Table of Contents
Preface
This guide describes Cisco-supported configurations for IP-based extranet Virtual Private Networks (VPNs) for an IP Security Protocol (IPSec) tunnel between a Cisco Secure VPN Client (VPN Client) and a Cisco IOS router or Cisco Secure PIX Firewall (gateway). The VPN Client acts as an IPSec peer that uses Internet Key Exchange (IKE) protocol and IPSec to negotiate, then establish an encrypted tunnel to another IPSec peer. Each configuration can consist of various Cisco IOS IPSec features including manual configuration, dynamic IP addressing, pre-shared keys, wildcard pre-shared keys, and digital certification.
This preface contains the following sections:
This guide does not cover every available feature for the Cisco Secure VPN Client; it is not intended to be a comprehensive VPN configuration guide. Instead, this guide simply describes the Cisco-supported configurations for VPNs using the Cisco Secure VPN Client.
The business scenarios introduced in this guide include specific tasks and configuration examples. The examples are the recommended methods for configuring the specified tasks. Although they are typically the easiest or the most straightforward method, they are not the only methods of configuring the tasks.
This solutions guide often refers to device-specific administrators, which can consist of any combination of the following audiences:
- Network administrators who are responsible for defining network security policies and distributing them to the end users within their organization
- System administrators who are responsible for installing and configuring internetworking equipment, are familiar with the fundamentals of router-based internetworking, and who are familiar with Cisco IOS software and Cisco products
- System administrators who are familiar with the fundamentals of router-based internetworking and who are responsible for installing and configuring internetworking equipment, but who might not be familiar with the specifics of Cisco products or the routing protocols supported by Cisco products
- Customers with technical networking background and experience
The following is new or changed information since the last release of the Cisco Secure VPN Client solutions guide:
- For the latest system requirements, feature and version specifications, sample VPN configurations, technical tips, and product bulletins for IPSec and the Cisco Secure VPN Client, this information will be maintained ongoing at the following URLs:
- http://www.cisco.com/warp/public/700/tech_configs.html#SECURITY
- or Service & Support>Technical Assistance Center>Documents>Sample Configurations>Security
- Sample configurations and technical tips are available for registered users on CCO:
- http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec&s=
Implementation_and_Configuration#Samples_%26_Tips
- or Service & Support>Technical Assistance Center>Technologies>IP Security (IPSec)
- Product literature is available for both non-registered and registered users on CCO:
- http://www.cisco.com/warp/public/cc/cisco/mkt/security/vpncli/prodlit/
- or Products & Technologies>Cisco Secure>Security Products and Technologies>Cisco Secure VPN Client>Product Literature
- A chapter titled "Case Study for Layer 3 Authentication and Encryption" has been added. This chapter provides a case study overview, a description of encryption and authentication features, site profile characteristics, and basic configuration tasks of IPSec tunneling between a VPN Client and a gateway.
- All chapters titled "Using..." have been changed to "Configuring..."
- All chapters previously documented as individual business cases are now configuring tasks, which can exist as standalone or combined tasks in the business case, "Case Study for Layer 3 Authentication and Encryption."
- A chapter titled "Configuring Manual Configuration" has been added. This chapter describes how to configure a static IP address on your VPN Client.
- The chapter titled "Configuring Dynamic IP Addressing" has been modified to include illustrations of how this feature works, and protocol negotiation sequence.
- A chapter titled "Configuring a Pre-Shared Key or Wildcard Pre-Shared Key" has been added. This chapter describes how to configure a pre-shared key to authenticate a VPN Client or how to configure a wildcard pre-shared key to authenticate a pool of VPN Clients.
- The chapter on Entrust digital certificates has moved to the appendix titled "Configuring Entrust Digital Certificates."
- An appendix titled "Configuring Microsoft Certificate Services" has been added.
- The chapter on VeriSign digital certificates has moved to the appendix titled "Configuring VeriSign Digital Certificates."
The major elements of this guide are as follows:
Most chapters in this solutions guide focus on configuring possible features within one business case, "Case Study for Layer 3 Authentication and Encryption." This business case explains the basic tasks for configuring an extranet VPN using a VPN Client to initiate an IPSec tunnel to the gateway of an enterprise network.
The following sections describe the documentation available for the Cisco Secure VPN Client. Documentation is available as printed manuals and/or electronic documents.
Use this solutions guide with these documents:
 |
Note This document is not a comprehensive guide to all VPNs. The following aspects of VPN configuration are not covered in this guide: NAS-initiated VPNs (Internet service provider VPN solutions), Cisco IOS software configuration, Cisco IOS router or access server installation and configuration. |
Product-specific documents in this section include software that is a part of the Cisco Secure product family. These products include, but are not limited to, the following:
These software documents are available for the Cisco Secure Policy Manager on CCO and the Documentation CD-ROM:
- or Service & Support>Technical Documents>Documentation Home Page>Internet Services Management Group>Cisco Secure Policy Manager
- On the Documentation CD-ROM: Cisco Product Documentation>Internet Services Management Group>Cisco Secure Policy Manager
|
Note Cisco Secure Policy Manager Version 2.0 is supported on the Cisco Secure VPN Client Version 1.0, but is not interoperable with Cisco Secure VPN Client Version 1.1. To avoid complications, make sure you have the compatible version of the Cisco Secure Policy Manager installed. |
Table 2: Cisco Secure Policy Manager 2.0 Documentation
| Document Titles
| Chapter Topics
| Customer Order Number
|
|---|
Configuring Cisco Secure Policy Manager
| Getting Started
Representing Your Network
Populating the Network Topology Tree
Configuring the Device-Specific Settings of Network
Objects
Configuring Monitoring and Reporting
Working With Security Policies
Generating, Verifying, and Publishing Command Sets
Maintaining Cisco Secure Policy Manager
| DOC-7810296
|
Installation Guide
| Preface
Planning Your Installation
Installation Procedures
Meeting the Prerequisites
Working with Cisco Secure Policy Manager
| DOC-786782
|
IPSec Tunnel Implementation
| IPSec Tunnels
Authentication Server Panel
IPSec Tunnel Templates
IPSec Tunnel Groups
Configuring Policy Enforcement Points
IPSec Tunnel Policy
| OL-0426
|
Network Topology Definition
| Understanding the Network Topology Tree
Guidelines and Techniques for Defining Your Network Topology
Representing Your Network Topology
Populating the Network Topology Tree
Configuring the Global Policy Override Settings for Policy Enforcement Points
Configuring Administrative Control Communications
Defining Traffic Flows and Shaping Rules
| OL-0426
|
Upgrade Notes
| Introduction
System Requirements
Upgrade the License
Where To Go Next
Related Documentation
Obtaining Documentation
Obtaining Technical Assistance
| DOC-786808
|
Release Notes for Cisco Secure Policy
Manager Version 2.0
| Introduction
Features and Functionality Changes
System Requirements
Installation Notes
Limitations and Restrictions
Caveats
Related Documentation
Obtaining Documentation
Obtaining Technical Assistance
| DOC-786781
|
These software documents are available for the Cisco Secure VPN Client are on CCO and the Documentation CD-ROM:
- or Service & Support>Technical Documents>Documentation Home Page>Internet Service Unit Documentation>Cisco Secure VPN Client
- On the Documentation CD-ROM: Cisco Product Documentation>Internet Service Unit Documentation>Cisco Secure VPN Client
Table 3: Cisco Secure VPN Client Documentation
| Document Titles
| Chapter Topics
| Customer Order Number
|
|---|
|
| Audience
System Requirements
Installing Cisco Secure VPN Client
Roles in Cisco Secure VPN Client Operation
Additional Information
Configuring a Custom Installation
Obtaining Documentation
Ordering Documentation
Obtaining Technical Assistance
Documentation Feedback
| DOC-786898
for Version 1.0
DOC-7810787
for Version 1.1
|
|
| Introduction
System Requirements
Network Requirements
Installation Notes
Limitations and Restrictions
Important Notes
Caveats
Related Documentation
Cisco Connection Online
Documentation CD-ROM
| DOC-786929 for Versions 1.0/1.0a
OL-0458 for Version 1.1
|
Cisco Secure VPN Client Solutions Guide
| Preface
Access VPNs and IP Security Protocol Tunneling Technology Overview
Case Study for Layer 3 Authentication and Encryption
Configuring Manual Configuration
Configuring Dynamic IP Addressing
Configuring Pre-shared Key or Wildcard Pre-shared Key
Configuring Digital Certification
Configuring Entrust Digital Certification
Configuring Microsoft Certificate Services
Configuring VeriSign Digital Certification
Glossary
| OL-0259
|
Platform-specific documents include documents that are related to specific hardware platforms. A hardware platform is grouped as a set of models, or a series.
This section includes platform-specific documents, as follows:
These hardware and software documents are available for the Cisco 1720 VPN routers on CCO and the Documentation CD-ROM:
- or Service & Support>Technical Documents>Documentation Home Page>Access Servers and Access Routers>Modular Access Routers>Cisco 1720 Router
- On the Documentation CD-ROM: Cisco Product Documentation>Access Servers and Access Routers>Modular Access Routers>Cisco 1720 Router
Table 4: Cisco 1720 VPN Router Documentation
| Document Title
| Chapter Topics
| Customer Order Number
|
|---|
Cisco 1700 Series Quick Start Guide
| Unpack the Box
Install the Router
Verify the Installation
| DOC-785406
|
Cisco 1720 Router Release Notes,
| Early Deployment Releases
System Requirements
New and Changed Information
Limitations and Restrictions
Important Notes
Caveats
Related Documentation
Obtaining Documentation
Obtaining Technical Assistance
| DOC-786238 for
Release 12.0
DOC-7810842 for
Release 12.1 T
|
Cisco 1720 Router Hardware Installation Guide
| About This Guide
Overview of the Cisco 1700 Router
Installing the Cisco 1700 Router
Troubleshooting the Cisco 1700 Router
Cisco 1700 Technical Specifications
Cable Pinouts and Cabling Guidelines
Installing and Upgrading Memory in the Cisco 1700 Router
Ordering and Configuring an ISDN Line
| DOC-785405
|
Cisco 1720 Software Configuration Guide
| About This Guide
Introduction to Configuring the Cisco 1700 Router
Cisco IOS Software Skills
Configuring a Leased Line
Configuring Frame Relay
Configuring ISDN
Configuring Asynchronous Connections
Configuring X.25
ROM Monitor Software
Networking Concepts for the Cisco 1700 Router
| DOC-785407
|
Regulatory Compliance and Safety Information for Cisco 1600 Routers and Cisco 1700 Routers
| Electro-Magnetic Compatibility Compliance
Operating Conditions for Canada
Operating Conditions for the European Community
Operating Conditions for the United Kingdom
Agency Approvals
Declaration of Conformity
Conformit Europenne Marking Directive
Translated Safety Warnings
| DOC-786739
|
Cisco 1700 Series Configuration Notes
| See CCO or Documentation CD-ROM
| DOC-785977
|
These hardware and software documents are available for the Cisco 7100 series routers on CCO and the Documentation CD-ROM:
- or Service & Support>Technical Documents>Documentation Home Page>Core/High-End Routers>Cisco 7100
- On the Documentation CD-ROM: Cisco Product Documentation>Core/High-End Routers>Cisco 7100
Table 5: Cisco 7100 VPN Router Documentation
| Document Title
| Chapter Topics
| Customer Order Number
|
|---|
Cisco 7100 Series Quick Start Guide
| Prepare for Installation
Rack-Mount the Router
Connect the Router to the Network
Connect the Power
Start the System
| DOC-786343
|
Cisco 7000 Family Routers Release Notes
| System Requirements
New and Changed Information
Important Notes
Caveats
Related Documentation
Service and Support
Cisco Connection Online
Documentation CD-ROM
| DOC-786055 for
Release 12.0 T
DOC-7810811 for
Release 12.1 T
|
Cisco 7100 Series Installation and Configuration Guide
| Preface
Cisco 7100 Series Product Overview
Preparing for Installation
Installing Cisco 7100 Series Routers
Performing a Basic Startup Configuration
Troubleshooting the Installation
Modular Port Adapter Configuration Guidelines
System Specifications
Cable Specifications
| DOC-786341
|
Cisco 7100 Series VPN Configuration Guide
| Preface
Using Cisco IOS Software
Before You Begin
Intranet and Extranet VPN Business Scenarios
Remote Access VPN Business Scenario
| DOC-786342
|
Regulatory Compliance and Safety Information for Cisco 7100 Series VPN Routers
| If You Need More Information
Cisco 7100 Series Overview
Compliance with U.S. Export Laws and Regulations
Regarding Encryption
Standards Compliance
Installation Requirements
Safety Information
Translated Safety Warnings
Cisco Connection Online
Documentation CD-ROM
| DOC-786345
|
Port and Service Adapters
| See CCO or Documentation CD-ROM
| See CCO or Documentation CD-ROM
|
Field Replaceable Units
| Using the Flash Disk
Installing and Removing the Power Supply in Cisco 7100 Series Routers
Installing Field-Replaceable Units
Installing and Removing the Boot ROM in Cisco 7100 Using the Flash Disk
| See CCO or Documentation CD-ROM
|
These hardware and software documents are available for the Cisco Secure PIX Firewall on CCO and the Documentation CD-ROM:
- or Technical Documents>Documentation Home Page>Internet Service Unit>Cisco Secure PIX Firewall
- On the Documentation CD-ROM: Cisco Product Documentation>Internet Service Unit>Cisco Secure PIX Firewall
|
Note Cisco Secure PIX Firewall Version 5.0 is supported on the Cisco Secure VPN Client Version 1.0. Cisco Secure PIX Firewall Versions 5.1 and later are supported on the Cisco Secure VPN Client Version 1.1. To avoid complications, make sure you have the compatible version of the Cisco Secure PIX Firewall installed. |
Table 6: Cisco Secure PIX Firewall Documentation
| Document Title
| Chapter Topics
| Customer Order Number
|
|---|
|
| About This Manual
Introduction
Configuring the PIX Firewall
Advanced Configurations
Configuring IPSec
Configuration Examples
Command Reference
PIX 515 Configuration
Configuration Forms
Acronyms and Abbreviations
Configuring for MS-Exchange Use
Subnet Masking and Addressing
| DOC-7810392
DOC-787134
|
|
| System Requirements
New and Changed Information
Installation Notes
Limitations and Restrictions
Important Notes
Caveats
Related Documentation
Cisco Connection Online
Documentation CD-ROM
| DOC-7810391
DOC-787133
|
|
| About This Manual
Introduction
Installing a PIX Firewall
Installing Failover
Installing the PIX Firewall Syslog Server
Opening a PIX Firewall Chassis
Installing a Memory Upgrade
Installing a Circuit Board
Installing a DC Voltage
Installing the PIX Firewall Setup Wizard
| DOC-7810394
DOC-787135
|
|
| Agency Approvals
Directives Compliance
Safety Information
Related Documentation
Obtaining Documentation/Cisco Connection Online
Obtaining Technical Assistance/Documentation CD-ROM
| DOC-7810397
|
|
| About this Manual/About This Guide
Introduction
System Log Messages
Messages Listed by Severity Level
| OL-0249
See CCO or Documentation CD-ROM
|
These hardware and software documents are available for modular access routers on CCO and the Documentation CD-ROM:
- On CCO: Service & Support>Technical Documents>Documentation Home Page>Access Servers and Access Routers>Modular Access Routers
- On the Documentation CD-ROM: Cisco Product Documentation>Access Servers and Access Routers>Modular Access Routers
These hardware and software documents are available for access servers on CCO and the Documentation CD-ROM:
- On CCO: Service & Support>Technical Documents>Documentation Home Page>Access Servers and Access Routers>Access Servers
- On the Documentation CD-ROM: Cisco Product Documentation>Access Servers and Access Routers>Access Servers
These hardware and software documents are available for core/high-end routers on CCO and the Documentation CD-ROM:
- On CCO: Service & Support>Technical Documents>Documentation Home Page>Core/High-End Routers
- On the Documentation CD-ROM: Cisco Product Documentation>Core/High-End Routers
Technology-specific documents include internetworking solutions guides, data sheets, white papers, design implementation guides, technical tips, and product bulletins. The technology-specific documents in this section are specific to VPN. For additional technology-specific documents, refer to "Cisco IOS Software Documentation Set."
- A list of the available Cisco VPN documentation is available at the following site:
- http://www.cisco.com/warp/public/779/largeent/vpne/vpndocs/vpndoc.html
- Sample configurations and technical tips are available at the following site:
- http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec&s=
Implementation_and_Configuration#Samples_%26_Tips
- For additional information on configuring the VPN Client, refer to the following documents:
Feature modules describe new features and are an update to the Cisco IOS software documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. The feature module information is incorporated in the next printing of the Cisco IOS software documentation set.
- or Technical Documents>Documentation Home Page>Internet Service Unit>Cisco Security Features>Cisco IOS Release-Specific Security Features or Cisco IOS Technology-Specific Security Features
- On the Documentation CD-ROM: Cisco Product Documentation>Internet Service Unit>Cisco Security Features>Cisco IOS Release-Specific Security Features or Cisco IOS Technology-Specific Security Features
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form on the Documentation CD-ROM---unless you specifically ordered the printed versions.
Each module in the Cisco IOS software documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. You can use each configuration guide in conjunction with its corresponding command reference.
On CCO and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.
- or Technical Documents>Documentation Home Page>Cisco IOS Software Configuration>Cisco IOS Release 12.0>Configuration Guides and Command References
- On the Documentation CD-ROM: Cisco Product Documentation>Cisco IOS Software Configuration>Cisco IOS Release 12.0>Configuration Guides and Command References
Table 7: Cisco IOS Release 12.0 Documentation Set
| Document Title
| Chapter Topics
| Customer Order Number
|
|---|
- Configuration Fundamentals Configuration Guide
- Configuration Fundamentals Command Reference
| Configuration Fundamentals Overview
Cisco IOS User Interfaces
File Management
System Management
| DOC-785829
DOC-785830
|
- Bridging and IBM Networking Configuration Guide
- Bridging and IBM Networking Command Reference
| Transparent Bridging
Source-Route Bridging
Token Ring Inter-Switch Link
Remote Source-Route Bridging
DLSw+
STUN and BSTUN
LLC2 and SDLC
IBM Network Media Translation
DSPU and SNA Service Point
SNA Frame Relay Access Support
APPN
Cisco Database Connection
NCIA Client/Server Topologies
Cisco Mainframe Channel Connection
Airline Product Set
| DOC-785850
DOC-785851
|
- Dial Solutions Configuration Guide
- Dial Solutions Command Reference
| X.25 over ISDN
Appletalk Remote Access
Asynchronous Callback, DDR, PPP, SLIP
Bandwidth Allocation Control Protocol
ISDN Basic Rate Service
ISDN Caller ID Callback
PPP Callback for DDR
Channelized E1 & T1
Dial Backup for Dialer Profiles
Dial Backup Using Dialer Watch
Dial Backup for Serial Lines
Peer-to-Peer DDR with Dialer Profiles
DialOut
Dial-In Terminal Services
Dial-on-Demand Routing (DDR)
Dial Backup
Dial-Out Modem Pooling
Large-Scale Dial Solutions
Cost-Control Solutions
Virtual Private Dialup Networks
Dial Business Solutions and Examples
| DOC-785846
DOC-785847
|
- Cisco IOS Interface Configuration Guide
- Cisco IOS Interface Command Reference
| Interface Configuration Overview
LAN Interfaces
Logical Interfaces
Serial Interfaces
| DOC-785905
DOC-785906
|
- Network Protocols Configuration Guide, Part 1
- Network Protocols Command Reference, Part 1
| IP Overview
IP Addressing and Services
IP Routing Protocols
| DOC-785831
DOC-785834
|
- Network Protocols Configuration Guide, Part 2
- Network Protocols Command Reference, Part 2
| AppleTalk
Novell IPX
| DOC-785832
DOC-785835
|
- Network Protocols Configuration Guide, Part 3
- Network Protocols Command Reference, Part 3
| Network Protocols Overview
Apollo Domain
Banyan VINES
DECnet
ISO CLNS
XNS
| DOC-785833
DOC-785840
|
- Security Configuration Guide
- Security Command Reference
| AAA Security Services
Security Server Protocols
Traffic Filtering and Firewalls
IP Security and Encryption
Passwords and Privileges
Neighbor Router Authentication
IP Security Options
| DOC-785843
DOC-785845
|
- Cisco IOS Switching Services Configuration Guide
- Cisco IOS Switching Services Command Reference
| Switching Services
Switching Paths for IP Networks
Virtual LAN (VLAN) Switching and Routing
| DOC-785848
DOC-785849
|
- Wide-Area Networking Configuration Guide
- Wide-Area Networking Command Reference
| Wide-Area Network Overview
ATM
Frame Relay
SMDS
X.25 and LAPB
| DOC-785838
DOC-785839
|
- Voice, Video, and Home Applications Configuration Guide
- Voice, Video, and Home Applications Command Reference
| Voice over IP
Voice over Frame Relay
Voice over ATM
Voice over HDLC
Frame Relay-ATM Internetworking
Synchronized Clocks
Video Support
Universal Broadband Features
| DOC-785854
DOC-785855
|
- Quality of Service Solutions Configuration Guide
- Quality of Service Solutions Command Reference
| Policy-Based Routing
QoS Policy Propagation via BGP
Committed Access Rate
Weighted Fair Queueing
Custom Queueing
Priority Queueing
Weighted Random
Early Detection
Scheduling
Signaling
RSVP
Packet Drop
Frame Relay Traffic Shaping
Link Fragmentation
RTP Header Compression
| DOC-785852
DOC-785853
|
- Cisco IOS Software Command Summary
- Dial Solutions Quick Configuration Guide
- System Error Messages
- Debug Command Reference
|
| DOC-785859
DOC-785894
DOC-785860
DOC-785858
|
- or Technical Documents>Documentation Home Page>Cisco IOS Software Configuration>Cisco IOS Release 12.1
- On the Documentation CD-ROM: Cisco Product Documentation>Cisco IOS Software Configuration>Cisco IOS Release 12.1
Table 8: Cisco IOS Release 12.1 Documentation Set
| Document Title
| Chapter Topics
| Customer Order Number
|
|---|
- Cisco IOS Configuration Fundamentals Configuration Guide
- Cisco IOS Configuration Fundamentals Command Reference
| Configuration Fundamentals Overview
Using the Command-Line Interface
Using Configuration Tools
Configuring Operating Characteristics
Managing Connections, Menus, and System Banners
Using the Cisco Web Browser
Using the Cisco IOS File System
Modifying, Downloading, and Maintaining Configuration Files
Loading and Maintaining System Images
Maintaining Router Memory
Rebooting a Router
Configuring Additional File Transfer Functions
Monitoring the Router and Network
Troubleshooting a Router
Performing Basic System Management
System Management Using System Controllers
Web Scaling Using WCCP
Managing Dial Shelves
| DOC-7810222
DOC-7810223
|
- Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Configuration Guide
- Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Command Reference
| Overview of Apollo Domain, Banyan VINES, DECnet, ISO
CLNS, and XNS
Configuring Apollo Domain
Configuring Banyan VINES
Configuring DECnet
Configuring ISO CLNS
Configuring XNS
| DOC-7810241
DOC-7810245
|
- Cisco IOS AppleTalk and Novell IPX Configuration Guide
- Cisco IOS AppleTalk and Novell IPX Command Reference
| AppleTalk and Novel IPX Overview
Configuring AppleTalk
Configuring Novell IPX
| DOC-7810240
DOC-7810267
|
- Cisco IOS Bridging and IBM Networking Configuration Guide
- Cisco IOS Bridging and IBM Networking Command Reference, Volume I
- Cisco IOS Bridging and IBM Networking Command Reference, Volume II
| Overview of SNA Internetworking
Overview of Bridging
Configuring Transparent Bridging
Configuring Source-Route Bridging
Configuring Token Ring Inter-Switch Link
Configuring Token Ring Route Switch Module
Overview of IBM Networking
Configuring Remote Source-Route Bridging
Configuring Data-Link Switching Plus+
Configuring Serial Tunnel and Block Serial Tunnel
Configuring LLC2 and SDLC Parameters
Configuring IBM Network Media Translation
Configuring Frame Relay Access Support
Configuring NCIA Server
Configuring the Airline Product Set
Configuring DSPU and SNA Service Point Support
Configuring SNA Switching Services
Configuring Cisco Transaction Connection
Configuring Cisco Mainframe Channel Connection Adapters
Configuring CLAW and TCP/IP Offload Support
Configuring CMPC and CSNA
Configuring CMPC+
Configuring the TN3270 Server
| DOC-7810256
DOC-7810257
DOC-7810520
|
- Cisco IOS Dial Services Configuration Guide: Terminal Services
- Cisco IOS Dial Services Configuration Guide: Network Services
- Cisco IOS Dial Services Command Reference
| Large-Scale Dial Solutions
Cost-Control Solutions
Virtual Private Networks
X.25 on ISDN Solutions
Telco Solutions
Dial-Related Addressing Services
Internetworking Dial Access Scenarios
Preparing for Dial Access
Modem Configuration and Management
ISDN and Signalling Configuration
PPP Configuration
Dial-on-Demand Routing Configuration
Dial-Backup Configuration
Terminal Service Configuration
| DOC-7810251
DOC-7810252
DOC-7810253
|
- Cisco IOS Interface Configuration Guide
- Cisco IOS Interface Command Guide
| Interface Configuration Overview
Configuring LAN Interfaces
Configuring Serial Interfaces
Configuring Logical Interfaces
| DOC-7810224
DOC-7810238
|
- Cisco IOS IP and IP Routing Configuration Guide
- Cisco IOS IP and IP Routing Command Reference
| IP Overview
Configuring IP Addressing
Configuring DHCP
Configuring IP Services
Configuring Mobile IP
Configuring On-Demand Routing
Configuring RIP
Configuring IGRP
Configuring OSPF
Configuring IP Enhanced IGRP
Configuring Integrated IS-IS
Configuring BGP
Configuring Multicast BGP (MBGP)
Configuring IP Routing Protocol-Independent Features
Configuring IP Multicast Routing
Configuring Multicast Source Discovery Protocol
Configuring PGM Router Assist
Configuring Unidirectional Link Routing
Using IP Multicast Tools
| DOC-7810592
DOC-7810239
|
- Cisco IOS Multiservice Applications Configuration Guide
- Cisco IOS Multiservice Applications Command Reference
| Multiservice Applications Overview
Configuring Voice over IP
Configuring Gatekeepers (Multimedia Conference Manager)
Configuring Voice over Frame Relay
Configuring Voice over ATM
Configuring Voice over HDLC
Configuring Voice-Related Support Features
Configuring PBX Signalling
Configuring Store and Forward Fax
Configuring Video Support
Configuring Head-End Broadband Access Router Features
Configuring Subscriber-End Broadband Access Router
Features
Configuring Synchronized Clocking
| DOC-7810258
DOC-7810259
|
- Cisco IOS Quality of Service Solutions Configuration Guide
- Cisco IOS Quality of Service Solutions Command Reference
| Quality of Service Overview
Classification Overview
Configuring Policy-Based Routing
Configuring QoS Policy Propagation via Border Gateway
Protocol
Configuring Committed Access Rate
Congestion Management Overview
Configured Weighted Fair Queueing
Configuring Custom Queueing
Configuring Priority Queueing
Congestion Avoidance Overview
Configuring Weighted Random Early Detection
Policing and Shaping Overview
Configuring Generic Traffic Shaping
Configuring Frame Relay and Frame Relay Traffic Shaping
Signalling Overview
Configuring RSVP
Configuring Subnetwork Bandwidth Manager
Configuring RSVP-ATM Quality of Service Interworking
Link Efficiency Mechanisms Overview
Configuring Link Fragmentation and Interleaving for Multilink
PPP
Configuring Compressed Real-Time Protocol
IP to ATM CoS Overview
Configuring IP to ATM CoS
QoS Features for Voice Introduction
| DOC-7810260
DOC-7810261
|
- Cisco IOS Security Configuration Guide
- Cisco IOS Security Command Reference
| Security Overview
AAA Overview
Configuring Authentication
Configuring Authorization
Configuring Accounting
Configuring RADIUS
Configuring TACACS+
Configuring Kerberos
RADIUS Commands
TACACS+ Commands
Access Control Lists: Overview and Guidelines
Cisco Secure Integrated Software Firewall Overview
Configuring Lock-and-Key Security (Dynamic Access Lists)
Configuring IP Session Filtering (Reflexive Access Lists)
Configuring TCP Intercept (Prevent Denial-of-Service
Attacks)
Configuring Context-Based Access Control
Configuring Cisco Secure Integrated Software Intrusion
Detection System
Configuring Authentication Proxy
Configuring Port to Application Mapping
IP Security and Encryption Overview
Configuring IPSec Network Security
Configuring Certification Authority Interoperability
Configuring Internet Key Exchange Security Protocol
Configuring Passwords and Privileges
Neighbor Router Authentication: Overview and Guidelines
Configuring IP Security Options
| DOC-7810248
DOC-7810249
|
- Cisco IOS Switching Services Configuration Guide
- Cisco IOS Switching Services Command Reference
| Cisco IOS Switching Services Overview
Switching Paths Overview
Configuring Switching Paths
Cisco Express Forwarding Overview
Configuring Cisco Express Forwarding
NetFlow Switching Overview
Configuring NetFlow Switching
MPLS Overview
Configuring MPLS
Configuring IP Multilayer Switching
Configuring IP Multicast Multilayer Switching
Configuring IPX Multilayer Switching
Configuring Multicast Distributed Switching
Routing Between VLANs Overview
Configuring Routing Between VLANs with ISL Encapsulation
Configuring Routing Between VLANs with IEEE 802.10
Encapsulation
Configuring Routing Between VLANs with IEEE 802.1Q Encapsulation
LAN Emulation Overview
Configuring LAN Emulation
Configuring Token Ring LANE
MPOA Overview
Configuring the MPOA Client
Configuring the MPOA Server
Configuring Token Ring LANE for MPOA
| DOC-7810254
DOC-7810255
|
- Cisco IOS Wide-Area Networking Configuration Guide
- Cisco IOS Wide-Area Networking Command Reference
| Wide-Area Networking Overview
Configuring ATM
Frame Relay
Frame Relay-ATM Interworking
Configuring SMDS
Configuring X.25 and LAPB
| DOC-7810246
DOC-7810247
|
- Cisco IOS Configuration Guide Master Index
- Cisco IOS Command Reference Master Index
- Cisco IOS Command Summary
- Cisco IOS Debug Command Reference
- Cisco IOS Dial Services Quick Configuration Guide
- Cisco IOS System Error Messages
|
| DOC-7810242
DOC-7810266
DOC-7810262
DOC-7810265
DOC-7810263
|
Command descriptions use the following conventions:
| Convention
| Description
|
|---|
Click Window1>Window2>Window3
| The > symbol represents a direction in which you are to navigate from one window to the next, using your mouse to click the windows in the order from first to last.
|
boldface font
| Commands, keywords, menus, menu items, and options are in boldface.
|
italic font
| Arguments or terms for which you supply values are in italics.
|
[ ]
| Elements in square brackets are optional.
|
{x | y | z}
| Alternative keywords are grouped in braces and separated by vertical bars.
|
[x | y | z]
| Optional alternative keywords are grouped in brackets and separated by vertical bars.
|
string
| A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.
|
screen font
| Terminal sessions and information the system displays are in screen font.
|
boldface screen font
| Information you must type is in boldface screen font.Terminal sessions and console screens are in this font.
|
^
| The symbol ^ represents the key labeled Control---for example, the key combination ^D in a screen display means hold down the Control key while you press the D key.
|
< >
| Nonprinting characters, such as passwords, are in angle brackets.
|
[ ]
| Default responses to system prompts are in square brackets.
|
!, #
| An exclamation point ( ! ) or a pound sign ( # ) at the beginning of a line of code indicates a comment line.
|
|
Note Means reader take note. Notes contain helpful suggestions or reference to material not contained in this manual. |
 |
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss. |
Figure 1: Commonly Used Graphical User Interface Conventions
Figure 2: Commonly Used Images
|
Note Throughout this guide, there are numerous configuration examples that include unusable IP addresses, passwords, and public key examples. Be sure to use your own IP addresses, passwords, and public keys when configuring your VPN Clients and gateway. |
|
Note The Cisco Secure VPN Client is also referenced as SafeNet/Soft-PK throughout this guide and in the software. Also, the SafeNet icon appears as the graphical user interface icon in the Windows taskbar. Unless the taskbar is changed, this icon appears in lower right corner of the screen. |
|
Note For brevity, the Cisco Secure VPN Client is referred to as the generic term VPN Client throughout this guide. A Cisco IOS router or Cisco Secure PIX Firewall is referred to as the generic term gateway throughout this guide. |
|
Note Throughout this guide, the standard pre-shared key authentication method is called pre-shared keys. Also, the wildcard pre-shared key authentication method is called wildcard pre-shared key. Unless otherwise specified, the single term pre-shared keys may apply to both pre-shared keys and wildcard pre-shared keys. |
You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.
Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).
Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed docs, or by sending mail to Cisco.
Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.
You can access CCO in the following ways:
- WWW: www.cisco.com
- Telnet: cco.cisco.com
- Modem using standard connection rates and the following terminal settings: VT100 emulation; 8 data bits; no parity; and 1 stop bit.
- From North America, call 408 526-8070
- From Europe, call 33 1 64 46 40 82
You can e-mail questions about using CCO to cco-team@cisco.com.
The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.
To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.
To contact by e-mail, use one of the following:
| Language
| E-mail Address
|
|---|
English
| tac@cisco.com
|
Hanzi (Chinese)
| chinese-tac@cisco.com
|
Kanji (Japanese)
| japan-tac@cisco.com
|
Hangul (Korean)
| korea-tac@cisco.com
|
Spanish
| tac@cisco.com
|
Thai
| thai-tac@cisco.com
|
In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate and value your comments.
Posted: Thu Jul 27 18:11:42 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.
