Manual

ManualsBrandsCisco ManualsGatewaysCisco ASR 5500

SecGW Administration Guide, StarOS Release 17 ▄

iii

CONTENTS

About this Guide ............................................................................................... vii

Conventions Used .................................................................................................................................. viii

Documents and Resources ......................................................................................................................ix

Related Common Documentation ....................................................................................................... ix

ASR 9000 Documentation ................................................................................................................... ix

Obtaining Cisco Documentation .......................................................................................................... ix

Contacting Customer Support .................................................................................................................. x

Security Gateway Overview ............................................................................. 11

Product Overview ................................................................................................................................... 12

ASR 9000 VSM .................................................................................................................................. 12

VSM Resource Mapping to VPC-VSM VMs ...................................................................................... 14

VPC-VSM ........................................................................................................................................... 16

SecGW Application ............................................................................................................................ 17

Key Features .................................................................................................................................. 17

IPSec Capabilities .......................................................................................................................... 17

Reverse Route Injection ................................................................................................................. 18

SecGW Management ..................................................................................................................... 18

oneP Communication ......................................................................................................................... 18

ASR 9000 VSM IPSec High Availability ................................................................................................. 19

Process Recovery .............................................................................................................................. 19

VSM-to-VSM ICSR 1:1 Redundancy ................................................................................................. 20

Chassis-to-Chassis ICSR Redundancy ............................................................................................. 20

HA Configuration ................................................................................................................................ 20

Network Deployment .............................................................................................................................. 21

Remote Access Tunnels .................................................................................................................... 21

Site-to-Site Tunnels ............................................................................................................................ 21

Packet Flow ............................................................................................................................................ 22

Standards ............................................................................................................................................... 24

Compliant ........................................................................................................................................... 24

Non-compliant .................................................................................................................................... 24

Standards ....................................................................................................................................... 24

Hashed Message Authentication Codes ........................................................................................ 25

Encryption Algorithms .................................................................................................................... 25

Certificates ..................................................................................................................................... 25

SecGW Service Creation .................................................................................. 27

Prerequisites ........................................................................................................................................... 28

VPC-VSM Installation ......................................................................................................................... 28

Network Interfaces ............................................................................................................................. 28

SecGW Configuration Sequence ........................................................................................................... 29

Crypto Templates ................................................................................................................................... 30

Access Control Lists ............................................................................................................................... 32

WSG Service Configuration.................................................................................................................... 33

WSG Service ...................................................................................................................................... 33

Bind Address and Crypto Template ............................................................................................... 33

Deployment Mode .......................................................................................................................... 34