
–New Feature: Certificate Security Attribute-Based Access Control (12.2(15)T document)
–New Feature: Exporting and Importing RSA Keys (12.2(15)T document)
–New Feature: Manual Certificate Enrollment (TFTP and Cut-and-Paste) (12.2(13)T document)
–New Feature: Source Interface Selection for Outgoing Traffic with Certificate Authority (12.2(15)T document)
–New Feature: Trustpoint CLI (12.2(8)T document)
•Chapter: Configuring Internet Key Exchange Security Protocol (12.2 document; also pertains to 12.3*)
–New Feature: Advanced Encryption Standard (AES) (12.2(13)T document)
–New Feature: Cisco Easy VPN Remote—Phase 1 (12.2(13)T document)
–New Feature: Cisco Easy VPN Remote Enhancements (12.2(15)T document)
–New Feature: Easy VPN Server (12.2(8)T document)
–New Feature: IKE: Initiate Aggressive Mode (12.2(8)T document)
–New Feature: Multiple RSA Key Pair Support (12.2(8)T document)
Part 5: Other Security Features
•Chapter: Configuring Passwords and Privileges (12.2 document; also pertains to 12.3*)
–New Feature: Enhanced Password Security (12.2(8)T document)
–New Feature: Privilege Command Enhancement (12.2(13)T document)
•Chapter: Neighbor Router Authentication: Overview and Guidelines (12.2 document; also pertains to 12.3*)
•Chapter: Configuring IP Security Options (12.2 document; also pertains to 12.3*)
•Chapter: Configuring Unicast Reverse Path Forwarding (12.2 document; also pertains to 12.3*)
•Chapter: Configuring Secure Shell (12.2 document; also pertains to 12.3*)
–New Feature: Secure Copy (12.2(2)T document)
–New Feature: SSH Terminal-Line Access (12.2(2)T document)
•Chapter: Configuring Autosecure (12.3 virtual chapter)
–New Feature: Autosecure (12.3(1) document)
Part 6: Appendixes
•Chapter: RADIUS Attributes (12.2 document; also pertains to 12.3*)
–New Feature: Connect-Info RADIUS Attribute 77 (12.2(11)T document)
–New Feature: Encrypted Vendor-Specific Attributes (12.2(8)T document)
–New Feature: Per-User QoS via AAA Policy Name (12.2(15)T document)
–New Feature: RADIUS Attribute 8 (Framed-IP-Address) in Access Requests (12.2(11)T document)
–New Feature: RADIUS Attribute 82: Tunnel Assignment ID (12.2(4)T document)
–New Feature: RADIUS Progress Codes (12.2(11)T document)
–New Feature: RADIUS Timeout Set During Pre-Authentication (12.2(15)T document)
–New Feature: RADIUS Tunnel Attribute Extensions (12.2(13)T document)
–New Feature: V.92 Reporting Using RADIUS Attribute v.92-info (12.3(1) document)
•Chapter: TACACS+ Attribute-Value Pairs (12.2 document; also pertains to 12.3*)
Click the above link to access an alphabetically ordered new-features list and a feature guide book-level PDF for the Security technology area.
Click the above link to display the index of the Cisco IOS Security Configuration Guide, Release 12.2. This index does not include the new-feature documentation for the releases numbered 12.2 T.
Click the above link to download the book-level PDF of the Cisco IOS Security Configuration Guide, Release 12.2. This book-level PDF does not include the new-feature documentation for the releases numbered 12.2 T.
*Cisco IOS Release 12.2 documents are still current for Cisco IOS Release 12.3 where not superseded by Cisco IOS Release 12.2 T and 12.3(1) new-feature documentation.
