Instruction/ maintenance manual of the product SM-ISM Cisco Systems
Go to page of 52
Cor porat e Headqu ar ters Cisco Syst ems, I nc. 170 West Tasm an Drive San Jose, CA 9513 4-1706 USA http ://www .cisco .com Tel: 40 8 526-4000 800 55 3-NETS (6387) Fax: 40 8 526-4100 In tegr ate d Se.
THE SPE CIFI CAT IONS AND I NFO RMATI ON R EGARD ING T HE P RODUC TS I N TH IS MA NU AL ARE SUBJ ECT TO CHA NG E WIT HOUT NOTI CE. ALL STA TEM EN TS , INFO R MATI ON, AN D RE C OMME NDAT IO NS IN TH IS MA NU AL ARE BELI EV ED TO BE ACCU RAT E B U T ARE PRE SEN TED W ITH O UT WA RRANT Y OF ANY KIND, EX PRES S OR IMPL IED.
i Integrat ed Ser vices A dapter and Inte grated Services Module I nstal lation an d C onfiguratio n OL-3575-01 B0 CONT ENTS Preface iii Objec tives iii Audien ce iv Installa tion W arning iv Docu ment Organiza tion v Docu ment Conven tions v Term s and Acrony m s vii Relate d Do cument ation vi ii Obta ining D ocum entation x Cisc o.
(DRA FT L ABE L) AL PHA DRAF T - C ISC O C ONFID ENTI AL Cont ents ii Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Interop erabi li.
iii Integrat ed Ser vices A dapter and Inte grated Services Module I nstal lation an d C onfiguratio n OL-3575-01 B0 Preface This p refa ce des crib es t he o bj ect ives an d organ iza tio n o f th is d o cu men t and ex pl ai ns how to fi nd add itio nal i nfo rmati on on r elate d pr oduct s and s ervi ces.
iv Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Pref ace Audi ence Not e T o ens ure c omplia nce wit h U.S. e xport laws an d regul ati ons , and to pr ev ent pr oble ms late r on, s ee the “Co mpli anc e with U.
v Integrat ed Ser vices A dapter and Inte grated Services Module I nstal lation an d C onfiguratio n OL-3575-01 B0 Pref ace Document Organi zation Document Organ ization This d o cu men t cont ain s t.
vi Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Pref ace Docu ment Co nven t ions Not es, cauti on ar y sta tem en ts, and sa fety w ar ni ng s u s e th ese convention s : Not e Mean s r ead er tak e not e .
vii Integrat ed Ser vices A dapter and Inte grated Services Module I nstal lation an d C onfiguratio n OL-3575-01 B0 Pref ace Ter ms and Acrony ms Terms a nd Acronyms T o ful ly under stand t he cont .
vi ii Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Pref ace Rel ated D ocu ment ati on • DT E—d ata t er min al equi pmen t •.
ix Integrat ed Ser vices A dapter and Inte grated Services Module I nstal lation an d C onfiguratio n OL-3575-01 B0 Pref ace Re late d Do cumen tati on • F or con f igura tio n infor m ation and s u.
x Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Pref ace Ob ta in i n g D o cu me nt at io n – Ci sc o I O S R el ea se 1 2. 0 Se cu r ity C on fig ur at io n G ui de – Cis co IOS Rele ase 12.
xi Integrat ed Ser vices A dapter and Inte grated Services Module I nstal lation an d C onfiguratio n OL-3575-01 B0 Pref ace Obt ain ing Do cu ment ati on I ntern ati onal Cisc o web si tes can be acc essed fr om this URL : http ://w ww .c isco .com /pub lic/ countr ies_l anguag es.
xi i Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Pref ace Obt aining Tech nical Assista nce Obtai ning T echnical Assist ance Cis co p rovi des Cis co .
xiii Integrat ed Ser vices A dapter and Inte grated Services Module I nstal lation an d C onfiguratio n OL-3575-01 B0 Pref ace Obtaini ng A ddi tiona l Publicati ons and Inf or mation All cu s to m er.
xi v Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Pref ace Obta in in g Addi tio n al Pu b lic a tio ns and Info rm a tio n • I n.
C HAP TER 1-1 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 1 Overview Thi s chap ter de sc ribe s the ISA and t he IS M and co ntai.
1- 2 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Cha pter 1 O ver vie w Data En cr ypti on Overv iew Not e The Cisc o 710 0 series VP N rou ters do not supp ort ISM an d ISA i n the sa me c hassis.
1-3 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt er 1 Overvi ew Features • CA—I n addi tion, Cert i fic ate Author ity (C A) in tero pera bili ty is prov ided in sup port of the IPSe c st an dard, usi ng Certi fi cat e Enroll men t P ro to co l (CEP) .
1- 4 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Cha pter 1 O ver vie w Port Ada pter Sl ot Loca tio ns on the S uppor ted Pl at f.
1-5 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt er 1 Overvi ew Port A dap ter Slot Locat ions on the Support ed P latfo r ms Not e The C is c o 71 0 0 se ries V PN ro u ters d o not s upp or t an I SM an d an I SA in th e same ch as si s .
1- 6 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Cha pter 1 O ver vie w LE D s Figur e 1 -3 P ort Adapt e r Slot s in the Cisco 7206 LEDs Th e I SA h as t hre e LE Ds , as s how n in Fi gure 1- 4 .
1-7 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt er 1 Overvi ew LEDs Figur e 1 -4 ISA Fr ont P anel LEDs ( SA - ISA sho wn) T.
1- 8 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Cha pter 1 O ver vie w LE D s The foll owi ng cond it ions m ust al l be m et befor e the enabl ed LED go es on: • The I SM is co rrec tl y con n ect ed to t he b ack p lan e an d r ec eivi ng p ower .
C HAP TER 2-1 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 2 Preparing for Installation This chapte r desc ribe s the g ener al equ ipme nt, saf ety , and si te prep arati on req uirem ents f or inst allin g the ISA an d t h e IS M .
2- 2 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Cha p t er 2 Prepa r i ng fo r In s t alla ti on So ftwar e and Har dware Requi remen ts an d Com patibi lity Not e The Cisc o IOS Rel ease 12.
2-3 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Cha pter 2 Prepa ring for In stalla tion Safe ty Gu i de l in e s • I f ISA and .
2- 4 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Cha p t er 2 Prepa r i ng fo r In s t alla ti on Sa fety G uide lines Warn ing This warning s ymbol means danger . Y ou are in a situation that could caus e bodily injury .
2-5 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Cha pter 2 Prepa ring for In stalla tion Safe ty Gu i de l in e s .
2- 6 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Cha p t er 2 Prepa r i ng fo r In s t alla ti on Co mp lia nce wit h U.
C HAP TER 3-1 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 3 Removing and Ins t alling the ISA and the ISM Thi s cha pte r desc ribe s how to remo ve the I SA or I SM from s uppo rted pla tform s an d al so how to inst all a new o r rep lac eme nt I SA or I SM .
3- 2 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Ch a pt e r 3 R em ov i n g a n d Ins t alli n g th e IS A a nd th e IS M On line.
3-3 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt e r 3 Removi ng and Inst all in g the I SA a nd the I SM W arnin gs and Ca utions Eac h mo d ule ha s a bus conn ect or th at co n ne cts it to the rout er .
3- 4 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Ch a pt e r 3 R em ov i n g a n d Ins t alli n g th e IS A a nd th e IS M ISA or .
3-5 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt e r 3 Removi ng and Inst all in g the I SA a nd the I SM ISA or IS M Re m o .
3- 6 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Ch a pt e r 3 R em ov i n g a n d Ins t alli n g th e IS A a nd th e IS M ISA or .
C HAP TER 4-1 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 4 Configuring the ISA and ISM This c ha pt er co n tai ns th e i nfo rm .
4- 2 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Chapter 4 Configur i ng the ISA and ISM Using the EXE C Co mm a nd Interp r e ter Con fig urin g I P Sec requ ir es privileged - level acce ss t o t he EX E C c om m an d in ter p r ete r .
4-3 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt e r 4 Confi guri ng the ISA and ISM Co nf igurin g IKE Use the ppp encrypt m.
4- 4 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Chapter 4 Configur i ng the ISA and ISM Confi g u rin g IPSe c Co nfi gurin g IPSec Af ter yo u ha ve c omplet ed IKE conf igur ati on, co nfi gu re IPS ec at ea ch part ici pati ng I PSec pe er .
4-5 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt e r 4 Confi guri ng the ISA and ISM Configuring IP Sec Later, you w il l a s.
4- 6 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Chapter 4 Configur i ng the ISA and ISM Confi g u rin g IPSe c I f you c hange a tran sfor m set de f i n iti on, the chan ge is onl y appli ed to cryp to map en tri es t hat re fe renc e the t r ans for m s et .
4-7 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt e r 4 Confi guri ng the ISA and ISM Cr eati ng Cry pto Maps Ta b l e 4 - 1 shows allo wed t ransform combinat ions.
4- 8 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Chapter 4 Configur i ng the ISA and ISM C re a tin g Cry p to Ma ps For IPS ec to succe ed be twee n two I PSec pee rs, both p eers ’ cr ypto m ap entries mus t con tain c om patib le configu r ati on s t at emen t s .
4-9 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt e r 4 Confi guri ng the ISA and ISM Applying C rypto Maps to Interfaces Apply ing Crypto Maps to Inter faces Y ou ne ed to ap p ly a cryp to m ap s et to ea ch in te rface th r ou g h w hic h IPSe c t ra f fic f low s.
4-1 0 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Chapter 4 Configur i ng the ISA and ISM Veri fy ing Co nf ig urat i on T o cle a.
4-11 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt e r 4 Confi guri ng the ISA and ISM Verifying Conf igur ati on Peer = 172.21.114.67 Extended IP access list 141 access-list 141 permit ip source: addr = 172.
4-1 2 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Chapter 4 Configur i ng the ISA and ISM IPSe c Ex a m pl e outbound esp sas: spi.
4-13 Inte gra ted Services Adap ter and Integrat ed Service s Module In stal l ation and Conf ig uration OL-3575-01 B0 Chapt e r 4 Confi guri ng the ISA and ISM IPS e c E x am pl e Not e In th e abo v.
4-1 4 Integrat ed Ser vices A dapter an d Inte grated Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 Chapter 4 Configur i ng the ISA and ISM IPSe c Ex a m pl e.
IN-1 Integrat ed Ser vices A dapter and Inte grated Services Module I nstal lation an d C onfiguratio n OL-3575-01 B0 INDE X A acc ess- li s t (e n cr y ptio n) c om man d 4-5 access lists Se e al s o.
Index IN-2 Integrat ed Ser vices A dapter an d Int egrate d Services Modul e Instal lation a nd C onfigurat ion OL-3575-01 B0 M ma tch a ddress comm and 4-8 P pa rt s r eq uir ed fo r V I P in s ta ll.
An important point after buying a device Cisco Systems SM-ISM (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Cisco Systems SM-ISM yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Cisco Systems SM-ISM - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Cisco Systems SM-ISM you will learn all the available features of the product, as well as information on its operation. The information that you get Cisco Systems SM-ISM will certainly help you make a decision on the purchase.
If you already are a holder of Cisco Systems SM-ISM, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Cisco Systems SM-ISM.
However, one of the most important roles played by the user manual is to help in solving problems with Cisco Systems SM-ISM. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Cisco Systems SM-ISM along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
