Cisco SA-ISA - Manual

iv Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Audience Note To ensure compliance with U.S. export laws and regulations, and to prevent problem s later on, see the “Com pliance with U.S. Export Laws and Regulations Regarding Encrypt...

v Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Document Organization Document Organization This document contains the following chapters: Document Conventions Comm and descriptions use the following conventions: Screen examples use t...

vii Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Terms and Acronyms Terms and Acronyms To fully unders tand the content of this user guide, you should be familiar with the following terms and acronym s: • DCE —data communications equ...

viii Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Related Documentation • DTE— data terminal equipment • EPROM—erasable programm able read-only memory • EEPROM—electrically erasable programmable read-only memory • GB— gigabit • GBIC—...

ix Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Related Documentation • For configuration inform ation and support, refer to the m odular configuration and modular command reference publications in the Cisco IOS software configuratio...

x Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Obtaining Documentation – Cisco IOS Release 12.0 Security Configuration Guide – Cisco IOS Release 12.0 Security Command R eference – Cisco IOS Quality of Service Solutions Configuration ...

xi Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Obtaining Documentation International Cisco web sites can be accessed from this URL: http://www.cisco.com /public/countries_languages.shtml Documentation CD-ROM Cisco docum entation and...

xii Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Obtaining Technical Assistance Obtaining Technical Assistance Cisco provides Cisco.com, which includes the Cisco Technical As sistance Center (TAC) Website, as a starting point for all...

xiii Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Obtaining Additional Publications and Information All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical s upport resourc...

xiv Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Preface Obtaining Additional Publications and Information • Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in the design, de...

C H A P T E R 1-1 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 1 Overview This chapter describes the ISA and the ISM and contains the following sections: • ISA and ISM Overview, page 1-1 • Data Encryption Overview, page 1-2 • Features, page ...

1-2 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 1 Overview Data Encryption Overview Note The Cisco 7100 series VPN routers do not support ISM and ISA in the same chassis. The Cisco 7100 series routers do not support online insertion...

1-3 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 1 Overview Features • CA— In addition, Certificate Authority (CA) interoperability is provided in support of the IPSec standard, using Certificate Enrollment Protocol (CE P). CE P perm...

1-4 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 1 Overview Port Adapter Slot Locations on the Supported Platforms Port Adapter Slot Locations on the Supported Platforms This section discusses port adapter s lot locations on the supp...

1-5 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 1 Overview Port Adapter Slot Locations on the Supported Platforms Note The Cisco 7100 series VPN routers do not support an ISM and an ISA in the same chassis. Figure 1-1 Service Module...

1-6 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 1 Overview LEDs Figure 1-3 Port Adapter Slots in the Cisco 7206 LEDs The ISA has three LE Ds , as shown in Figure 1-4 . Table 1-2 lis ts the colors and functions of the ISA LEDs. Note ...

1-7 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 1 Overview LEDs Figure 1-4 ISA Front Panel LEDs (SA-ISA shown) The following conditions must all be met before the enabled L ED goes on: • The ISA is correctly connected to the backpla...

C H A P T E R 2-1 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 2 Preparing for Installation This chapter describes the general equipment, safety, and site preparation requirements for installing the ISA and the ISM. This chapter contains the...

2-2 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 2 Preparing for Installation Software and Hardware Requirements and Compatibility Note The Cisco IOS Release 12.1 Mainline does not support the ISA/ISM. Software Compatibility To check...

2-3 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 2 Preparing for Installation Safety Guidelines • If ISA and VAM are in the chassis at system bootup, and the encryption mppe comm and is in the router’s running configuration, then bot...

2-5 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 2 Preparing for Installation Safety Guidelines . Electrical Equipment Guidelines Follow these basic guidelines when working with any electrical equipment: • Before beginning any proced...

C H A P T E R 3-1 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 3 Removing and Installing the ISA and the ISM This chapter describes how to remove the ISA or ISM from supported platforms and also how to install a new or replacement ISA or ISM...

3-2 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 3 Removing and Installing the ISA and the ISM Online Insertion and Removal Figure 3-1 Handling the ISM Figure 3-2 Handling the ISA Online Insertion and Removal Several platforms suppor...

3-3 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 3 Removing and Installing the ISA and the ISM Warnings and Cautions Each module has a bus connector that connects it to the router. The connector has a set of tiered pins in three leng...

3-4 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 3 Removing and Installing the ISA and the ISM ISA or ISM Removal and Installation ISA or ISM Removal and Installation In this section, the illustrations that follow give step-by-step i...

3-5 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 3 Removing and Installing the ISA and the ISM ISA or ISM Removal and Installation Cisco 7100 Series—Removing and Installing the ISM 29332 Step 1 To remove the ISM, use a number 2 Phill...

3-6 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 3 Removing and Installing the ISA and the ISM ISA or ISM Removal and Installation Cisco 7200 Series—Removing and Installing the ISA Step 1 To remove the service adapter, place the port...

4-2 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 4 Configuring the ISA and ISM Using the EXEC Command Interpreter Configuring IPSec requires privileged-level access to the EXE C com mand interpreter. Also, privileged-level access usu...

4-3 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 4 Configuring the ISA and ISM Configuring IKE Use the ppp encrypt mppe{auto | 40 | 128} [passive | required] [stateful] command in interface configuration m ode to enable MPPE on the v...

4-4 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 4 Configuring the ISA and ISM Configuring IPSec Configuring IPSec After you have completed IKE configuration, configure IPSec at each participating IPSec peer. This section contains ba...

4-5 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 4 Configuring the ISA and ISM Configuring IPSec Later, you will associate the crypto access lists to particular interfaces when you configure and apply crypto map sets to the interface...

4-7 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 4 Configuring the ISA and ISM Creating Crypto Maps Table 4-1 shows allowed transform combinations. Creating Crypto Maps Crypto map entries created for IPSec pull together the various e...

4-9 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 4 Configuring the ISA and ISM Applying Crypto Maps to Interfaces Applying Crypto Maps to Interfaces You need to apply a crypto m ap set to each interface through which IPSec traffic fl...

4-10 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 4 Configuring the ISA and ISM Verifying Configuration To clear (and reinitialize) IPSec security associations, use one of the following commands in global configuration m ode: To view...

4-12 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 4 Configuring the ISA and ISM IPSec Example outbound esp sas: spi: 0x20890A6F(545852015) transform: esp-des esp-md5-hmac, in use settings ={Tunnel,} slot: 0, conn id: 27, crypto map: ...

4-13 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 Chapter 4 Configuring the ISA and ISM IPSec Example Note In the above exam ple, the encryption DES of policy 15 would not appear in the written configuration because this is the default value...

IN-1 Integrated Services Adapter and Integrated Services Module Installation and Configuration OL-3575-01 B0 I N D E X A access-list (encryption) com mand 4-5 access lists See also IPSec, crypto access lists acronyms list of vii C cache memory viii clear crypto sa com mand 4-10 crypto ips ec trans f...