The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Symbols
? command 1 - 2
A
AAA
configuring 4 - 8
servers supported 4 - 9
aaa authentication login default command 4 - 8
aaa authorization auth-proxy default command 4 - 8
aaa new-model command 4 - 8
abbreviating commands, context-sensitive help 1 - 2
accept dialin command 4 - 5, 4 - 7
access control
planning 2 - 15
undefined packets and 3 - 38
access control lists
access-list (encryption) command 3 - 22
access-list command 3 - 37
access-list permit host eq host command 4 - 9
access-list permit ip host command 3 - 22
access lists
applying to interfaces 3 - 38
considerations 2 - 14
protecting from spoofing 2 - 15
violating 2 - 14
WFQ and 3 - 32
See also extended access lists
accounting
See AAA 4 - 8
ACLs
CBWFQ and 3 - 33
address keywords, using (note) 3 - 18
AHs
description 3 - 23
ESP and (note) 3 - 23
IP numbers 3 - 22
arrow keys, on ANSI-compatible terminals (note) 1 - 3
attaching
policy maps 3 - 31
service policies 3 - 35
authentication
authentication command 3 - 16
authentication headers
authentication proxies
description 4 - 8
verifying 4 - 11
authorization
B
backbone routers, QoS functions 3 - 28
bandwidth command 3 - 31, 3 - 35
broadcasts
disabling directed 2 - 15
business scenarios
figure 2 - 2
See also extranet VPN scenarios
See also remote access VPN scenarios
See also site-to-site VPN scenarios
C
CA interoperability
description 3 - 14
carrier protocols (tunneling) 3 - 6
CBWFQ
configuring 3 - 33
enabling 3 - 35
verifying 3 - 36
CDP, turning off 2 - 15
certificate revocation lists
See CRLs 2 - 6
changes, saving 1 - 8
Cisco Discovery Protocol
Cisco Express Forwarding support
Cisco IOS commands
See commands 5 - 5
Cisco IOS firewall authentication proxy
Cisco IOS firewalls
Cisco SAFE Blueprint
network design considerations 2 - 3
Cisco Secure Policy Manager
Cisco Secure VPN Client
locating documentation 4 - 3
Cisco VPN and Security Management Solution
See VMS 5 - 2
Cisco VPN Device Manager 5 - 3
Cisco VPN Monitor 5 - 2
Class-Based Weighted Fair Queuing
class class-default command 3 - 35
class-map command 3 - 30, 3 - 34
class-map match-all 3 - 30
class maps
configuring 3 - 30
defining 3 - 34
verifying 3 - 30
class policies
configuring 3 - 35
clear crypto sa command 3 - 27
CLI
configuring software using 1 - 1
VDM commands 5 - 5
command-line interface
command modes
command options 1 - 3
description 1 - 5
online help 1 - 2
summary (table) 1 - 6
commands
abbreviating 1 - 2
disabling functions 1 - 7
finding options (table) 1 - 3
configuration examples
extranet
business partner router 3 - 45 to 3 - 46
headquarters router 3 - 43 to 3 - 45
remote access
L2TP/IPSec configuration 4 - 13
PPTP/MPPE configuration 4 - 11
site-to-site
headquarters router 3 - 40 to 3 - 41
remote office router 3 - 41 to 3 - 42
configuration files
corrupted 1 - 6
saving changes 1 - 8
saving to NVRAM 1 - 8
configuration modes, using 1 - 6
configuring
AAA 4 - 8
authentication methods with IKE policies 3 - 16
authentication proxies 4 - 8 to 4 - 10
CBWFQ 3 - 33
class maps 3 - 30
class policies 3 - 35
crypto maps 3 - 24
encryption 3 - 22 to 3 - 24, 4 - 7
fair queuing 3 - 32
firewalls 3 - 36
GRE tunnels 3 - 3, 3 - 8 to 3 - 9
HTTP servers 4 - 9
IPSec 4 - 7
IPSec tunnel mode 3 - 23
L2TP 4 - 7
L2TP/IPSec 4 - 6
MPPE 4 - 6
NBAR 3 - 29
policy maps 3 - 31
PPTP 4 - 5
PPTP/MPPE 4 - 4
pre-shared keys 3 - 17, 3 - 21
QoS 3 - 28
virtual templates 4 - 5, 4 - 6
connectivity
testing 5 - 15
console access considerations 2 - 14
console ports
breaks on 2 - 15
configuring passwords on 2 - 14
controller isa command 4 - 6
CRLs
performance considerations 2 - 6
crypto access lists
commands (table) 3 - 22
compatibility 3 - 24
creating 3 - 22
extended access lists and 3 - 37
verifying 3 - 22
crypto dynamic-map command 3 - 25
crypto ipsec transform-set command 3 - 23
crypto isakmp enable command 3 - 16
crypto isakmp identity address command 3 - 18
crypto isakmp key address command 3 - 18
crypto isakmp key command 3 - 18, 3 - 21
crypto map command 3 - 25
crypto map entries
configuring 3 - 24
creating 3 - 25
defining IPSec processing 3 - 22
verifying 3 - 26
crypto maps
applying to interfaces 3 - 27
verifying interface associations 3 - 28
crypto map s4second command 3 - 27
CSPM
description 5 - 1
D
default commands, using 1 - 7
defining class maps 3 - 34
demilitarized zone
denial-of-service attacks, directed broadcasts and 2 - 15
dial-in sessions 4 - 5
Diffie-Hellman group identifier, specifying 3 - 16
digital certificates
authentication 3 - 17
CAs and 3 - 14
directed broadcasts
DMZ network description 3 - 37
dynamic crypto map
configuring 3 - 14
creating 3 - 25
ease of configuration 3 - 24
E
edge routers, QoS functions 3 - 28
enable password command 2 - 14
enable secret command 2 - 14
encapsulating security payload
encryption
tunnels and 3 - 7
encryption command 3 - 16
encryption mppe command 4 - 6
error messages
ICMP Host Unreachable 3 - 38
ESP
AH and (note) 3 - 23
IP numbers and 3 - 22
performance considerations 2 - 13
extended access lists
creating 3 - 37
description 3 - 36
extranet VPN scenarios 3 - 5
configuring business partner routers 3 - 45
configuring headquarters routers 3 - 43 to 3 - 45
description 2 - 2
figure 3 - 4
physical elements (figure) 3 - 5
physical elements (table) 3 - 6
sample configurations
physical elements (figure) 3 - 43
F
fair-queue command 3 - 32
fair queuing
configuring 3 - 32
flow-based WFQ 3 - 32
See also CBWFQ 3 - 32
See also WFQ 3 - 32
fast switching support 2 - 14
firewalls
basic traffic filtering configurations 3 - 36
benefits 3 - 36
configuring 3 - 36
considerations 2 - 14
flow classification of packets 3 - 32
G
generic routing encapsulation
global configuration mode
summary 1 - 6
GRE
description 2 - 6
IPSec and 2 - 7
See also GRE tunnels 2 - 7
GRE tunnels
access servers (note) 3 - 8
Cisco routers (note) 3 - 8
protocol 3 - 6
troubleshooting configurations 3 - 9
verifying 3 - 9
See also site-to-site VPN scenarios
group command 3 - 16
H
hash command 3 - 16
headquarters network scenarios
See also extranet VPN scenarios
See also remote access VPN scenarios
See also site-to-site VPN scenarios
hello packets
help
CLI 1 - 2
finding command options 1 - 3
help command 1 - 2
hostname keywords, using (note) 3 - 18, 3 - 21
Hot Standby Routing Protocol
HSRP
description 2 - 11
http
//www.cisco.com/en/US/products/hw/routers/ps341/prod_installation_guides_list.html xi
//www.cisco.com/en/US/products/hw/routers/ps341/tsd_products_support_series_home.html x
HTTP servers
configuring 4 - 9
hybrid network environments
network design considerations 2 - 4
I
ICMP filtering
fragmentation and 2 - 13
ICMP Host Unreachable messages 3 - 38
IKE
description 3 - 14
performance considerations 2 - 13
policies
verifying 3 - 19
SAs and 3 - 24
UDP port 3 - 22
IKE keys
IKE policies
configuration requirements 3 - 16
defaults, viewing 3 - 9
default values (note) 3 - 15
enabling by default 3 - 15
identifying 3 - 16
RSA signatures method requirements 3 - 16
troubleshooting 3 - 20
viewing configuration 3 - 19
viewing default configuration 3 - 9
inside global address 3 - 11
inside local address 3 - 11
inside network 3 - 10
integrated versus overlay design 2 - 4
interface command 4 - 10
interface configuration mode, summary 1 - 6
interface fastethernet command 3 - 13
interfaces
applying crypto maps 3 - 27
applying IP access lists 3 - 38
verifying crypto map associations 3 - 28
interface serial command 3 - 32
interface tunnel command 3 - 8
interface virtual-template number command 4 - 5
Internet Key Exchange
Internet Security Association & Key Management Protocol identities
intrusion detection 3 - 36
IOS Commands 5 - 5
ip access-group command 3 - 38
ip access-list extended command 3 - 22
IP access lists
applying to interfaces 3 - 38
configuring security and 2 - 14
inbound 3 - 38
outbound 3 - 38
software checking of 3 - 38
undefined 3 - 38
See also extended access lists
IP addresses
NAT definitions 3 - 11
nonregistered 3 - 10
protecting internal 2 - 15
renumbering 3 - 10
static translation 3 - 11
ip auth-proxy auth-cache-time command 4 - 10
ip auth-proxy auth-proxy-banner command 4 - 10
ip auth-proxy command 4 - 10
ip auth-proxy name http command 4 - 10
IP datagrams
in IPSec tunnel mode 3 - 9
ip http access-class command 4 - 10
ip http authentication aaa command 4 - 10
ip http server command 4 - 9
ip local pool default command 4 - 5
ip mroute-cache command 4 - 5
ip nat inside command 3 - 13
ip nat inside source command 3 - 13
ip nat outside command 3 - 13
ip route command 3 - 8
IPSec
clearing SAs 3 - 27
configuring 3 - 22 to 3 - 24, 4 - 7
configuring tunnels 3 - 14
description 3 - 14
in VDM 5 - 4
IP unicast frames 3 - 7
NAT and 2 - 8
proxies 3 - 9
IPSec access lists
explicitly permitting traffic (note) 3 - 22
requirements 3 - 22
IPSec MIBs
as network management tool 5 - 3
IPSec transport mode
description 3 - 10
IPSec tunnel mode
configuring 3 - 23
GRE tunnels and (note) 4 - 7
verifying 3 - 24
IPSec tunnels
configuring 3 - 9
IP Security Protocol
IP unicast frames, IPSec and 3 - 7
ip unnumbered command 4 - 5
ISAKMP identities
setting 3 - 18
ISAKMP identities, setting 3 - 21
K
keys
L
L2TP
compatibility 4 - 4
configuring 4 - 7
verifying 4 - 7
L2TP/IPSec
configuring 4 - 6
Layer 2 Tunneling Protocol
lifetime command 3 - 16
local name command 4 - 5, 4 - 7
loopback interfaces
emulating interfaces 2 - 14
using 3 - 25
M
maps
See specific kinds of maps (for example, class maps)
match access-group command 3 - 34
match address command 3 - 25, 3 - 26
match-all command 3 - 30
match-any command 3 - 30
match class-map command 3 - 30
match input-interface command 3 - 34
match not command 3 - 30
match protocol command 3 - 30, 3 - 34
MIBs
Microsoft
Windows 2000 4 - 3
Windows 95 4 - 3
Windows 98 4 - 3
Windows NT 4.0 4 - 3
Microsoft Challenge Handshake Authenication Protocol
Microsoft Dial-Up Networking 4 - 3
Microsoft Point-to-Point Compression
Microsoft Point-to-Point Encryption
mixed device deployments
network design considerations 2 - 4
modes
mode tunnel command 3 - 23
Modular QoS Command-Line Interface
MPPC 4 - 4
MPPE
configuring 4 - 6
MS-CHAP and (note) 4 - 4
verifying 4 - 6
MQC 3 - 29
MS-CHAP
MPPE and (note) 4 - 4
N
NAT
address definitions 3 - 11
network design considerations and 2 - 8
source address translation process 3 - 12
static translation process 3 - 13
tunnels and 3 - 7
NBAR
attaching policy maps to interfaces 3 - 31
configuring class maps 3 - 30
configuring policy maps 3 - 31
verifying class map configuration 3 - 30
verifying policy map configuration 3 - 31
Network Address Translation
network-based application recognition
network design considerations
Cisco SAFE Blueprint 2 - 3
fragmentation 2 - 10
GRE and 2 - 10
IKE and 2 - 10
IKE key lifetimes and 2 - 13
mixed devices deployments 2 - 4
optimizing traffic throughput 2 - 5
resiliency and 2 - 10
RRI with HSRP and 2 - 10
network management applications
description 2 - 16
network redundancy 3 - 7
network resiliency
Network Time Protocol
no bandwidth command 3 - 31
no cdp run command 2 - 15
no class-map command 3 - 30
no commands 1 - 7
no ip directed-broadcast command 2 - 15
no ip source-route command 2 - 15
no match-all command 3 - 30
no match-any command 3 - 30
no police command 3 - 31
no policy-map command 3 - 31
no proxy-arp command 2 - 15
no random-detect command 3 - 31
no service-policy command 3 - 31
no service tcp-small-servers command 2 - 15
no service udp-small-servers command 2 - 15
no set command 3 - 31
no shutdown command 3 - 8
NTP
disabling 2 - 15
ntp disable command 2 - 15
NVRAM, saving configuration to 1 - 8
O
outside
global address 3 - 11
local address 3 - 11
network 3 - 10
P
packets
flow classification 3 - 32
fragmentation 2 - 13
passenger protocols (tunneling) 3 - 6
passwords
commands for setting 2 - 14
port for configuring 2 - 14
peer default ip address pool default command 4 - 5
ping command 3 - 9
PIX Firewall
Point-to-Point Tunneling Protocol
police bps conform transmit exceed drop command 3 - 31
policies
policy-map command 3 - 31, 3 - 35
policy maps
attaching to interfaces 3 - 31
configuring 3 - 31
configuring classes 3 - 35
displaying contents 3 - 36
verifying 3 - 31
ppp authentication ms-chap command 4 - 5
ppp encrypt mppe command 4 - 5
PPTP
configuration example 4 - 11 to 4 - 13
configuring 4 - 5
PPTP/MPPE
configuring 4 - 4
verifying 4 - 6
pre-shared keys
priority traffic
privileged EXEC mode, summary 1 - 6
process switching support 2 - 14
prompts, system 1 - 6
protocol l2tp command 4 - 7
protocol pptp command 4 - 5
protocols, tunneling 3 - 6
proxyacl#n command 4 - 9
Q
QoS
benefits 2 - 9 to ??
characteristics 3 - 28
configuring 3 - 28
queue-limit command 3 - 31, 3 - 35
R
RADIUS
implementing 2 - 14
random-detect command 3 - 31
Remote Access Dial-In User Service
remote access VPN scenarios
physical elements (table) 4 - 3
Rivest, Shamir, and Adelman
See RSA encrypted nonces method
ROM monitor mode
description 1 - 6
summary 1 - 7
RSA encrypted nonces method 3 - 17
RSA signatures, configuration requirements for IKE 3 - 16
S
SAFE
See Cisco SAFE Blueprint 2 - 3
SAs
IKE established
creating crypto map entries 3 - 24
saving, configuration changes 1 - 8
scenarios
See remote access VPN scenarios
See site-to-site VPN scenarios
security associations
service policies
attaching 3 - 35
service-policy command 3 - 35
service-policy input command 3 - 31
service-policy output command 3 - 31
set ip precedence command 3 - 31
set peer command 3 - 25, 3 - 26
set qos-group command 3 - 31
set security-association lifetime command 3 - 26
set transform-set command 3 - 25, 3 - 26
show access-lists command 3 - 22, 3 - 38
show class-map command 3 - 30
show crypto ipsec transform-set command 3 - 24
show crypto isakmp policy command 3 - 15, 3 - 19
show crypto map command 3 - 26
show crypto map interface command 3 - 28
show interfaces fair-queue command 3 - 33
show interfaces ip command 3 - 39
show interfaces serial command 3 - 33
show interfaces tunnel command 3 - 9
show ip auth-proxy cache command 4 - 11
show ip auth-proxy configuration command 4 - 11
show ip nat translations verbose command 3 - 13
show policy-map command 3 - 31
show policy policy-map command 3 - 36
show running-config command 4 - 11, 4 - 13
show version command 3 - 20
show vpdn session command 4 - 6
show vpdn tunnel command 4 - 6, 4 - 7
site-to-site VPN scenario
configuring 3 - 8
description 2 - 2
figure 3 - 3
physical elements 3 - 3
physical elements (table) 3 - 4
site-to-site VPN scenarios
configuration, example 3 - 39 to 3 - 42
configuring headquarters router 3 - 40 to 3 - 41
configuring remote office router 3 - 41 to 3 - 42
description 3 - 2
software and hardware compatability xii
source routing, disabling 2 - 15
spoofing, protecting against 2 - 15
startup configuration, saving 1 - 8
static translation
configuring 3 - 11
description 3 - 11
verifiying 3 - 13
static translation
configuring 3 - 13
static translation
configuring 3 - 13
Statistics
graphing in VDM 5 - 11
stub domain, NAT configured on 3 - 10
subinterface configuration mode, summary 1 - 7
syslog
advantages 2 - 14
T
Tab key, command completion 1 - 2
TACACS+
implementing 2 - 14
tacacs-server host command 4 - 8
tacacs-server key command 4 - 8
tail drop 3 - 35
TED
description 2 - 16
Telnet access considerations 2 - 14
template configurations, special considerations 2 - 14
Terminal Access Controller Access Control System Plus
traffic priority management
transform sets
crypto map entries and 3 - 24
defining 3 - 23
verifying 3 - 24
transport mode
description 3 - 10
transport protocols (tunneling) 3 - 6
troubleshooting
entering ROM monitor mode at startup 1 - 6
extended access lists 3 - 39
GRE tunnels 3 - 9
IKE policy verification 3 - 20
syslog message logs for 2 - 14
tunnel destination command 3 - 8
tunnel endpoint discovery
tunneling
components 3 - 6
description 3 - 6
encryption in 3 - 7
special considerations 2 - 14
tunnel mode
description 3 - 9
tunnel mode gre ip command 3 - 8
tunnel modes
tunnel source command 3 - 8
U
user EXEC mode, summary 1 - 6
V
VDM
benefits 5 - 5
client installation 5 - 5
configuring VPNs 5 - 8
graphing statistics 5 - 11
installing 5 - 7
overview 5 - 4
troubleshooting connectivity 5 - 15
verifying
authentication proxies 4 - 11
CBWFQ 3 - 36
class maps 3 - 30
crypto access lists 3 - 22
crypto map entries 3 - 26
crypto map interface associations 3 - 28
extended access lists 3 - 38, 3 - 39
GRE tunnel configuration 3 - 9
IKE policies 3 - 19
IPSec tunnel mode 3 - 24
L2TP 4 - 7
PPTP/MPPE 4 - 6
transform sets 3 - 24
WFQ configuration 3 - 33
Virtual Private Networks
virtual-template command 4 - 5, 4 - 7
virtual templates
virtual terminal ports, protecting 2 - 15
vpdn-enable command 4 - 5, 4 - 7
vpdn-group 1 command 4 - 5, 4 - 7
VPNs
configuration assumptions 2 - 2
See also extranet VPN scenario
See also remote access VPN scenario
See also site-to-site VPN scenario
W
weighted fair queuing
weighted random early detection
WFQ
configuring 3 - 32
traffic priority management 3 - 32
verifying configuration 3 - 33
Windows 2000
compatibility 4 - 4
wizards
configuring VDM 5 - 8
configuring VPNs 5 - 8
WRED
CBWFQ support and 3 - 33
See also CBWFQ 3 - 33