Cisco IOS Software Release 12.3(2)XA [Cisco IOS Software Releases 12.3 Special and Early Deployments]

Product Bulletin, No. 2265

Cisco IOS Software Release 12.3(2)XA

This product bulletin describes the content and delivery information for Cisco^® IOS^® Software Release 12.3(2)XA. It should be used in conjunction with the Cisco IOS Software Release 12.3T product bulletin. Cisco IOS Software Release 12.3(2)XA is a short-lived, early deployment release that will be supported in the third release of Cisco IOS Software Release 12.3T. It supports the Cisco ICS 7700 Series, Cisco 3200 Series, Cisco 1700 Series routers (Cisco 1701, Cisco 1710, Cisco 1711, Cisco 1712, Cisco 1720, Cisco 1721, Cisco 1751, Cisco 1751-V, and Cisco 1760) and Cisco 830 Series Routers (Cisco 831, Cisco 836, and Cisco 837).

The platform and features delivered with this early deployment release will be immediately incorporated into the third release of Cisco IOS Software Release 12.3T. The timeframe for the availability of the third release of the Cisco IOS Software Release 12.3T train is the first quarter of calendar year 2004 (target live date is January 2004). Please note that this timeframe is subject to change. Future early deployment releases will be provided for maintenance support until Cisco IOS Software Release 12.3(2)XA becomes available in the third release of Cisco IOS Software Release 12.3T. In addition to the supported features described in this product bulletin, more information is available in the release notes for Cisco IOS Software Release 12.3(2)XA. Customers should prepare to upgrade using the migration path shown in Figure 1.

Note: This product bulletin lists only features that are new to the respective platforms as of this release 12.3(2)XA.

Figure 1
Cisco IOS Software Release 12.3(2)XA Release Train and Migration Guide

New Features in Cisco IOS Software Release 12.3(2)XA

Table 1 lists the features delivered in the Cisco IOS Software Release 12.3(2)XA

Table 1 Cisco IOS Software Release 12.3(2)XA New Features

New Features	ICS 7750	Cisco 3200	Cisco 831	Cisco 836	Cisco 837	Cisco 1701	Cisco 1710
New Hardware
Cisco 3220 Mobile Access Router		X
New Software Features
Cisco 1700 Analog Centralized Automatic Accounting (CAMA) support for VIC2-2FXO and VIC2-4FXO
802.1x based dynamic authentication for IPSec VPNs			X	X	X	X	X
Cisco Easy VPN			X	X	X
Auto Secure			X	X	X
Network Address Translation (NAT)—Static IP support			X	X	X	X	X
ISDN BRI backhaul using Media Gateway Control (MGCP)	X
Trunk conditioning	X
New Features	Cisco 1711	Cisco 1712	Cisco 1720	Cisco 1721	Cisco 1751	Cisco 1751-V	Cisco 1760
New Hardware
Cisco 3220 Mobile Access Router
New Software Features
Cisco 1700 Analog Centralized Automatic Accounting (CAMA) support for VIC2-2FXO and VIC2-4FXO						X	X
802.1x based dynamic authentication for IPSec VPNs	X	X	X	X	X	X	X
Cisco Easy VPN
Auto Secure			X	X	X
NAT— Static IP support	X	X		X	X	X	X
ISDN BRI backhaul using MGCP
Trunk conditioning

New Hardware

Cisco 3220 Mobile Access Router

The Cisco 3220 is a pre-configured model of the Cisco 3200 Series. The Cisco 3220 model consists of a Mobile Access Router Card (MARC) with one auxiliary/asynchronous port, one Fast Ethernet Port (FE) port, one console port, a two-port Serial Mobile Access Router Interface Card (SMIC), and a two-port Fast Ethernet Switch Mobile Access Router Interface Card (FESMIC).

New Software Features

Cisco 1700 Analog CAMA Support for VIC2-2FXO and VIC2-4FXO

Supported platforms: Cisco 1751-V, and Cisco 1760; supported in all 1700 IP/VOX PLUS legacy images (all sv8 images) and the cross platform images IP voice, advanced IP services, advanced enterprise services, SP services, enterprise services

Analog Centralized Automatic Message Accounting (CAMA) E911 Trunk

Cisco 1751 and 1760 series routers now support analog Centralized Automatic Message Accounting trunks on the 2- and 4-port FXO cards. The VIC2-2FXO and VIC2-4FXO cards are now user configurable for CAMA mode operation on a port-by-port basis. Example: On VIC2-2FXO card, the Port 0 can be configured for CAMA and port 1 can be configured for FXO-M1 operation. The following are the highlights of the CAMA support:

Direct connection to the E911 network
Meets current legislation requiring enterprises to connect directly to the E911 network.
Offers trunk capabilities to emergency services that are not currently supported on any Cisco product
Allows configuration on H.323 VoIP
Supports user configurable CAMA operation on a port-by-port basis on the VIC2-2FXO and VIC2-4FXO

Standard 802.1x Based Dynamic User Authentication for IPSec VPNs

Supported platforms: Cisco 831, 836, 837 and Cisco 1701, 1710, 1711, 1712, 1721, 1751, 1751-V, 1760; supported in all 800 IPSec DES and IPSec 3DES images and all 1700 IPSec DES and IPSec 3DES legacy images (all k8 and k9 images) and the cross platform images advanced IP services, advanced enterprise services, IP Base, advanced security.

This software release provides support on the Cisco 83x and 17xx access routers to classify users into authenticated and non-authenticated categories, based on the user credentials provided using the 802.1X port based authentication specification. This feature also allows the processing of traffic coming from these two classes of users (authenticated and non-authenticated) differently. Example: When the 802.1x feature is turned on, the system administrator has the ability to create policies to treat traffic from users on a LAN segment differently. Authenticated users are allowed to access a corporate IPSec tunnel. Unauthenticated or guest users are allowed to access local interconnections as well as connectivity to the Internet but not a corporate IPSec tunnel.

In this Cisco IOS Release 12.3(2)XA, the 802.1x user authentication support shall be used in conjunction with Easy VPN Server and Easy VPN Remote. In later releases, the 802.1x support will be augmented beyond Easy VPN Remote and Easy VPN Server. For details on Cisco Easy VPN see following URL:

http://www.cisco.com/en/US/products/sw/secursw/ps5299/index.html

Cisco Easy VPN

Supported platforms: Cisco 831, 836, and 837; supported in all IP/FW/IDS PLUS IPSEC DES (and 3DES) images (all k9syo3 and k8syo3 images)

Cisco Easy VPN Remote and Cisco Easy VPN Server are two features that are with this release supported on the Cisco 83x platforms. Cisco Easy VPN Server and Remote is already supported on Cisco 1700 platforms. Following is a brief description of these two features:

1. Cisco Easy VPN Remote

Eliminates complex remote-side configuration simplifying VPN deployments.

2. Cisco Easy VPN Server

Supports accepting VPN connection from Cisco VPN clients and Cisco Easy VPN Remote devices
- The Cisco 800 platform can support up to 5 simultaneous IPSec connections in the server mode
- The Cisco 1700 platforms can support up to 100 simultaneous connections in the server mode

Cisco Auto Secure

Supported platforms: Cisco 831, 836, and 837; Cisco supported in all IPSec DES and IPSec 3DES images (all k8 and k9 images). Cisco Auto Secure is already supported on Cisco 1700 platforms.

This feature simplifies the security configuration of a router and hardens the router configuration. By using a single command-line interface (CLI), the AutoSecure feature allows a user to perform the following functions:

Disable common IP services that can be exploited for network attacks
Enable IP Services and features that can aid in the defense of a network when under attack

NAT—Static IP Support

Supported platforms: Cisco 831, 836, 837, 1701, 1710, 1711, 1712, 1721, 1751, 1751-V, and 1760; supported in all 800 IPSec DES and IPSec 3DES images and all 1700 IPSec DES and IPSec 3DES legacy images (all k8 and k9 images) and the cross platform images advanced IP services, advanced enterpise services, SP services, enterprise services, advanced security.

Cisco IOS NAT—The Static IP Support feature will detect when a user is statically configured and provide that user with a working IP address within a Public wireless LAN (WLAN) network. The IP address is assigned dynamically, and allows the user to establish an IP session.

Cisco ICS 7750 Features

ISDN BRI Backhaul Using MGCP

Supported platforms: Cisco ICS 7750

Supported on the Cisco ICS 7750, ISDN BRI backhaul using MGCP enables BRI to be configured via the Cisco CallManager GUI and allows for BRI backhaul using MGCP. This feature is used in centralized Cisco CallManager environments to speed up voice cut-through time from remote sites to the host centralized Cisco CallManager server. BRI hardware support includes VIC-2BRI and VIC2-2BRI.

Trunk Conditioning

Supported platforms: Cisco ICS 7750

Supported on the Cisco ICS 7750, trunk conditioning is a local call admission control feature used on FRF.11 and Cisco trunks in IP telephony configurations.

Product Numbers

Table 2 provides the feature sets, images, and memory recommendations for Cisco IOS Software Release 12.3(2)XA.

Note:

1. The Cisco 1751 platform is limited to 16-MB Flash memory only, whereas the Cisco 1751-V system supports up to 32 MB Flash memory. Cisco 1710 and Cisco 1721 are also limited to 16-MB Flash memory.

2. In Table 2, column "SDM supported", SDM refers to Security Device Manager and indicates the combination of platforms and corresponding images that support SDM. SDM requires an additional 2.3 MB of Flash memory to run.

Table 2 Cisco IOS Software Release 12.3(2)XA Feature Sets, Images, and Memory Recommendations

Platform	Feature Set	Image Name	Image File Name	Recommended Flash Memory	Recommended DRAM	SDM Supported	Runs From
Cisco 3200	IP	Cisco 3200 IP image	C3200-i11-mz	32 MB	128 MB	No	RAM
Cisco 3200	IP Plus	Cisco 3200 IP Plus IPSEC 3DES	C3200-i11k9-mz	32 MB	128 MB	No	RAM
Cisco 3220	IP Plus	Cisco 3220 IP Plus IPSEC 3DES	C3220-i11k9-mz	32 MB	128 MB	No	RAM
Cisco ICS 7750	IP/VOICE PLUS	Cisco ICS 7700 IOS IP/VOICE PLUS	ics7700-sv3y-mz	16 MB	64 MB	No	RAM
Cisco ICS 7750	IP/FW/VOICE PLUS IPSEC 56	Cisco ICS 7700 IOS IP/FW/VOICE PLUS IPSEC 56	ics7700-k8o3sv3y-mz	16 MB	64 MB	No	RAM
	IP/FW/VOICE PLUS IPSEC 3DES	Cisco ICS 7700 IOS IP/FW/VOICE PLUS IPSEC 3DES	ics7700-k9o3sv3y-mz	16 MB	64 MB	No	RAM
	IP/IPX/AT/IBM/VOICE PLUS	Cisco ICS 7700 IOS IP/IPX/AT/IBM/VOICE PLUS	ics7700-bnr2sv3y-mz	16 MB	64 MB	No	RAM
	IP/IPX/AT/IBM/FW/VOICE PLUS IPSEC 56	Cisco ICS 7700 IOS IP/IPX/AT/IBM/FW/VOICE PLUS IPSEC 56	ics7700-bk8no3r2sv3y-mz	16 MB	64 MB	No	RAM
	IP/IPX/AT/IBM/FW/VOICE PLUS IPSEC 3DES	Cisco ICS 7700 IOS IP/IPX/AT/IBM/FW/VOICE PLUS IPSEC 3DES	ics7700-bk9no3r2sv3y-mz	16 MB	64 MB	No	RAM
	REDUCED-IP/ANALOG VOICE PLUS	Cisco ICS 7700 IOS REDUCED-IP/ANALOG VOICE PLUS	ics7700-sv12y10-mz	16 MB	64 MB	No	RAM
	REDUCED-IP/VOICE PLUS	Cisco ICS 7700 IOS REDUCED-IP/VOICE PLUS	ics7700-sv3y10-mz	16 MB	64 MB	No	RAM
Cisco 831	IOS IP/FW 3DES	Cisco 831 IOS IP/FW 3DES	c831-k9o3y6-mz	12 MB	32 MB		RAM
Cisco 831	IOS IP/FW/PLUS 3DES	Cisco 831 IOS IP/FW PLUS 3DES	c831-k9o3sy6-mz	12 MB	32 MB		RAM
Cisco 836	IOS IP/FW 3DES	Cisco 836 IOS IP/FW 3DES	c836-k9o3y6-mz	12 MB	32 MB		RAM
	IOS IP/FW/PLUS 3DES	Cisco 836 IOS IP/FW PLUS 3DES	c836-k9o3sy6-mz	12 MB	32 MB		RAM
	IOS IP/FW/PLUS DIAL BACKUP 3DES	Cisco 836 IOS IP/FW PLUS DIAL BACKUP 3DES	c836-k9o3s8y6-mz	12 MB	32 MB		RAM
Cisco 837	IOS IP/FW 3DES	Cisco 837 IOS IP/FW 3DES	c837-k9o3y6-mz	128 MB	32 MB		RAM
Cisco 837	IOS IP/FW/PLUS 3DES	Cisco 837 IOS IP/FW PLUS 3DES	c837-k9o3sy6-mz	12 MB	32 MB		RAM
Cisco 1700 Legacy Images
Cisco 1710 (1)	IP/FW/IDS PLUS IPSEC 3DES	Cisco 1700 IOS IP/FW/IDS PLUS IPSEC 3DES	c1710-k9o3sy-mz	16 MB	64 MB	Cisco 1710—No	RAM
Cisco 1710 (1)	IP/IPX/AT/IBM/FW/IDS PLUS IPSEC 3DES	Cisco 1700 IOS IP/IPX/AT/IBM/FW/IDS PLUS IPSEC	c1710-bk9no3r2sy-mz	16 MB	64 MB	Cisco 1710—No	RAM
Cisco 1751-V/1760	IP/ADSL/VOX PLUS	Cisco 1700 IOS IP/ADSL/VOX PLUS	c1700-sv8y7-mz	32 MB	96 MB	Cisco 1751-V— Yes, 1760— Yes	RAM
Cisco 1751-V/1760	IP/ADSL/VOX/FW/IDS PLUS IPSEC 3DES	Cisco 1700 IOS IP/ADSL/VOX/FW/IDS PLUS IPSEC 3DES	c1700-k9o3sv8y7-mz	32 MB	96 MB	Cisco 1751-V/Yes, 1760—Yes	RAM
Cisco 1751-V/1760	IP ADSL/IPX/AT/IBM/VOX/ FW/IDS PLUS IPSEC 3DES	Cisco 1700 IOS IP ADSL/IPX/AT/IBM/VOX/ FW/IDS PLUS IPSEC 3DES	c1700-bk9no3r2sv8y7-mz	32 MB	96 MB	Cisco 1751-V/1760—Yes	RAM
Cisco 1701/1721/ 1751/1751-V/1760	IP ADSL/PLUS	Cisco 1700 IOS IP ADSL PLUS	c1700-sy7-mz	16 MB	64 MB	Cisco 1701/1721/1751/1751-V/1760—Yes	RAM
Cisco 1720/1721/ 1751/ 1751-V/1760	IP	Cisco 1700 IOS IP	c1700-y-mz	16 MB	32 MB	Cisco 1720/1721/1751/ 1751-V/1760—Yes	RAM
Cisco 1701/ 1721/1751/1751-V/1760	IP ADSL/IPX/ AT/IBM PLUS	Cisco 1700 IOS IP ADSL/IPX/AT/IBM PLUS	c1700-bnr2sy7-mz	16 MB	64 MB	Cisco 1701/ 1721/1751/1751-V/1760—Yes	RAM
Cisco 1701/1711/1712/1751-V/1760	IP ADSL/IPX/AT/IBM/FW/ IDS PLUS IPSEC 3DES	Cisco 1700 IOS IP ADSL/IPX/AT/IBM/FW/ IDS PLUS IPSEC 3DES	c1700-bk9no3r2sy7-mz	32 MB	96 MB	Cisco 1701/1711/1712/1751-V/1760—Yes	RAM
Cisco 1701/1720/1721/1751/1751-V/1760	IP/ADSL	Cisco 1700 IOS IP/ADSL	c1700-y7- mz	16 MB	48 MB	Cisco 1701/1720/1721/1751/1751-V/1760—Yes	RAM
Cisco 1701/1711/1712 /1721/1751/1751-V/1760	IP/ADSL/FW/IDS PLUS IPSEC 3DES	Cisco 1700 IOS IP/ADSL/FW/IDS PLUS IPSEC 3DES	c1700-k9o3sy7-mz	16 MB	64 MB	Cisco 1701/1711/1712/1751-V/1760—Yes Cisco 1721/1751—No	RAM
Cisco 1700 Cross Platform Images
Cisco 1751-V/ 1760	IP VOICE	(2)	c1700-ipvoice-mz	32 MB	96 MB	Cisco 1751-V/ 1760—Yes	RAM
Cisco 1701/ 1751-V/1760	ADVANCED IP SERVICES	(2)	c1700-advipservicesk9-mz	32 MB	96 MB	Cisco 1751-V/1760—Yes	RAM
Cisco 1701/ 1751-V/ 1760	SP SERVICES	(2)	c1700-spservicesk9-mz	32 MB	96 MB	Cisco 1701/ 1751-V/ 1760—Yes	RAM
Cisco 1701/1751-V/1760	ENTERPRISE SERVICES	(2)	c1700-entservicesk9-mz	32 MB	96 MB	Cisco 1701/1711/1712/1751-V/1760—Yes	RAM
Cisco 1701/1711/1712/ 1751-V/1760	ADVANCED ENTERPRISE SERVICES	(2)	c1700-adventerprisek9-mz	32 MB	96 MB	Cisco 1751-V/1760—Yes	RAM
Cisco 1701/1721/1751/1751-V/1760	IP BASE	(2)	c1700-ipbase-mz	16 MB	48 MB	Cisco 1701/1721/1751/1751-V/1760—Yes	RAM
Cisco 1701/1721/1751/1751-V/1760	ENTERPRISE BASE	(2)	c1700-entbase-mz	16 MB	64 MB	Cisco 1701/1721/1751/1751-V/1760—Yes	RAM
Cisco 1701/1711/1712/1721/1751/1751-V/1760	ADVANCED SECURITY	(2)	c1700-advsecurityk9- mz	16 MB	64 MB	Cisco 1701/1711/1712/1751-V/1760—Yes Cisco 1721/1751—No	RAM

(1) SDM is NOT supported on the Cisco 1710.

(2) Refer to product bulletin "Cisco IOS Software Release 12.3 Mainline and 12.3T Feature Sets for Cisco 1700 Series Routers"—

http://www.cisco.com/en/US/products/hw/routers/ps221/prod_bulletin09186a008016122f.html

Download Information

Customers can download Cisco IOS Software Release 12.3(2)XA Software from the Cisco.com software image library.

Cisco IOS Software Releases 12.3 Special and Early Deployments