-
Cisco IOS Security Configuration Guide: Secure Connectivity, Release 12.4
-
Overview: Secure Connectivity
- Internet Key Exchange for IPsec VPNs
-
Security for VPNs with IPsec
-
Configuring Security for VPNs with IPsec
-
IPsec Virtual Tunnel Interface
-
L2TP—IPsec Support for NAT and PAT Windows Clients
-
SafeNet IPsec VPN Client Support
-
Ability to Disable Extended Authentication for Static IPsec Peers
-
Crypto Conditional Debug Support
-
VPN Acceleration Module (VAM)
-
Option to Disable Hardware Crypto Engine Failover to Software Crypto Engine
-
- VPN Availability
-
IPsec Data Plane
-
IPsec Anti-Replay Window: Expanding and Disabling
-
Pre-Fragmentation for IPsec VPNs
-
Invalid Security Parameter Index Recovery
-
IPsec Dead Peer Detection Periodic Message Option
-
IPsec NAT Transparency
-
DF Bit Override Functionality with IPsec Tunnels
-
Crypto Access Check on Clear-Text Packets
-
IPsec Security Association Idle Timers
-
Low Latency Queueing (LLQ) for IPsec Encryption Engines
-
- IPsec Management Plane
-
Public Key Infrastructure (PKI)
-
Implementing and Managing PKI Features Roadmap
-
Cisco IOS PKI Overview: Understanding and Planning a PKI
-
Deploying RSA Keys Within a PKI
-
Configuring Authorization and Revocation of Certificates in a PKI
-
Configuring Certificate Enrollment for a PKI
-
Setting Up Secure Device Provisioning (SDP) for Enrollment in a PKI
-
Configuring and Managing a Cisco IOS Certificate Server for PKI Deployment
-
Storing PKI Credentials
-
Source Interface Selection for Outgoing Traffic with Certificate Authority (CA)
-
- Dynamic Multipoint VPN (DMVPN)
- Easy VPN
- SSL VPN
-
Table Of Contents
Overview: Secure Connectivity
First Published: March 31, 2009Last Updated: March 31, 2009Contents
About This Guide
The Cisco IOS Security Configuration Guide: Secure Connectivity describes how you can use IP security (IPsec) with Internet Key Exchange (IKE), Public Key Infrastructure (PKI), and virtual private network (VPN) technologies to manage and secure your networks and to deliver reliable transport for complex mission-critical traffic, such as voice and client-server applications, without compromising communications quality.
This chapter includes the following:
•
IKE
•
•
IPsec
IPsec provides security for transmission of sensitive information over unprotected networks such as the Internet. IPsec provides data authentication and anti-replay services in addition to data confidentiality services.
IKE
IKE is a key management protocol standard that is used in conjunction with the IPsec standard. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard.
PKI
PKI offers a scalable method of securing networks, reducing management overhead, and simplifying the deployment of network infrastructures by deploying Cisco IOS security protocols, including IPsec, secure shell (SSH), and secure socket layer (SSL). Cisco IOS software can also use PKI for authorization using access lists and authentication resources.
VPNs
VPN solutions are built on five underlying VPN technologies: Standard IPsec, Dynamic Multipoint VPN (DMVPN), Easy VPN, generic routing encapsulation (GRE) tunneling, and Group Encrypted Transport VPN (GET VPN). Each technology has its benefits and is customized to meet specific deployment requirements. Table 1 provides a comparison of these technologies.
Related Documents
In addition to this document, there are other documents on Cisco.com about secure connectivity, too numerous to list here. For more information about or additional documentation for secure connectivity, search Cisco.com, specifying the desired subject or title.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Pulse, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Fast Step, Follow Me Browsing, FormShare, GainMaker, GigaDrive, HomeLink, iLYNX, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0908R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2009 Cisco Systems, Inc. All rights reserved.