Cisco 1710 Spezifikationen PDF herunterladen (Seite 34)

Chapter 2 Cisco 1710 Security Router Configuration

Configuring IP Security

2-4

Cisco 1710 Security Router Software Configuration Guide

78-12696-01

Disabling Hardware Encryption

The Cisco 1710 Security router is equipped with a Virtual Private Network (VPN)

module that provides hardware 3DES encryption by default. It is possible to

disable the VPN module and use Cisco IOS software encryption/decryption

instead.

The command which disables the VPN module is as follows:

no crypto engine accelerator

The command is executed in configuration mode. An example of its use is as

follows:

c1710(config)#no crypto engine accelerator

Warning! all current connections will be torn down.

Do you want to continue? [yes/no]: yes

Crypto accelerator in slot 0 disabled

switching to IPsec crypto engine

Step 9

crypto mib ipsec flowmib history failure

size size

Set the size of the failure history table.

Step 10

crypto map name local-address Ethernet 0 Specify and name an identifying interface to

be used by the crypto map for IPSec traffic

Step 11

crypto map name seq-num ipsec-isakmp Create a crypto map entry in IPSec ISAKMP

mode, and enter crypto map configuration

mode.

Step 12

set peer ip-address Identify the remote IPSec peer.

Step 13

set transform-set name Specify the transform set to be used.

Step 14

set pfs [group1|group2] Specify use of the perfect forward secrecy

(pfs) option in IPSec. The variation group1 is

default.

Step 15

match address access-list-id Specify an extended access list for the crypto

map entry.

Step 16

exit Exit crypto map configuration mode.

Command Task

1 2 ... 29 30 31 32 33 34 35 36 37 38 39 ... 87 88

Kommentare zu diesen Handbüchern

Keine Kommentare

Cisco 1710 Spezifikationen Seite 34

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Vernetzung Cisco 1710