Software Guide
Page 5
...the Crypto Map to the Physical Interface 7-7 Configure a GRE Tunnel 7-8 Configuration Example 7-9 Configuring a Simple Firewall 8-1 Configure Access Lists 8-3 Configure Inspection Rules 8-4 Apply Access Lists and Inspection Rules to Interfaces 8-4 Configuration Example 8-5 Configuring a Wireless LAN Connection 9-1 Configure the Root Radio Station 9-2 Configure Bridging...10-1 Configuring Security Features 11-1 Authentication, Authorization, and Accounting 11-1 Configuring AutoSecure 11-2 Configuring Access Lists 11-2 Access Groups 11-3 Cisco Secure Router 520 Series Software Configuration Guide v
...the Crypto Map to the Physical Interface 7-7 Configure a GRE Tunnel 7-8 Configuration Example 7-9 Configuring a Simple Firewall 8-1 Configure Access Lists 8-3 Configure Inspection Rules 8-4 Apply Access Lists and Inspection Rules to Interfaces 8-4 Configuration Example 8-5 Configuring a Wireless LAN Connection 9-1 Configure the Root Radio Station 9-2 Configure Bridging...10-1 Configuring Security Features 11-1 Authentication, Authorization, and Accounting 11-1 Configuring AutoSecure 11-2 Configuring Access Lists 11-2 Access Groups 11-3 Cisco Secure Router 520 Series Software Configuration Guide v
Software Guide
Page 7
... for DSL B-4 PVC B-5 Dialer Interface B-5 NAT B-5 Easy IP (Phase 1) B-6 Easy IP (Phase 2) B-6 QoS B-7 IP Precedence B-7 PPP Fragmentation and Interleaving B-7 CBWFQ B-8 RSVP B-8 Low Latency Queuing B-8 Access Lists B-9 ROM Monitor C-1 Entering the ROM Monitor C-1 ROM Monitor Commands C-2 Command Descriptions C-3 Disaster Recovery with TFTP Download C-3 TFTP Download Command Variables C-4 Required Variables...
... for DSL B-4 PVC B-5 Dialer Interface B-5 NAT B-5 Easy IP (Phase 1) B-6 Easy IP (Phase 2) B-6 QoS B-7 IP Precedence B-7 PPP Fragmentation and Interleaving B-7 CBWFQ B-8 RSVP B-8 Low Latency Queuing B-8 Access Lists B-9 ROM Monitor C-1 Entering the ROM Monitor C-1 ROM Monitor Commands C-2 Command Descriptions C-3 Disaster Recovery with TFTP Download C-3 TFTP Download Command Variables C-4 Required Variables...
Software Guide
Page 17
... documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in... Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly...
... documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in... Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly...
Software Guide
Page 23
... from your router, beginning with each router and their associated port labels on your public telephone service provider. Interface Port Labels Table 1-1 lists the interfaces supported for each task to the Router A configuration example is DMT (also called ANSI T1.413) or DMT Issue 2. OL-14210...-01 Cisco Secure Router 520 Series Software Configuration Guide 1-3 Ensure that the ADSL signaling type is presented with the tasks in the "Configuring Basic Parameters"...
... from your router, beginning with each router and their associated port labels on your public telephone service provider. Interface Port Labels Table 1-1 lists the interfaces supported for each task to the Router A configuration example is DMT (also called ANSI T1.413) or DMT Issue 2. OL-14210...-01 Cisco Secure Router 520 Series Software Configuration Guide 1-3 Ensure that the ADSL signaling type is presented with the tasks in the "Configuring Basic Parameters"...
Software Guide
Page 31
... mode, and enables RIP on network traffic or topology. ODR, P - Configuring RIP Perform these routing protocols on your router. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-11 per-user static route o - Example: Router(config-router)# version 2 Router(config-router)# Step ...3 network ip-address Example: Router(config-router)# network 192.168.1.1 Router(config-router)# network 10.10.7.1 Router(config-router)# Specifies a list of networks on which RIP is to be applied, using the address of the network of last resort is not set 10.0.0.0/24 is ...
... mode, and enables RIP on network traffic or topology. ODR, P - Configuring RIP Perform these routing protocols on your router. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-11 per-user static route o - Example: Router(config-router)# version 2 Router(config-router)# Step ...3 network ip-address Example: Router(config-router)# network 192.168.1.1 Router(config-router)# network 10.10.7.1 Router(config-router)# Specifies a list of networks on which RIP is to be applied, using the address of the network of last resort is not set 10.0.0.0/24 is ...
Software Guide
Page 38
... the Fast Ethernet WAN Interfaces • Configure the Dialer Interface • Configure Network Address Translation An example showing the results of the Cisco router) signifies two addressing domains and the inside source address. Step 1 Command or Action vpdn enable Example: Router(config)# vpdn enable ...PPPoE client session terminates, and the PPPoE client immediately tries to configure a VPDN, starting from the global configuration mode. The source list defines how the packet travels through the router by way of two ways: • By entering the clear vpdn tunnel pppoe ...
... the Fast Ethernet WAN Interfaces • Configure the Dialer Interface • Configure Network Address Translation An example showing the results of the Cisco router) signifies two addressing domains and the inside source address. Step 1 Command or Action vpdn enable Example: Router(config)# vpdn enable ...PPPoE client session terminates, and the PPPoE client immediately tries to configure a VPDN, starting from the global configuration mode. The source list defines how the packet travels through the router by way of two ways: • By entering the clear vpdn tunnel pppoe ...
Software Guide
Page 41
..., packets sourced from addresses that can be set , see the Cisco IOS IP Command Reference, Volume 2; Step 8 exit Exits the dialer 0 interface configuration. Packets are checked against the access list for possible address translation. Step 10 ip route prefix mask {interface... PPP authentication method to a specific destination subnetwork. For details about this command and additional parameters that match a standard access list, using global addresses allocated by the dialer interface. For details about this command and additional parameters that can configure NAT for...
..., packets sourced from addresses that can be set , see the Cisco IOS IP Command Reference, Volume 2; Step 8 exit Exits the dialer 0 interface configuration. Packets are checked against the access list for possible address translation. Step 10 ip route prefix mask {interface... PPP authentication method to a specific destination subnetwork. For details about this command and additional parameters that match a standard access list, using global addresses allocated by the dialer interface. For details about this command and additional parameters that can configure NAT for...
Software Guide
Page 42
...Reference, Volume 1 of 4: Addressing and Services. The second example shows the addresses permitted by the access list 1 to be set , as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Step 4 ip nat {inside |...Enters configuration mode for the VLAN (on the inside interface. The first example shows the addresses permitted by access list acl1 to be the inside interface. Cisco Secure Router 520 Series Software Configuration Guide 3-6 OL-14210-01 Example: Router(config)# ip nat pool pool1 192....
...Reference, Volume 1 of 4: Addressing and Services. The second example shows the addresses permitted by the access list 1 to be set , as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Step 4 ip nat {inside |...Enters configuration mode for the VLAN (on the inside interface. The first example shows the addresses permitted by access list acl1 to be the inside interface. Cisco Secure Router 520 Series Software Configuration Guide 3-6 OL-14210-01 Example: Router(config)# ip nat pool pool1 192....
Software Guide
Page 43
... mode for the Fast Ethernet WAN interface (FE4) to the Ethernet interface. For complete information on the NAT commands, see the Cisco IOS Release 12.3 documentation set , as well as the NAT outside interface for NAT. For details about enabling static translation, see...)# access-list 1 permit 192.168.1.0 0.0.0.255 Defines a standard access list indicating which addresses need translation. Note All other addresses are implicitly denied. Step 10 exit Example: Router(config-if)# exit Router(config)# Exits configuration mode for information on NAT concepts, see the Cisco IOS IP...
... mode for the Fast Ethernet WAN interface (FE4) to the Ethernet interface. For complete information on the NAT commands, see the Cisco IOS Release 12.3 documentation set , as well as the NAT outside interface for NAT. For details about enabling static translation, see...)# access-list 1 permit 192.168.1.0 0.0.0.255 Defines a standard access list indicating which addresses need translation. Note All other addresses are implicitly denied. Step 10 exit Example: Router(config-if)# exit Router(config)# Exits configuration mode for information on NAT concepts, see the Cisco IOS IP...
Software Guide
Page 44
... have used a private IP address. The VLAN interface has an IP address of 192.168.1.1 with a subnet mask of the configuration file for inside source list 1 interface dialer 0 overload ip classless (default) ip route 10.10.25.2 0.255.255.255 dialer 0 ! Verifying Your Configuration Use the show ip ... Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: FastEthernet4 Inside interfaces: Vlan1 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Cisco Secure Router 520 Series Software Configuration Guide 3-8 OL-14210-01
... have used a private IP address. The VLAN interface has an IP address of 192.168.1.1 with a subnet mask of the configuration file for inside source list 1 interface dialer 0 overload ip classless (default) ip route 10.10.25.2 0.255.255.255 dialer 0 ! Verifying Your Configuration Use the show ip ... Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: FastEthernet4 Inside interfaces: Vlan1 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Cisco Secure Router 520 Series Software Configuration Guide 3-8 OL-14210-01
Software Guide
Page 45
Chapter 3 Configuring PPP over Ethernet with NAT Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 Configuration Example OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 3-9
Chapter 3 Configuring PPP over Ethernet with NAT Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 Configuration Example OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 3-9
Software Guide
Page 48
...network (ISDN) using the following protocols on an ATM interface, but each session must use a separate dialer interface and a separate dialer pool. Cisco Secure Router 520 Series Software Configuration Guide 4-2 OL-14210-01 Configure the Dialer Interface Chapter 4 Configuring PPP over ATM with NAT In this ...configuration tasks is also used for example, default routing information, the encapsulation protocol, and the dialer pool to the ISP. The source list defines how the packet travels through the LAN and off-loads it to the PPP connection on the ATM interface. It is shown ...
...network (ISDN) using the following protocols on an ATM interface, but each session must use a separate dialer interface and a separate dialer pool. Cisco Secure Router 520 Series Software Configuration Guide 4-2 OL-14210-01 Configure the Dialer Interface Chapter 4 Configuring PPP over ATM with NAT In this ...configuration tasks is also used for example, default routing information, the encapsulation protocol, and the dialer pool to the ISP. The source list defines how the packet travels through the LAN and off-loads it to the PPP connection on the ATM interface. It is shown ...
Software Guide
Page 50
... parameters that can be set , see the Cisco IOS Dial Technologies Command Reference. Example: Router(config-if)# exit Router(config)# Step 9 dialer-list dialer-group protocol protocol-name {permit | deny | list access-list-number | access-group} Example: Router(config)# dialer-list 1 protocol ip permit Router(config)# Creates a dialer list and associates a dial group with NAT Step...
... parameters that can be set , see the Cisco IOS Dial Technologies Command Reference. Example: Router(config-if)# exit Router(config)# Step 9 dialer-list dialer-group protocol protocol-name {permit | deny | list access-list-number | access-group} Example: Router(config)# dialer-list 1 protocol ip permit Router(config)# Creates a dialer list and associates a dial group with NAT Step...
Software Guide
Page 53
... can configure NAT for the VLAN (on the inside interface, packets sourced from privileged EXEC mode. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-7 The first example shows the addresses permitted by the access list 1 to be set the way you want by using global addresses allocated by access...
... can configure NAT for the VLAN (on the inside interface, packets sourced from privileged EXEC mode. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-7 The first example shows the addresses permitted by the access list 1 to be set the way you want by using global addresses allocated by access...
Software Guide
Page 55
...-reassembly no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! interface Dialer0 ip address negotiated OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-9 Note If you must configure a loopback interface. Configuration Example The following configuration example shows a... mode for information on NAT commands, see Appendix B, "Concepts." For more general information on NAT concepts, see the Cisco IOS Release 12.3 documentation set. dsl operating-mode auto ! Example: Router(config-if)# exit Router(config)# Step 11 access...
...-reassembly no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! interface Dialer0 ip address negotiated OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-9 Note If you must configure a loopback interface. Configuration Example The following configuration example shows a... mode for information on NAT commands, see Appendix B, "Concepts." For more general information on NAT concepts, see the Cisco IOS Release 12.3 documentation set. dsl operating-mode auto ! Example: Router(config-if)# exit Router(config)# Step 11 access...
Software Guide
Page 56
... 192.168.1.0 0.0.0.255 dialer-list 1 protocol ip permit ip route 10.10.25.2 0.255.255.255 dialer 0 ! Verifying Your Configuration Use the show ip nat statistics Total active translations: 0 (0 static, 0 ... verify the PPPoA client with NAT ip mtu 1492 encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap ! Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 4-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Configuration Example Chapter 4 Configuring PPP over ATM with NAT configuration. ip nat...
... 192.168.1.0 0.0.0.255 dialer-list 1 protocol ip permit ip route 10.10.25.2 0.255.255.255 dialer 0 ! Verifying Your Configuration Use the show ip nat statistics Total active translations: 0 (0 static, 0 ... verify the PPPoA client with NAT ip mtu 1492 encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap ! Inside Source [Id: 1] access-list 1 interface Dialer0 refcount 0 Queued Packets: 0 4-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Configuration Example Chapter 4 Configuring PPP over ATM with NAT configuration. ip nat...
Software Guide
Page 69
...configuration to the crypto map, beginning in global configuration mode: Step 1 Command or Action Purpose crypto map map-name isakmp authorization list list-name Example: Applies mode configuration to the crypto map and enables key lookup (IKE queries) for the group. Example: Router(config...)# crypto map dynmap client configuration address respond Router(config)# OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 6-5 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Apply Mode Configuration ...
...configuration to the crypto map, beginning in global configuration mode: Step 1 Command or Action Purpose crypto map map-name isakmp authorization list list-name Example: Applies mode configuration to the crypto map and enables key lookup (IKE queries) for the group. Example: Router(config...)# crypto map dynmap client configuration address respond Router(config)# OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 6-5 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Apply Mode Configuration ...
Software Guide
Page 70
... authorization of all level | reverse-access | configuration} {default | network-related service requests, including PPP, list-name} [method1 [method2...]] and specifies the method of Cisco. Example: Router(config)# aaa authorization network rtr-remote local Router(config)# This example uses a local authorization ..., it is the same at method1 [method2...] login, and specifies the method used. This example implements a username of Cisco with an encrypted password of authorization. You could also use a particular transform set represents a certain combination of selected users ...
... authorization of all level | reverse-access | configuration} {default | network-related service requests, including PPP, list-name} [method1 [method2...]] and specifies the method of Cisco. Example: Router(config)# aaa authorization network rtr-remote local Router(config)# This example uses a local authorization ..., it is the same at method1 [method2...] login, and specifies the method used. This example implements a username of Cisco with an encrypted password of authorization. You could also use a particular transform set represents a certain combination of selected users ...
Software Guide
Page 74
...router# show crypto ipsec client ezvpn Tunnel name :ezvpnclient Inside interface list:vlan 1 Outside interface:fastethernet 4 Current State:IPSEC_ACTIVE Last Event:SOCKET_UP Address:8.0.0.5 Mask:255.255.255.255 Default Domain:cisco.com Configuration Example The following configuration example shows a portion of the ...ezvpn name [outside | inside] Example: Router(config-if)# crypto ipsec client ezvpn ezvpnclient outside Router(config-if)# Assigns the Cisco Easy VPN remote configuration to the WAN interface, causing the router to global configuration mode. Note For routers with an ATM ...
...router# show crypto ipsec client ezvpn Tunnel name :ezvpnclient Inside interface list:vlan 1 Outside interface:fastethernet 4 Current State:IPSEC_ACTIVE Last Event:SOCKET_UP Address:8.0.0.5 Mask:255.255.255.255 Default Domain:cisco.com Configuration Example The following configuration example shows a portion of the ...ezvpn name [outside | inside] Example: Router(config-if)# crypto ipsec client ezvpn ezvpnclient outside Router(config-if)# Assigns the Cisco Easy VPN remote configuration to the WAN interface, causing the router to global configuration mode. Note For routers with an ATM ...
Software Guide
Page 75
...3des authentication pre-share group 2 lifetime 480 ! crypto map static-map 1 ipsec-isakmp dynamic dynmap crypto map dynmap isakmp authorization list rtr-remote crypto map dynmap client configuration address respond crypto ipsec client ezvpn ezvpnclient connect auto group 2 key secret-password mode ...client peer 192.168.100.1 ! Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel username Cisco password 0 Cisco ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! crypto isakmp client configuration group rtr-remote key secret-password dns 10....
...3des authentication pre-share group 2 lifetime 480 ! crypto map static-map 1 ipsec-isakmp dynamic dynmap crypto map dynmap isakmp authorization list rtr-remote crypto map dynmap client configuration address respond crypto ipsec client ezvpn ezvpnclient connect auto group 2 key secret-password mode ...client peer 192.168.100.1 ! Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel username Cisco password 0 Cisco ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! crypto isakmp client configuration group rtr-remote key secret-password dns 10....