Cisco 7100 Series Spezifikationen Seite 26
- Seite / 112
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
Considerations
Cisco 7100 Series VPN Configuration Guide
2-4
— Be careful not to violate access control lists. You can configure a tunnel with a
source and destination that are not restricted by firewall routers.
— Routing protocols that make their decisions based solely on hop count will often
prefer a tunnel over a multipoint real link. A tunnel might appear to be a one-hop,
point-to-point link and have the lowest-cost path, but may actually cost more.
• IPSec—Observe the following when configuring IPSec:
— IPSec works with the following serial encapsulations: High-Level Data Link
Control (HDLC), Point-to-Point Protocol (PPP), and Frame Relay. IPSec also
works with the GRE and IPinIP Layer 3, L2F, and L2TP tunneling protocols;
however, multipoint tunnels are not supported. Other Layer 3 tunneling protocols
(data-link switching [DLSW], source-route bridging [SRB], and so forth) are
currently not supported for use with IPSec.
— IPSec and Internet Key Exchange (IKE) must be configured on the router and a
crypto map assigned to all interfaces that require encryption services from the
Integrated Service Module (ISM) in slot 5 of Cisco 7100 series routers.
— IPSec can be applied to unicast IP datagrams only. Because the IPSec Working
Group has not yet addressed the issue of group key distribution, IPSec does not
currently work with multicasts or broadcast IP datagrams.
— If you use Network Address Translation (NAT), you should configure static NAT
redundant so that IPSec works properly. In general, NAT should occur before the
router performs IPSec encapsulation; in other words, IPSec should be working with
global addresses.
• Firewall—Observe the following when configuring Cisco IOS Firewall features (when
configuring your Cisco 7100 series router as a firewall):
— When setting passwords for privileged access to the firewall, use the enable secret
command rather than the enable password command, which does not have as
strong an encryption algorithm.
— Configure a password on the console port. In authentication, authorization, and
accounting (AAA) environments, use the same authentication for the console as for
elsewhere. In a non-AAA environment, at a minimum, configure the login and
password password commands.
- Cisco 7100 Series VPN 1
- Configuration Guide 1
- Preface vii 3
- Audience 4
- Organization 5
- Related Documentation 6
- Preface xi 7
- Conventions 8
- Cisco Connection Online 9
- Documentation CD-ROM 10
- Using Cisco IOS Software 11
- Getting Help 12
- Finding Command Options 13
- • controller t1 1 13
- Understanding Command Modes 18
- Summary of Main Command Modes 19
- Router(config-if)# 20
- Router(config-subif)# 20
- Saving Configuration Changes 21
- Saving Configuration Changes 22
- Before You Begin 23
- Considerations 25
- Before You Begin 2-5 27
- Assumptions 29
- Intranet VPN Business 31
- Scenario 31
- Scenario Description 32
- Step 1—Configuring the Tunnel 34
- Step 1—Configuring the Tunnel 35
- Step 3—Configuring Encryption 41
- Configuring IKE Policies 43
- Creating Policies 44
- • RSA signatures method: 45
- Configuring Preshared Keys 46
- Verifying IKE Policies 48
- Configuring IPSec 49
- Creating Crypto Access Lists 51
- Verifying Crypto Access Lists 51
- Defining Transform Sets 52
- Step 3—Configuring Encryption 54
- Verifying Transform Sets 55
- Creating Crypto Map Entries 58
- Verifying Crypto Map Entries 59
- To verify the configuration: 65
- Extranet VPN Business 73
- 67890 address 172.17.2.4 83
- Tunnel mode 88
- Transport mode 88
- Configuring Crypto Maps 89
- Configuring Crypto Maps 93
Verwandte Produkte und Handbücher für Vernetzung Cisco 7100 Series
Vernetzung Cisco VPN 3000 Bedienungsanleitung
(25 Seiten)
(25 Seiten)
Vernetzung Cisco 1802W Bedienungsanleitung
(40 Seiten)
(40 Seiten)
Vernetzung Cisco 4500M Installationsanleitung
(32 Seiten)
(32 Seiten)
Vernetzung Cisco VPN 3000 Betriebsanweisung
(502 Seiten)
(502 Seiten)
Vernetzung Cisco EF3116 Bedienungsanleitung
(8 Seiten)
(8 Seiten)
Vernetzung Cisco 826 Bedienungsanleitung
(8 Seiten)
(8 Seiten)
Vernetzung Cisco 1861 Bedienungsanleitung
(13 Seiten)
(13 Seiten)
Vernetzung Cisco TES301 Bedienungsanleitung
(52 Seiten)
(52 Seiten)
Vernetzung Cisco MGBSX1 Bedienungsanleitung
(16 Seiten)
(16 Seiten)
Vernetzung Cisco PA-2FE-TX Spezifikationen
(60 Seiten)
(60 Seiten)
Vernetzung Cisco 880 Series Bedienungsanleitung
(18 Seiten)
(18 Seiten)
Vernetzung Cisco EPC3825 Bedienungsanleitung
(8 Seiten)
(8 Seiten)
Vernetzung Cisco DPC3008 Betriebsanweisung
(44 Seiten)
(44 Seiten)
© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.151 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern