|
This guide provides overview and provisioning information for the Cisco Network-Based IPSec VPN Release 1.5. This preface has the following main subjects:
This guide provides an overview of the Cisco network-based IPSec VPN solution Release 1.5 architectures as well as planning information. The guide references features described in Cisco IOS software configuration guides and command references. Consult those documents for additional information.
This guide is meant for new and existing MPLS VPN service providers. It includes overview and configuration information designed to enable users to get their systems running as quickly as possible. However, it does not include extensive software configuration instructions. For more extensive software configuration information, refer to Cisco IOS configuration guides and command references. See also the documents listed under Related Documentation, and For More Information.
This guide is intended primarily for the following audiences:
This guide describes software installation and configuration procedures which are presented in the following chapters:
This publication uses the following conventions to display instructions and information.
Interactive examples showing prompts AS5800(config-line)#
are used in procedures to show prompts for entering a command, and the result.
Note Means reader take note. Notes contain helpful suggestions or references to materials not contained in this manual. |
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. |
Tip Means the following information will help you solve a problem. |
Safety warnings appear throughout this publication in procedures that, if performed incorrectly, may harm you. A warning symbol precedes each warning statement. To see translations of safety warnings, refer to the Regulatory Compliance and Safety Information document that shipped with your system.
Warning This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. To see translations of the warnings that appear in this publication, refer to the Regulatory Compliance and Safety Information document that accompanied this device. |
Waarschuwing Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het document Regulatory Compliance and Safety Information (Informatie over naleving van veiligheids- en andere voorschriften) raadplegen dat bij dit toestel is ingesloten.
Varoitus Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät laitteen mukana olevasta Regulatory Compliance and Safety Information -kirjasesta (määräysten noudattaminen ja tietoa turvallisuudesta).
Attention Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant causer des blessures ou des dommages corporels. Avant de travailler sur un équipement, soyez conscient des dangers posés par les circuits électriques et familiarisez-vous avec les procédures couramment utilisées pour éviter les accidents. Pour prendre connaissance des traductions d'avertissements figurant dans cette publication, consultez le document Regulatory Compliance and Safety Information (Conformité aux règlements et consignes de sécurité) qui aCisco.commpagne cet appareil.
Warnung Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewußt. Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise finden Sie im Dokument Regulatory Compliance and Safety Information (Informationen zu behördlichen Vorschriften und Sicherheit), das zusammen mit diesem Gerät geliefert wurde.
Avvertenza Questo simbolo di avvertenza indica un pericolo. La situazione potrebbe causare infortuni alle persone. Prima di lavorare su qualsiasi apparecchiatura, oCisco.comrre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nel documento Regulatory Compliance and Safety Information (Conformità alle norme e informazioni sulla sicurezza) che aCisco.commpagna questo dispositivo.
Advarsel Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du utfører arbeid på utstyr, må du vare oppmerksom på de faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i dokumentet Regulatory Compliance and Safety Information (Overholdelse av forskrifter og sikkerhetsinformasjon) som ble levert med denne enheten.
Aviso Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos físicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. Para ver as traduções dos avisos que constam desta publicação, consulte o documento Regulatory Compliance and Safety Information (Informação de Segurança e Disposições Reguladoras) que acompanha este dispositivo.
¡Advertencia! Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes. Para ver una traducción de las advertencias que aparecen en esta publicación, consultar el documento titulado Regulatory Compliance and Safety Information (Información sobre seguridad y conformidad con las disposiciones reglamentarias) que se acompaña con este dispositivo.
Varning! Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. Se förklaringar av de varningar som förkommer i denna publikation i dokumentet Regulatory Compliance and Safety Information (Efterrättelse av föreskrifter och säkerhetsinformation), vilket medföljer denna anordning.
In addition to this guide, the Cisco network-based IPSec VPN solution Release 1.5 documentation set includes:
http://www.cisco.com/univercd/cc/td/doc/product/vpn/solution/aswan15/omt/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/vpn/solution/aswan15/sig/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/vpn/solution/aswan15/aswnrn15.htm
The following platform specific hardware component reference documentation is available on Cisco.com or the Cisco Universal CD.
The following Cisco MPLS VPN Solution Center reference documentation is available on Cisco.com or the Cisco Universal Documentation CD.
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/vpnsc/mpls/index.htm
Cisco network management reference documentation is available on Cisco.com or Cisco's Universal Documentation CD.
http://www.cisco.com/univercd/home/home.htm
http://www.cisco.com/univercd/cc/td/doc/product/core/index.htm
For information on VPN 3002 Hardware Clients, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3002/index.htm
For information on Cisco PIX with EzVPN Client, go to the following url:
http://www.cisco.com/en/US/products/sw/cscowork/ps3992/index.html
For information on Cisco 8xx Series Routers, go to the following url:
http://www.cisco.com/en/US/products/hw/routers/ps380/index.html .
For information on Cisco 17xx Series Routers, go to the following url:
http://www.cisco.com/en/US/products/hw/routers/ps221/index.html .
For information on Cisco 26xx Series Routers, go to the following url:
http://www.cisco.com/en/US/products/hw/routers/ps259/index.html
For information on Cisco 36xx Series Routers, go to the following url:
http://www.cisco.com/en/US/products/hw/routers/ps274/index.html dial access, virtual private networks (VPNs), and multiprotocol data routing
For information on Cisco 72xx Series Routers, go to the following url:
http://www.cisco.com/en/US/products/hw/routers/ps341/index.html
The following Cisco IOS reference documentation is available on Cisco.com or the Cisco Universal Documentation CD.
For information on Cisco IOS Software Configuration, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/product/software/index.htm
For information on MPLS VPN Overviews and Configurations, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt4/index.htm
The following internetworking technology reference documentation is available on Cisco.com or the Cisco Universal Documentation CD.
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/index.htm
For information on Virtual Private Networks Overview, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/vpn.htm
For information on Digital Subscriber Line Technology, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/adsl.htm
For information on Access VPDN Dial-in Using L2TP, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/l2tp/index.htm
For information on Access VPN Solutions Using Tunneling Technology, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/vpn_soln/index.htm
For information on Tag Switching, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/tagswtch.htm
For information on Cisco Secure VPN Client Solutions Guide, go to the following url:, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csvpnc/csvpnsg/index.htm
For information on Introduction to WAN Technologies, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introwan.htm
For information on Internetwork Troubleshooting Guides, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/index.htm
For information on Internetworking Terms and Acronyms, go to the following url:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm
For information on MPLS, use the following resources:
Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.
Registered Cisco.com users can order the Documentation CD-ROM (product number DOC-CONDOCCD=) through the online Subscription Store:
http://www.cisco.com/go/subscription
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
http://www.cisco.com/en/US/partner/ordering/index.shtml
http://www.cisco.com/go/subscription
You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click Feedback at the top of the page.
You can e-mail your comments to bug-doc@cisco.com.
You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
Cisco provides Cisco.com, which includes the Cisco Technical Assistance Center (TAC) Website, as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from the Cisco TAC website. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC website, including TAC tools and utilities.
Cisco.com offers a suite of interactive, networked services that let you access Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com provides a broad range of features and services to help you with these tasks:
To obtain customized information and service, you can self-register on Cisco.com at this URL:
The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC website and the Cisco TAC Escalation Center. The avenue of support that you choose depends on the priority of the problem and the conditions stated in service contracts, when applicable.
We categorize Cisco TAC inquiries according to urgency:
You can use the Cisco TAC website to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC website, go to this URL:
All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC website. Some services on the Cisco TAC website require a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:
http://tools.cisco.com/RPF/register/register.do
If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC website, you can open a case online at this URL:
http://www.cisco.com/en/US/support/index.html
If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC website so that you can describe the situation in your own words and attach any necessary files.
The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, have your service agreement number and your product serial number available.
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
http://www.cisco.com/en/US/products/products_catalog_links_launch.html
http://www.cisco.com/en/US/about/ac123/ac114/about_cisco_packet_magazine.html
http://business.cisco.com/prod/tree.taf%3fasset_id=44699&public_view=true&kbns=1.html
http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html
http://www.cisco.com/en/US/learning/le31/learning_recommended_training_list.html
Posted: Tue May 20 14:35:53 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.