Cisco Secure VPN Client Solutions Guide
Preface
Download this chapter
PrefacePreface
Download the complete book
Cisco Secure VPN Solutions GuideCisco Secure VPN Solutions Guide (PDF - 2 MB)
give_us_feedback

Table of Contents

Preface

Preface

This guide describes Cisco-supported configurations for IP-based extranet Virtual Private Networks (VPNs) for an IP Security Protocol (IPSec) tunnel between a Cisco Secure VPN Client (VPN Client) and a Cisco IOS router or Cisco Secure PIX Firewall (gateway). The VPN Client acts as an IPSec peer that uses Internet Key Exchange (IKE) protocol and IPSec to negotiate, then establish an encrypted tunnel to another IPSec peer. Each configuration can consist of various Cisco IOS IPSec features including manual configuration, dynamic IP addressing, pre-shared keys, wildcard pre-shared keys, and digital certification.

This preface contains the following sections:

Scope

This guide does not cover every available feature for the Cisco Secure VPN Client; it is not intended to be a comprehensive VPN configuration guide. Instead, this guide simply describes the Cisco-supported configurations for VPNs using the Cisco Secure VPN Client.

The business scenarios introduced in this guide include specific tasks and configuration examples. The examples are the recommended methods for configuring the specified tasks. Although they are typically the easiest or the most straightforward method, they are not the only methods of configuring the tasks.

Audience

This solutions guide often refers to device-specific administrators, which can consist of any combination of the following audiences:

  • Network administrators who are responsible for defining network security policies and distributing them to the end users within their organization

  • System administrators who are responsible for installing and configuring internetworking equipment, are familiar with the fundamentals of router-based internetworking, and who are familiar with Cisco IOS software and Cisco products

  • System administrators who are familiar with the fundamentals of router-based internetworking and who are responsible for installing and configuring internetworking equipment, but who might not be familiar with the specifics of Cisco products or the routing protocols supported by Cisco products

  • Customers with technical networking background and experience

New and Changed Information

The following is new or changed information since the last release of the Cisco Secure VPN Client solutions guide:

Document Organization

The major elements of this guide are as follows:


Table 1: Document Organization
Chapter Title Description

Chapter 1

Access VPNs and IP Security Protocol Tunneling Technology Overview

Provides a physical overview of different types of VPNs, and VPN Client-specific details.

Chapter 2

Case Study for Layer 3 Authentication and Encryption

Provides a case study overview, site profile characteristics, and basic configuration tasks of IPSec tunneling between a VPN Client and a gateway.

Chapter 3

Configuring Manual Configuration

Shows how a static IP address is configured on a VPN Client for an IPSec tunnel between the VPN Client and a gateway.

Chapter 4

Configuring Dynamic IP Addressing

Shows how a static IP address is configured on a VPN Client for an IPSec tunnel between the VPN Client and a gateway.

Chapter 5

Configuring a Pre-Shared Key or Wildcard Pre-Shared Key

Shows how regular and wildcard pre-shared keys are generated for an IPSec tunnel between the VPN Client and a gateway.

Chapter 6

Configuring Digital Certification

Shows how digital certification is set up and maintained for an IPSec tunnel between the VPN Client and a gateway.

Appendix A

Configuring Entrust Digital Certificates

Shows how to request digital certification from the Entrust CA server and configure the CA server identity on your gateway.

Appendix B

Configuring Microsoft Certificate Services

Shows how to request digital certification using Microsoft Certificate Services and configure the CA server identity on your gateway.

Appendix C

Configuring VeriSign Digital Certificates

Shows how to request digital certification from the VeriSign CA server and configure the VeriSign CA identity on your gateway.

None

Glossary

Provides a list of terms and definitions related to the VPN configurations in this guide.

None

Index

Provides a list of terms found throughout this guide.


Case Study Presented in This Solutions Guide

Most chapters in this solutions guide focus on configuring possible features within one business case, "Case Study for Layer 3 Authentication and Encryption." This business case explains the basic tasks for configuring an extranet VPN using a VPN Client to initiate an IPSec tunnel to the gateway of an enterprise network.

Related Documentation

The following sections describe the documentation available for the Cisco Secure VPN Client. Documentation is available as printed manuals and/or electronic documents.

Use this solutions guide with these documents:

Note This document is not a comprehensive guide to all VPNs. The following aspects of VPN configuration are not covered in this guide: NAS-initiated VPNs (Internet service provider VPN solutions), Cisco IOS software configuration, Cisco IOS router or access server installation and configuration.

Product-Specific Documents

Product-specific documents in this section include software that is a part of the Cisco Secure product family. These products include, but are not limited to, the following:

Cisco Secure Policy Manager Documentation

These software documents are available for the Cisco Secure Policy Manager  on CCO and the Documentation CD-ROM:

or Service & Support>Technical Documents>Documentation Home Page>Internet Services Management Group>Cisco Secure Policy Manager
  • On the Documentation CD-ROM: Cisco Product Documentation>Internet Services Management Group>Cisco Secure Policy Manager

Note Cisco Secure Policy Manager Version 2.0 is supported on the Cisco Secure VPN Client Version 1.0, but is not interoperable with Cisco Secure VPN Client Version 1.1. To avoid complications, make sure you have the compatible version of the Cisco Secure Policy Manager installed.


Table 2: Cisco Secure Policy Manager 2.0 Documentation
Document Titles Chapter Topics Customer Order Number

Configuring Cisco Secure Policy Manager

Getting Started
Representing Your Network
Populating the Network Topology Tree
Configuring the Device-Specific Settings of Network
     Objects
Configuring Monitoring and Reporting
Working With Security Policies
Generating, Verifying, and Publishing Command Sets
Maintaining Cisco Secure Policy Manager

DOC-7810296

Installation Guide

Preface
Planning Your Installation
Installation Procedures
Meeting the Prerequisites
Working with Cisco Secure Policy Manager

DOC-786782

IPSec Tunnel Implementation

IPSec Tunnels
Authentication Server Panel
IPSec Tunnel Templates
IPSec Tunnel Groups
Configuring Policy Enforcement Points
IPSec Tunnel Policy

OL-0426

Network Topology Definition

Understanding the Network Topology Tree
Guidelines and Techniques for Defining Your Network      Topology
Representing Your Network Topology
Populating the Network Topology Tree
Configuring the Global Policy Override Settings for Policy      Enforcement Points
Configuring Administrative Control Communications
Defining Traffic Flows and Shaping Rules

OL-0426

Upgrade Notes

Introduction
System Requirements
Upgrade the License
Where To Go Next
Related Documentation
Obtaining Documentation
Obtaining Technical Assistance

DOC-786808

Release Notes for Cisco Secure Policy
Manager Version 2.0

Introduction
Features and Functionality Changes
System Requirements
Installation Notes
Limitations and Restrictions
Caveats
Related Documentation
Obtaining Documentation
Obtaining Technical Assistance

DOC-786781


Cisco Secure VPN Client Documentation

These software documents are available for the Cisco Secure VPN Client  are on CCO and the Documentation CD-ROM:

or Service & Support>Technical Documents>Documentation Home Page>Internet Service Unit Documentation>Cisco Secure VPN Client
  • On the Documentation CD-ROM: Cisco Product Documentation>Internet Service Unit Documentation>Cisco Secure VPN Client


Table 3: Cisco Secure VPN Client Documentation
Document Titles Chapter Topics Customer Order Number

Audience
System Requirements
Installing Cisco Secure VPN Client
Roles in Cisco Secure VPN Client Operation
Additional Information
Configuring a Custom Installation
Obtaining Documentation
Ordering Documentation
Obtaining Technical Assistance
Documentation Feedback

DOC-786898
for Version 1.0

DOC-7810787
for Version 1.1

Introduction
System Requirements
Network Requirements
Installation Notes
Limitations and Restrictions
Important Notes
Caveats
Related Documentation
Cisco Connection Online
Documentation CD-ROM

DOC-786929 for Versions 1.0/1.0a

OL-0458 for Version 1.1

Cisco Secure VPN Client Solutions Guide

Preface
Access VPNs and IP Security Protocol Tunneling Technology Overview
Case Study for Layer 3 Authentication and Encryption
Configuring Manual Configuration
Configuring Dynamic IP Addressing
Configuring Pre-shared Key or Wildcard Pre-shared Key
Configuring Digital Certification
Configuring Entrust Digital Certification
Configuring Microsoft Certificate Services
Configuring VeriSign Digital Certification
Glossary

OL-0259


Platform-Specific Documents

Platform-specific documents include documents that are related to specific hardware platforms. A hardware platform is grouped as a set of models, or a series.

This section includes platform-specific documents, as follows:

Cisco 1720 VPN Router Documentation

These hardware and software documents are available for the Cisco 1720 VPN routers on CCO and the Documentation CD-ROM:

or Service & Support>Technical Documents>Documentation Home Page>Access Servers and Access Routers>Modular Access Routers>Cisco 1720 Router
  • On the Documentation CD-ROM: Cisco Product Documentation>Access Servers and Access Routers>Modular Access Routers>Cisco 1720 Router


Table 4: Cisco 1720 VPN Router Documentation
Document Title Chapter Topics Customer Order Number

Cisco 1700 Series Quick Start Guide

Unpack the Box
Install the Router
Verify the Installation

DOC-785406

Cisco 1720 Router Release Notes,

Early Deployment Releases
System Requirements
New and Changed Information
Limitations and Restrictions
Important Notes
Caveats
Related Documentation
Obtaining Documentation
Obtaining Technical Assistance

DOC-786238 for
Release 12.0

DOC-7810842 for
Release 12.1 T

Cisco 1720 Router Hardware Installation Guide

About This Guide
Overview of the Cisco 1700 Router
Installing the Cisco 1700 Router
Troubleshooting the Cisco 1700 Router
Cisco 1700 Technical Specifications
Cable Pinouts and Cabling Guidelines
Installing and Upgrading Memory in the Cisco 1700 Router
Ordering and Configuring an ISDN Line

DOC-785405

Cisco 1720 Software Configuration Guide

About This Guide
Introduction to Configuring the Cisco 1700 Router
Cisco IOS Software Skills
Configuring a Leased Line
Configuring Frame Relay
Configuring ISDN
Configuring Asynchronous Connections
Configuring X.25
ROM Monitor Software
Networking Concepts for the Cisco 1700 Router

DOC-785407

Regulatory Compliance and Safety Information for Cisco  1600 Routers and Cisco  1700 Routers

Electro-Magnetic Compatibility Compliance
Operating Conditions for Canada
Operating Conditions for the European Community
Operating Conditions for the United Kingdom
Agency Approvals
Declaration of Conformity
Conformit Europenne Marking Directive
Translated Safety Warnings

DOC-786739

Cisco 1700 Series Configuration Notes

See CCO or Documentation CD-ROM

DOC-785977


Cisco 7100 VPN Router Documentation

These hardware and software documents are available for the Cisco 7100 series routers on CCO and the Documentation CD-ROM:

or Service & Support>Technical Documents>Documentation Home Page>Core/High-End Routers>Cisco 7100
  • On the Documentation CD-ROM: Cisco Product Documentation>Core/High-End Routers>Cisco 7100


Table 5: Cisco 7100 VPN Router Documentation
Document Title Chapter Topics Customer Order Number

Cisco 7100 Series Quick Start Guide

Prepare for Installation
Rack-Mount the Router
Connect the Router to the Network
Connect the Power
Start the System

DOC-786343

Cisco 7000 Family Routers Release Notes

System Requirements
New and Changed Information
Important Notes
Caveats
Related Documentation
Service and Support
Cisco Connection Online
Documentation CD-ROM

DOC-786055 for
Release 12.0 T

DOC-7810811 for
Release 12.1 T

Cisco 7100 Series Installation and Configuration Guide

Preface
Cisco 7100 Series Product Overview
Preparing for Installation
Installing Cisco 7100 Series Routers
Performing a Basic Startup Configuration
Troubleshooting the Installation
Modular Port Adapter Configuration Guidelines
System Specifications
Cable Specifications

DOC-786341

Cisco 7100 Series VPN Configuration Guide

Preface
Using Cisco IOS Software
Before You Begin
Intranet and Extranet VPN Business Scenarios
Remote Access VPN Business Scenario

DOC-786342

Regulatory Compliance and Safety Information for Cisco  7100 Series VPN Routers

If You Need More Information
Cisco 7100 Series Overview
Compliance with U.S. Export Laws and Regulations
     Regarding Encryption
Standards Compliance
Installation Requirements
Safety Information
Translated Safety Warnings
Cisco Connection Online
Documentation CD-ROM

DOC-786345

Port and Service Adapters

See CCO or Documentation CD-ROM

See CCO or Documentation CD-ROM

Field Replaceable Units

Using the Flash Disk
Installing and Removing the Power Supply in Cisco 7100      Series Routers
Installing Field-Replaceable Units
Installing and Removing the Boot ROM in Cisco 7100      Using the Flash Disk

See CCO or Documentation CD-ROM


Cisco Secure PIX Firewall Documentation

These hardware and software documents are available for the Cisco Secure PIX Firewall  on CCO and the Documentation CD-ROM:

or Technical Documents>Documentation Home Page>Internet Service Unit>Cisco Secure PIX Firewall
  • On the Documentation CD-ROM: Cisco Product Documentation>Internet Service Unit>Cisco Secure PIX Firewall

Note Cisco Secure PIX Firewall Version 5.0 is supported on the Cisco Secure VPN Client Version 1.0. Cisco Secure PIX Firewall Versions 5.1 and later are supported on the Cisco Secure VPN Client Version 1.1. To avoid complications, make sure you have the compatible version of the Cisco Secure PIX Firewall installed.


Table 6: Cisco Secure PIX Firewall Documentation
Document Title Chapter Topics Customer Order Number

About This Manual
Introduction
Configuring the PIX Firewall
Advanced Configurations
Configuring IPSec
Configuration Examples
Command Reference
PIX 515 Configuration
Configuration Forms
Acronyms and Abbreviations
Configuring for MS-Exchange Use
Subnet Masking and Addressing

DOC-7810392

DOC-787134

System Requirements
New and Changed Information
Installation Notes
Limitations and Restrictions
Important Notes
Caveats
Related Documentation
Cisco Connection Online
Documentation CD-ROM

DOC-7810391

DOC-787133

About This Manual
Introduction
Installing a PIX Firewall
Installing Failover
Installing the PIX Firewall Syslog Server
Opening a PIX Firewall Chassis
Installing a Memory Upgrade
Installing a Circuit Board
Installing a DC Voltage
Installing the PIX Firewall Setup Wizard

DOC-7810394

DOC-787135

Agency Approvals
Directives Compliance
Safety Information
Related Documentation
Obtaining Documentation/Cisco Connection Online
Obtaining Technical Assistance/Documentation CD-ROM

DOC-7810397

About this Manual/About This Guide
Introduction
System Log Messages
Messages Listed by Severity Level

OL-0249

See CCO or Documentation CD-ROM


Access Router Documentation

These hardware and software documents are available for modular access routers  on CCO and the Documentation CD-ROM:

  • On CCO: Service & Support>Technical Documents>Documentation Home Page>Access Servers and Access Routers>Modular Access Routers

  • On the Documentation CD-ROM: Cisco Product Documentation>Access Servers and Access Routers>Modular Access Routers

Access Server Documentation

These hardware and software documents are available for access servers  on CCO and the Documentation CD-ROM:

  • On CCO: Service & Support>Technical Documents>Documentation Home Page>Access Servers and Access Routers>Access Servers

  • On the Documentation CD-ROM: Cisco Product Documentation>Access Servers and Access Routers>Access Servers

Core/High-End Router Documentation

These hardware and software documents are available for core/high-end routers  on CCO and the Documentation CD-ROM:

  • On CCO: Service & Support>Technical Documents>Documentation Home Page>Core/High-End Routers

  • On the Documentation CD-ROM: Cisco Product Documentation>Core/High-End Routers

Technology-Specific Documents

Technology-specific documents include internetworking solutions guides, data sheets, white papers, design implementation guides, technical tips, and product bulletins. The technology-specific documents in this section are specific to VPN. For additional technology-specific documents, refer to "Cisco IOS Software Documentation Set."

  • A list of the available Cisco VPN documentation is available at the following site:

http://www.cisco.com/warp/public/779/largeent/vpne/vpndocs/vpndoc.html
  • Sample configurations and technical tips are available at the following site:

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec&s=
Implementation_and_Configuration#Samples_%26_Tips
  • For additional information on configuring the VPN Client, refer to the following documents:

Feature Modules

Feature modules describe new features and are an update to the Cisco IOS software documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. The feature module information is incorporated in the next printing of the Cisco IOS software documentation set.

or Technical Documents>Documentation Home Page>Internet Service Unit>Cisco Security Features>Cisco IOS Release-Specific Security Features or Cisco IOS Technology-Specific Security Features
  • On the Documentation CD-ROM: Cisco Product Documentation>Internet Service Unit>Cisco Security Features>Cisco IOS Release-Specific Security Features or Cisco IOS Technology-Specific Security Features

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form on the Documentation CD-ROM---unless you specifically ordered the printed versions.

Each module in the Cisco IOS software documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. You can use each configuration guide in conjunction with its corresponding command reference.

On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.

Release 12.0 Documentation Set
or Technical Documents>Documentation Home Page>Cisco IOS Software Configuration>Cisco IOS Release 12.0>Configuration Guides and Command References
  • On the Documentation CD-ROM: Cisco Product Documentation>Cisco IOS Software Configuration>Cisco IOS Release 12.0>Configuration Guides and Command References


Table 7: Cisco IOS Release 12.0 Documentation Set
Document Title Chapter Topics Customer Order Number
  • Configuration Fundamentals Configuration Guide

  • Configuration Fundamentals Command Reference

Configuration Fundamentals Overview
Cisco IOS User Interfaces
File Management
System Management

DOC-785829

DOC-785830
  • Bridging and IBM Networking Configuration Guide

  • Bridging and IBM Networking Command Reference

Transparent Bridging
Source-Route Bridging
Token Ring Inter-Switch Link
Remote Source-Route Bridging
DLSw+
STUN and BSTUN
LLC2 and SDLC
IBM Network Media Translation
DSPU and SNA Service Point
SNA Frame Relay Access Support
APPN
Cisco Database Connection
NCIA Client/Server Topologies
Cisco Mainframe Channel Connection
Airline Product Set

DOC-785850

DOC-785851
  • Dial Solutions Configuration Guide

  • Dial Solutions Command Reference

X.25 over ISDN
Appletalk Remote Access
Asynchronous Callback, DDR, PPP, SLIP
Bandwidth Allocation Control Protocol
ISDN Basic Rate Service
ISDN Caller ID Callback
PPP Callback for DDR
Channelized E1 & T1
Dial Backup for Dialer Profiles
Dial Backup Using Dialer Watch
Dial Backup for Serial Lines
Peer-to-Peer DDR with Dialer Profiles
DialOut
Dial-In Terminal Services
Dial-on-Demand Routing (DDR)
Dial Backup
Dial-Out Modem Pooling
Large-Scale Dial Solutions
Cost-Control Solutions
Virtual Private Dialup Networks
Dial Business Solutions and Examples

DOC-785846

DOC-785847
  • Cisco IOS Interface Configuration Guide

  • Cisco IOS Interface Command Reference

Interface Configuration Overview
LAN Interfaces
Logical Interfaces
Serial Interfaces

DOC-785905

DOC-785906
  • Network Protocols Configuration Guide, Part 1

  • Network Protocols Command Reference, Part 1

IP Overview
IP Addressing and Services
IP Routing Protocols

DOC-785831

DOC-785834
  • Network Protocols Configuration Guide, Part 2

  • Network Protocols Command Reference, Part 2

AppleTalk
Novell IPX

DOC-785832

DOC-785835
  • Network Protocols Configuration Guide, Part 3

  • Network Protocols Command Reference, Part 3

Network Protocols Overview
Apollo Domain
Banyan VINES
DECnet
ISO CLNS
XNS

DOC-785833

DOC-785840
  • Security Configuration Guide

  • Security Command Reference

AAA Security Services
Security Server Protocols
Traffic Filtering and Firewalls
IP Security and Encryption
Passwords and Privileges
Neighbor Router Authentication
IP Security Options

DOC-785843

DOC-785845
  • Cisco IOS Switching Services Configuration Guide

  • Cisco IOS Switching Services Command Reference

Switching Services
Switching Paths for IP Networks
Virtual LAN (VLAN) Switching and Routing

DOC-785848

DOC-785849
  • Wide-Area Networking Configuration Guide

  • Wide-Area Networking Command Reference

Wide-Area Network Overview
ATM
Frame Relay
SMDS
X.25 and LAPB

DOC-785838

DOC-785839
  • Voice, Video, and Home Applications Configuration Guide

  • Voice, Video, and Home Applications Command Reference

Voice over IP
Voice over Frame Relay
Voice over ATM
Voice over HDLC
Frame Relay-ATM Internetworking
Synchronized Clocks
Video Support
Universal Broadband Features

DOC-785854

DOC-785855
  • Quality of Service Solutions Configuration Guide

  • Quality of Service Solutions Command Reference

Policy-Based Routing
QoS Policy Propagation via BGP
Committed Access Rate
Weighted Fair Queueing
Custom Queueing
Priority Queueing
Weighted Random
Early Detection
Scheduling
Signaling
RSVP
Packet Drop
Frame Relay Traffic Shaping
Link Fragmentation
RTP Header Compression

DOC-785852

DOC-785853
  • Cisco IOS Software Command Summary

  • Dial Solutions Quick Configuration Guide

  • System Error Messages

  • Debug Command Reference

 

DOC-785859

DOC-785894

DOC-785860

DOC-785858


Release 12.1 Documentation Set
or Technical Documents>Documentation Home Page>Cisco IOS Software Configuration>Cisco IOS Release 12.1
  • On the Documentation CD-ROM: Cisco Product Documentation>Cisco IOS Software Configuration>Cisco IOS Release 12.1


Table 8: Cisco IOS Release 12.1 Documentation Set
Document Title Chapter Topics Customer Order Number
  • Cisco IOS Configuration Fundamentals Configuration Guide

  • Cisco IOS Configuration Fundamentals Command Reference

Configuration Fundamentals Overview
Using the Command-Line Interface
Using Configuration Tools
Configuring Operating Characteristics
Managing Connections, Menus, and System Banners
Using the Cisco Web Browser
Using the Cisco IOS File System
Modifying, Downloading, and Maintaining Configuration Files
Loading and Maintaining System Images
Maintaining Router Memory
Rebooting a Router
Configuring Additional File Transfer Functions
Monitoring the Router and Network
Troubleshooting a Router
Performing Basic System Management
System Management Using System Controllers
Web Scaling Using WCCP
Managing Dial Shelves

DOC-7810222

DOC-7810223
  • Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Configuration Guide

  • Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Command Reference

Overview of Apollo Domain, Banyan VINES, DECnet, ISO
     CLNS, and XNS
Configuring Apollo Domain
Configuring Banyan VINES
Configuring DECnet
Configuring ISO CLNS
Configuring XNS

DOC-7810241

DOC-7810245
  • Cisco IOS AppleTalk and Novell IPX Configuration Guide

  • Cisco IOS AppleTalk and Novell IPX Command Reference

AppleTalk and Novel IPX Overview
Configuring AppleTalk
Configuring Novell IPX

DOC-7810240

DOC-7810267
  • Cisco IOS Bridging and IBM Networking Configuration Guide

  • Cisco IOS Bridging and IBM Networking Command Reference, Volume I

  • Cisco IOS Bridging and IBM Networking Command Reference, Volume II

Overview of SNA Internetworking
Overview of Bridging
Configuring Transparent Bridging
Configuring Source-Route Bridging
Configuring Token Ring Inter-Switch Link
Configuring Token Ring Route Switch Module
Overview of IBM Networking
Configuring Remote Source-Route Bridging
Configuring Data-Link Switching Plus+
Configuring Serial Tunnel and Block Serial Tunnel
Configuring LLC2 and SDLC Parameters
Configuring IBM Network Media Translation
Configuring Frame Relay Access Support
Configuring NCIA Server
Configuring the Airline Product Set
Configuring DSPU and SNA Service Point Support
Configuring SNA Switching Services
Configuring Cisco Transaction Connection
Configuring Cisco Mainframe Channel Connection Adapters
Configuring CLAW and TCP/IP Offload Support
Configuring CMPC and CSNA
Configuring CMPC+
Configuring the TN3270 Server

DOC-7810256

DOC-7810257

DOC-7810520
  • Cisco IOS Dial Services Configuration Guide: Terminal Services

  • Cisco IOS Dial Services Configuration Guide: Network Services

  • Cisco IOS Dial Services Command Reference

Large-Scale Dial Solutions
Cost-Control Solutions
Virtual Private Networks
X.25 on ISDN Solutions
Telco Solutions
Dial-Related Addressing Services
Internetworking Dial Access Scenarios
Preparing for Dial Access
Modem Configuration and Management
ISDN and Signalling Configuration
PPP Configuration
Dial-on-Demand Routing Configuration
Dial-Backup Configuration
Terminal Service Configuration

DOC-7810251

DOC-7810252

DOC-7810253
  • Cisco IOS Interface Configuration Guide

  • Cisco IOS Interface Command Guide

Interface Configuration Overview
Configuring LAN Interfaces
Configuring Serial Interfaces
Configuring Logical Interfaces

DOC-7810224

DOC-7810238
  • Cisco IOS IP and IP Routing Configuration Guide

  • Cisco IOS IP and IP Routing Command Reference

IP Overview
Configuring IP Addressing
Configuring DHCP
Configuring IP Services
Configuring Mobile IP
Configuring On-Demand Routing
Configuring RIP
Configuring IGRP
Configuring OSPF
Configuring IP Enhanced IGRP
Configuring Integrated IS-IS
Configuring BGP
Configuring Multicast BGP (MBGP)
Configuring IP Routing Protocol-Independent Features
Configuring IP Multicast Routing
Configuring Multicast Source Discovery Protocol
Configuring PGM Router Assist
Configuring Unidirectional Link Routing
Using IP Multicast Tools

DOC-7810592

DOC-7810239
  • Cisco IOS Multiservice Applications Configuration Guide

  • Cisco IOS Multiservice Applications Command Reference

Multiservice Applications Overview
Configuring Voice over IP
Configuring Gatekeepers (Multimedia Conference Manager)
Configuring Voice over Frame Relay
Configuring Voice over ATM
Configuring Voice over HDLC
Configuring Voice-Related Support Features
Configuring PBX Signalling
Configuring Store and Forward Fax
Configuring Video Support
Configuring Head-End Broadband Access Router Features
Configuring Subscriber-End Broadband Access Router
     Features
Configuring Synchronized Clocking

DOC-7810258

DOC-7810259
  • Cisco IOS Quality of Service Solutions Configuration Guide

  • Cisco IOS Quality of Service Solutions Command Reference

Quality of Service Overview
Classification Overview
Configuring Policy-Based Routing
Configuring QoS Policy Propagation via Border Gateway
     Protocol
Configuring Committed Access Rate
Congestion Management Overview
Configured Weighted Fair Queueing
Configuring Custom Queueing
Configuring Priority Queueing
Congestion Avoidance Overview
Configuring Weighted Random Early Detection
Policing and Shaping Overview
Configuring Generic Traffic Shaping
Configuring Frame Relay and Frame Relay Traffic Shaping
Signalling Overview
Configuring RSVP
Configuring Subnetwork Bandwidth Manager
Configuring RSVP-ATM Quality of Service Interworking
Link Efficiency Mechanisms Overview
Configuring Link Fragmentation and Interleaving for Multilink
     PPP
Configuring Compressed Real-Time Protocol
IP to ATM CoS Overview
Configuring IP to ATM CoS
QoS Features for Voice Introduction

DOC-7810260

DOC-7810261
  • Cisco IOS Security Configuration Guide

  • Cisco IOS Security Command Reference

Security Overview
AAA Overview
Configuring Authentication
Configuring Authorization
Configuring Accounting
Configuring RADIUS
Configuring TACACS+
Configuring Kerberos
RADIUS Commands
TACACS+ Commands
Access Control Lists: Overview and Guidelines
Cisco Secure Integrated Software Firewall Overview
Configuring Lock-and-Key Security (Dynamic Access Lists)
Configuring IP Session Filtering (Reflexive Access Lists)
Configuring TCP Intercept (Prevent Denial-of-Service
     Attacks)
Configuring Context-Based Access Control
Configuring Cisco Secure Integrated Software Intrusion
     Detection System
Configuring Authentication Proxy
Configuring Port to Application Mapping
IP Security and Encryption Overview
Configuring IPSec Network Security
Configuring Certification Authority Interoperability
Configuring Internet Key Exchange Security Protocol
Configuring Passwords and Privileges
Neighbor Router Authentication: Overview and Guidelines
Configuring IP Security Options

DOC-7810248

DOC-7810249
  • Cisco IOS Switching Services Configuration Guide

  • Cisco IOS Switching Services Command Reference

Cisco IOS Switching Services Overview
Switching Paths Overview
Configuring Switching Paths
Cisco Express Forwarding Overview
Configuring Cisco Express Forwarding
NetFlow Switching Overview
Configuring NetFlow Switching
MPLS Overview
Configuring MPLS
Configuring IP Multilayer Switching
Configuring IP Multicast Multilayer Switching
Configuring IPX Multilayer Switching
Configuring Multicast Distributed Switching
Routing Between VLANs Overview
Configuring Routing Between VLANs with ISL Encapsulation
Configuring Routing Between VLANs with IEEE 802.10
     Encapsulation
Configuring Routing Between VLANs with IEEE 802.1Q      Encapsulation
LAN Emulation Overview
Configuring LAN Emulation
Configuring Token Ring LANE
MPOA Overview
Configuring the MPOA Client
Configuring the MPOA Server
Configuring Token Ring LANE for MPOA

DOC-7810254

DOC-7810255
  • Cisco IOS Wide-Area Networking Configuration Guide

  • Cisco IOS Wide-Area Networking Command Reference

Wide-Area Networking Overview
Configuring ATM
Frame Relay
Frame Relay-ATM Interworking
Configuring SMDS
Configuring X.25 and LAPB

DOC-7810246

DOC-7810247
  • Cisco IOS Configuration Guide Master Index

  • Cisco IOS Command Reference Master Index

  • Cisco IOS Command Summary

  • Cisco IOS Debug Command Reference

  • Cisco IOS Dial Services Quick Configuration Guide

  • Cisco IOS System Error Messages

 

DOC-7810242

DOC-7810266

DOC-7810262

DOC-7810265

DOC-7810263


Conventions

Command Conventions

Command descriptions use the following conventions:

Convention Description

Click Window1>Window2>Window3

The > symbol represents a direction in which you are to navigate from one window to the next, using your mouse to click the windows in the order from first to last.

boldface font

Commands, keywords, menus, menu items, and options are in boldface.

italic font

Arguments or terms for which you supply values are in italics.

[   ]

Elements in square brackets are optional.

{x | y | z}

Alternative keywords are grouped in braces and separated by vertical bars.

[x | y | z]

Optional alternative keywords are grouped in brackets and separated by vertical bars.

string

A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.

screen font

Terminal sessions and information the system displays are in screen font.

boldface screen font

Information you must type is in boldface screen font.Terminal sessions and console screens are in this font.

^

The symbol ^ represents the key labeled Control---for example, the key combination ^D in a screen display means hold down the Control key while you press the D key.

<   >

Nonprinting characters, such as passwords, are in angle brackets.

[   ]

Default responses to system prompts are in square brackets.

!, #

An exclamation point ( ! ) or a pound sign ( # ) at the beginning of a line of code indicates a comment line.


Note Means reader take note. Notes contain helpful suggestions or reference to material not contained in this manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss.

Document Conventions


Figure 1: Commonly Used Graphical User Interface Conventions



Figure 2: Commonly Used Images


Note Throughout this guide, there are numerous configuration examples that include unusable IP addresses, passwords, and public key examples. Be sure to use your own IP addresses, passwords, and public keys when configuring your VPN Clients and gateway.
Note The Cisco Secure VPN Client is also referenced as SafeNet/Soft-PK throughout this guide and in the software. Also, the SafeNet icon appears as the graphical user interface icon in the Windows taskbar. Unless the taskbar is changed, this icon appears in lower right corner of the screen.
Note For brevity, the Cisco Secure VPN Client is referred to as the generic term VPN Client throughout this guide. A Cisco IOS router or Cisco Secure PIX Firewall is referred to as the generic term gateway throughout this guide.
Note Throughout this guide, the standard pre-shared key authentication method is called pre-shared keys. Also, the wildcard pre-shared key authentication method is called wildcard pre-shared key. Unless otherwise specified, the single term pre-shared keys may apply to both pre-shared keys and wildcard pre-shared keys.
Note For a listing and description of the terms frequently used in this guide, refer to the "Glossary" at the end of this guide.

Obtaining Documentation

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.

Ordering Documentation

Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/pcgi-bin/subcat/kaojump.cgi.

Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).

Obtaining Technical Assistance

Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed docs, or by sending mail to Cisco.

Cisco Connection Online

Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.

CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.

Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.

You can access CCO in the following ways:

  • WWW: www.cisco.com

  • Telnet: cco.cisco.com

  • Modem using standard connection rates and the following terminal settings: VT100 emulation; 8 data bits; no parity; and 1 stop bit.

    • From North America, call 408 526-8070

    • From Europe, call 33 1 64 46 40 82

You can e-mail questions about using CCO to cco-team@cisco.com.

Technical Assistance Center

The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.

To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.

To contact by e-mail, use one of the following:

Language E-mail Address

English

tac@cisco.com

Hanzi (Chinese)

chinese-tac@cisco.com

Kanji (Japanese)

japan-tac@cisco.com

Hangul (Korean)

korea-tac@cisco.com

Spanish

tac@cisco.com

Thai

thai-tac@cisco.com


In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.

Documentation Feedback

If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:

Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate and value your comments.