|
|
Table Of Contents
Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W -
Index
Symbols
? command 1 - 1
A
AAA
configuring 4 - 8
servers supported 4 - 9
aaa authentication login default command 4 - 8
aaa authorization auth-proxy default command 4 - 8
aaa new-model command 4 - 8
abbreviating commands, context-sensitive help 1 - 1
accept dialin command 4 - 5, 4 - 7
access control
planning 2 - 15
undefined packets and 3 - 37
access control lists
access-list (encryption) command 3 - 21
access-list command 3 - 36
access-list permit host eq host command 4 - 9
access-list permit ip host command 3 - 21
access lists
applying to interfaces 3 - 37
considerations 2 - 14
protecting from spoofing 2 - 15
violating 2 - 14
WFQ and 3 - 31
See also extended access lists
accounting
See AAA 4 - 8
ACLs
CBWFQ and 3 - 32
address keywords, using (note) 3 - 18
AHs
description 3 - 23
ESP and (note) 3 - 23
IP numbers 3 - 21
arrow keys, on ANSI-compatible terminals (note) 1 - 2
attaching
policy maps 3 - 30
service policies 3 - 34
authentication
authentication command 3 - 15
authentication headers
authentication proxies
description 4 - 8
verifying 4 - 11
authorization
B
backbone routers, QoS functions 3 - 28
bandwidth command 3 - 30, 3 - 34
broadcasts
disabling directed 2 - 15
business scenarios
figure 2 - 2
See also extranet VPN scenarios
See also remote access VPN scenarios
See also site-to-site VPN scenarios
C
CA interoperability
description 3 - 13
carrier protocols (tunneling) 3 - 6
CBWFQ
configuring 3 - 32
enabling 3 - 34
verifying 3 - 35
CDP, turning off 2 - 15
certificate revocation lists
See CRLs 2 - 6
changes, saving 1 - 7
Cisco Discovery Protocol
Cisco Express Forwarding support
Cisco IOS commands
See commands 5 - 5
Cisco IOS firewall authentication proxy
Cisco IOS firewalls
Cisco SAFE Blueprint
network design considerations 2 - 3
Cisco Secure Policy Manager
Cisco Secure VPN Client
locating documentation 4 - 3
Cisco VPN and Security Management Solution
See VMS 5 - 2
Cisco VPN Device Manager 5 - 3
Cisco VPN Monitor 5 - 2
Class-Based Weighted Fair Queuing
class class-default command 3 - 34
class-map command 3 - 29, 3 - 33
class-map match-all 3 - 29
class maps
configuring 3 - 29
defining 3 - 33
verifying 3 - 29
class policies
configuring 3 - 34
clear crypto sa command 3 - 27
CLI
configuring software using 1 - 1
VDM commands 5 - 5
command-line interface
command modes
command options 1 - 2
description 1 - 4
online help 1 - 1
summary (table) 1 - 5
commands
abbreviating 1 - 1
disabling functions 1 - 6
finding options (table) 1 - 2
configuration examples
extranet
business partner router 3 - 44to 3 - 45
headquarters router 3 - 42to 3 - 44
remote access
L2TP/IPSec configuration 4 - 13
PPTP/MPPE configuration 4 - 11
site-to-site
headquarters router 3 - 39to 3 - 40
remote office router 3 - 40to 3 - 41
configuration files
corrupted 1 - 5
saving changes 1 - 7
saving to NVRAM 1 - 7
configuration modes, using 1 - 5
configuring
AAA 4 - 8
authentication methods with IKE policies 3 - 16
authentication proxies 4 - 8to 4 - 10
CBWFQ 3 - 32
class maps 3 - 29
class policies 3 - 34
crypto maps 3 - 23
encryption 3 - 21to 3 - 23, 4 - 7
fair queuing 3 - 31
firewalls 3 - 35
GRE tunnels 3 - 3, 3 - 8to 3 - 9
HTTP servers 4 - 9
IPSec 4 - 7
IPSec tunnel mode 3 - 22
L2TP 4 - 7
L2TP/IPSec 4 - 6
MPPE 4 - 6
NBAR 3 - 28
policy maps 3 - 30
PPTP 4 - 5
PPTP/MPPE 4 - 4
pre-shared keys 3 - 17, 3 - 20
QoS 3 - 27
virtual templates 4 - 5, 4 - 6
connectivity
testing 5 - 14
console access considerations 2 - 14
console ports
breaks on 2 - 15
configuring passwords on 2 - 14
controller isa command 4 - 6
CRLs
performance considerations 2 - 6
crypto access lists
commands (table) 3 - 21
compatibility 3 - 23
creating 3 - 21
extended access lists and 3 - 36
verifying 3 - 22
crypto dynamic-map command 3 - 25
crypto ipsec transform-set command 3 - 22
crypto isakmp enable command 3 - 15
crypto isakmp identity address command 3 - 17
crypto isakmp key address command 3 - 18
crypto isakmp key command 3 - 17, 3 - 20
crypto map command 3 - 24
crypto map entries
configuring 3 - 23
creating 3 - 24
defining IPSec processing 3 - 21
verifying 3 - 26
crypto maps
applying to interfaces 3 - 26
verifying interface associations 3 - 27
crypto map s4second command 3 - 27
CSPM
description 5 - 1
D
default commands, using 1 - 6
defining class maps 3 - 33
demilitarized zone
denial-of-service attacks, directed broadcasts and 2 - 15
dial-in sessions 4 - 5
Diffie-Hellman group identifier, specifying 3 - 16
digital certificates
authentication 3 - 16
CAs and 3 - 13
directed broadcasts
DMZ network description 3 - 36
dynamic crypto map
configuring 3 - 14
creating 3 - 25
ease of configuration 3 - 24
E
edge routers, QoS functions 3 - 28
enable password command 2 - 14
enable secret command 2 - 14
encapsulating security payload
encryption
tunnels and 3 - 7
encryption command 3 - 15
encryption mppe command 4 - 6
error messages
ICMP Host Unreachable 3 - 37
ESP
AH and (note) 3 - 23
IP numbers and 3 - 21
performance considerations 2 - 13
extended access lists
creating 3 - 36
description 3 - 35
extranet VPN scenarios 3 - 5
configuring business partner routers 3 - 44
configuring headquarters routers 3 - 42to 3 - 44
description 2 - 2
figure 3 - 4
physical elements (figure) 3 - 5
physical elements (table) 3 - 6
sample configurations
physical elements (figure) 3 - 42
F
fair-queue command 3 - 31
fair queuing
configuring 3 - 31
flow-based WFQ 3 - 31
See also CBWFQ 3 - 31
See also WFQ 3 - 31
fast switching support 2 - 14
firewalls
basic traffic filtering configurations 3 - 35
benefits 3 - 35
configuring 3 - 35
considerations 2 - 14
flow classification of packets 3 - 31
G
generic routing encapsulation
global configuration mode
summary 1 - 5
GRE
description 2 - 6
IPSec and 2 - 7
See also GRE tunnels 2 - 7
GRE tunnels
access servers (note) 3 - 8
Cisco routers (note) 3 - 8
protocol 3 - 6
troubleshooting configurations 3 - 9
verifying 3 - 9
See also site-to-site VPN scenarios
group command 3 - 16
H
hash command 3 - 15
headquarters network scenarios
See also extranet VPN scenarios
See also remote access VPN scenarios
See also site-to-site VPN scenarios
hello packets
help
CLI 1 - 1
finding command options 1 - 2
help command 1 - 1
hostname keywords, using (note) 3 - 18, 3 - 21
Hot Standby Routing Protocol
HSRP
description 2 - 11
HTTP servers
configuring 4 - 9
hybrid network environments
network design considerations 2 - 4
I
ICMP filtering
fragmentation and 2 - 13
ICMP Host Unreachable messages 3 - 37
IKE
description 3 - 13
performance considerations 2 - 13
policies
verifying 3 - 19
SAs and 3 - 24
UDP port 3 - 21
IKE keys
IKE policies
configuration requirements 3 - 16
defaults, viewing 3 - 9
default values (note) 3 - 15
enabling by default 3 - 14
identifying 3 - 15
RSA signatures method requirements 3 - 16
troubleshooting 3 - 19
viewing configuration 3 - 19
viewing default configuration 3 - 9
inside global address 3 - 11
inside local address 3 - 11
inside network 3 - 10
integrated versus overlay design 2 - 4
interface command 4 - 10
interface configuration mode, summary 1 - 5
interface fastethernet command 3 - 12
interfaces
applying crypto maps 3 - 26
applying IP access lists 3 - 37
verifying crypto map associations 3 - 27
interface serial command 3 - 31
interface tunnel command 3 - 8
interface virtual-template number command 4 - 5
Internet Key Exchange
Internet Security Association & Key Management Protocol identities
intrusion detection 3 - 35
IOS Commands 5 - 5
ip access-group command 3 - 37
ip access-list extended command 3 - 21
IP access lists
applying to interfaces 3 - 37
configuring security and 2 - 14
inbound 3 - 37
outbound 3 - 37
software checking of 3 - 37
undefined 3 - 37
See also extended access lists
IP addresses
NAT definitions 3 - 11
nonregistered 3 - 10
protecting internal 2 - 15
renumbering 3 - 10
static translation 3 - 11
ip auth-proxy auth-cache-time command 4 - 10
ip auth-proxy auth-proxy-banner command 4 - 10
ip auth-proxy command 4 - 10
ip auth-proxy name http command 4 - 10
IP datagrams
in IPSec tunnel mode 3 - 9
ip http access-class command 4 - 10
ip http authentication aaa command 4 - 10
ip http server command 4 - 9
ip local pool default command 4 - 5
ip mroute-cache command 4 - 5
ip nat inside command 3 - 12
ip nat inside source command 3 - 12
ip nat outside command 3 - 12
ip route command 3 - 8
IPSec
clearing SAs 3 - 27
configuring 3 - 21to 3 - 23, 4 - 7
configuring tunnels 3 - 13
description 3 - 13
in VDM 5 - 3
IP unicast frames 3 - 7
NAT and 2 - 8
proxies 3 - 9
IPSec access lists
explicitly permitting traffic (note) 3 - 21
requirements 3 - 21
IPSec MIBs
as network management tool 5 - 3
IPSec transport mode
description 3 - 10
IPSec tunnel mode
configuring 3 - 22
GRE tunnels and (note) 4 - 7
verifying 3 - 23
IPSec tunnels
configuring 3 - 9
IP Security Protocol
IP unicast frames, IPSec and 3 - 7
ip unnumbered command 4 - 5
ISAKMP identities
setting 3 - 18
ISAKMP identities, setting 3 - 20
K
keys
L
L2TP
compatibility 4 - 4
configuring 4 - 7
verifying 4 - 7
L2TP/IPSec
configuring 4 - 6
Layer 2 Tunneling Protocol
lifetime command 3 - 16
local name command 4 - 5, 4 - 7
loopback interfaces
emulating interfaces 2 - 14
using 3 - 24
M
maps
See specific kinds of maps (for example, class maps)
match access-group command 3 - 33
match address command 3 - 24, 3 - 25
match-all command 3 - 29
match-any command 3 - 29
match class-map command 3 - 29
match input-interface command 3 - 33
match not command 3 - 29
match protocol command 3 - 29, 3 - 33
MIBs
Microsoft
Windows 2000 4 - 3
Windows 95 4 - 3
Windows 98 4 - 3
Windows NT 4.0 4 - 3
Microsoft Challenge Handshake Authenication Protocol
Microsoft Dial-Up Networking 4 - 3
Microsoft Point-to-Point Compression
Microsoft Point-to-Point Encryption
mixed device deployments
network design considerations 2 - 4
modes
mode tunnel command 3 - 22
Modular QoS Command-Line Interface
MPPC 4 - 4
MPPE
configuring 4 - 6
MS-CHAP and (note) 4 - 4
verifying 4 - 6
MQC 3 - 29
MS-CHAP
MPPE and (note) 4 - 4
N
NAT
address definitions 3 - 11
network design considerations and 2 - 8
source address translation process 3 - 12
static translation process 3 - 12
tunnels and 3 - 7
NBAR
attaching policy maps to interfaces 3 - 30
configuring class maps 3 - 29
configuring policy maps 3 - 30
verifying class map configuration 3 - 29
verifying policy map configuration 3 - 30
Network Address Translation
network-based application recognition
network design considerations
Cisco SAFE Blueprint 2 - 3
fragmentation 2 - 10
GRE and 2 - 10
IKE and 2 - 10
IKE key lifetimes and 2 - 13
mixed devices deployments 2 - 4
optimizing traffic throughput 2 - 5
resiliency and 2 - 10
RRI with HSRP and 2 - 10
network management applications
description 2 - 16
network redundancy 3 - 7
network resiliency
Network Time Protocol
no bandwidth command 3 - 30
no cdp run command 2 - 15
no class-map command 3 - 29
no commands 1 - 6
no ip directed-broadcast command 2 - 15
no ip source-route command 2 - 15
no match-all command 3 - 29
no match-any command 3 - 29
no police command 3 - 30
no policy-map command 3 - 30
no proxy-arp command 2 - 15
no random-detect command 3 - 30
no service-policy command 3 - 30
no service tcp-small-servers command 2 - 15
no service udp-small-servers command 2 - 15
no set command 3 - 30
no shutdown command 3 - 8
NTP
disabling 2 - 15
ntp disable command 2 - 15
NVRAM, saving configuration to 1 - 7
O
outside
global address 3 - 11
local address 3 - 11
network 3 - 10
P
packets
flow classification 3 - 31
fragmentation 2 - 13
passenger protocols (tunneling) 3 - 6
passwords
commands for setting 2 - 14
port for configuring 2 - 14
peer default ip address pool default command 4 - 5
ping command 3 - 9
PIX Firewall
Point-to-Point Tunneling Protocol
police bps conform transmit exceed drop command 3 - 30
policies
policy-map command 3 - 30, 3 - 34
policy maps
attaching to interfaces 3 - 30
configuring 3 - 30
configuring classes 3 - 34
displaying contents 3 - 35
verifying 3 - 30
ppp authentication ms-chap command 4 - 5
ppp encrypt mppe command 4 - 5
PPTP
configuration example 4 - 11to 4 - 13
configuring 4 - 5
PPTP/MPPE
configuring 4 - 4
verifying 4 - 6
pre-shared keys
priority traffic
privileged EXEC mode, summary 1 - 5
process switching support 2 - 14
prompts, system 1 - 5
protocol l2tp command 4 - 7
protocol pptp command 4 - 5
protocols, tunneling 3 - 6
proxyacl#n command 4 - 9
Q
QoS
benefits 2 - 9to??
characteristics 3 - 27
configuring 3 - 27
queue-limit command 3 - 30, 3 - 34
R
RADIUS
implementing 2 - 14
random-detect command 3 - 30
Remote Access Dial-In User Service
remote access VPN scenarios
physical elements (table) 4 - 3
Rivest, Shamir, and Adelman
See RSA encrypted nonces method
ROM monitor mode
description 1 - 5
summary 1 - 6
RSA encrypted nonces method 3 - 16
RSA signatures, configuration requirements for IKE 3 - 16
S
SAFE
See Cisco SAFE Blueprint 2 - 3
SAs
IKE established
creating crypto map entries 3 - 24
saving, configuration changes 1 - 7
scenarios
See remote access VPN scenarios
See site-to-site VPN scenarios
security associations
service policies
attaching 3 - 34
service-policy command 3 - 34
service-policy input command 3 - 30
service-policy output command 3 - 30
set ip precedence command 3 - 30
set peer command 3 - 24, 3 - 25
set qos-group command 3 - 30
set security-association lifetime command 3 - 26
set transform-set command 3 - 25
show access-lists command 3 - 22, 3 - 37
show class-map command 3 - 29
show crypto ipsec transform-set command 3 - 23
show crypto isakmp policy command 3 - 15, 3 - 19
show crypto map command 3 - 26
show crypto map interface command 3 - 27
show interfaces fair-queue command 3 - 32
show interfaces ip command 3 - 38
show interfaces serial command 3 - 32
show interfaces tunnel command 3 - 9
show ip auth-proxy cache command 4 - 11
show ip auth-proxy configuration command 4 - 11
show ip nat translations verbose command 3 - 13
show policy-map command 3 - 30
show policy policy-map command 3 - 35
show running-config command 4 - 11, 4 - 13
show version command 3 - 19
show vpdn session command 4 - 6
show vpdn tunnel command 4 - 6, 4 - 7
site-to-site VPN scenario
configuring 3 - 8
description 2 - 2
figure 3 - 3
physical elements 3 - 3
physical elements (figure) 3 - 3, 3 - 38
physical elements (table) 3 - 4
site-to-site VPN scenarios
configuration, example 3 - 38to 3 - 41
configuring headquarters router 3 - 39to 3 - 40
configuring remote office router 3 - 40to 3 - 41
description 3 - 2
software and hardware compatability iv
source routing, disabling 2 - 15
spoofing, protecting against 2 - 15
startup configuration, saving 1 - 7
static translation
configuring 3 - 11
description 3 - 11
verifiying 3 - 13
static translation
configuring 3 - 12
static translation
configuring 3 - 12
Statistics
graphing in VDM 5 - 10
stub domain, NAT configured on 3 - 10
subinterface configuration mode, summary 1 - 6
syslog
advantages 2 - 14
T
Tab key, command completion 1 - 1
TACACS+
implementing 2 - 14
tacacs-server host command 4 - 8
tacacs-server key command 4 - 8
tail drop 3 - 34
TED
description 2 - 16
Telnet access considerations 2 - 14
template configurations, special considerations 2 - 14
Terminal Access Controller Access Control System Plus
traffic priority management
transform sets
crypto map entries and 3 - 24
defining 3 - 22
verifying 3 - 23
transport mode
description 3 - 10
transport protocols (tunneling) 3 - 6
troubleshooting
entering ROM monitor mode at startup 1 - 5
extended access lists 3 - 38
GRE tunnels 3 - 9
IKE policy verification 3 - 19
syslog message logs for 2 - 14
tunnel destination command 3 - 8
tunnel endpoint discovery
tunneling
components 3 - 6
description 3 - 6
encryption in 3 - 7
special considerations 2 - 14
tunnel mode
description 3 - 9
tunnel mode gre ip command 3 - 8
tunnel modes
tunnel source command 3 - 8
U
user EXEC mode, summary 1 - 5
V
VDM
benefits 5 - 5
client installation 5 - 5
configuring VPNs 5 - 7
graphing statistics 5 - 10
installing 5 - 6
overview 5 - 3
troubleshooting connectivity 5 - 14
verifying
authentication proxies 4 - 11
CBWFQ 3 - 35
class maps 3 - 29
crypto access lists 3 - 22
crypto map entries 3 - 26
crypto map interface associations 3 - 27
extended access lists 3 - 37, 3 - 38
GRE tunnel configuration 3 - 9
IKE policies 3 - 19
IPSec tunnel mode 3 - 23
L2TP 4 - 7
PPTP/MPPE 4 - 6
transform sets 3 - 23
WFQ configuration 3 - 32
Virtual Private Networks
virtual-template command 4 - 5, 4 - 7
virtual templates
virtual terminal ports, protecting 2 - 15
vpdn-enable command 4 - 5, 4 - 7
vpdn-group 1 command 4 - 5, 4 - 7
VPNs
configuration assumptions 2 - 2
See also extranet VPN scenario
See also remote access VPN scenario
See also site-to-site VPN scenario
W
weighted fair queuing
weighted random early detection
WFQ
configuring 3 - 31
traffic priority management 3 - 31
verifying configuration 3 - 32
Windows 2000
compatibility 4 - 4
wizards
configuring VDM 5 - 7
configuring VPNs 5 - 7
WRED
CBWFQ support and 3 - 32
See also CBWFQ 3 - 32
Posted: Mon Dec 20 09:53:50 PST 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.