The CiscoView Device Manager Version 1.1 for the Cisco® Catalyst® 6500 Series IPSec VPN Services Module (VPNSM) isadevice-management software application that helps users to easily configure IP Security (IPSec) VPN services ontheir VPNSM. A task-based tool that allows users to take advantage of the versatility of their VPNSM, it offers configuration wizards based on best practices in tasks such as setting up basic site-to-site VPN links. CiscoView Device Manager is a free embedded manager that resides in the Catalyst 6500 Series Switch flash memory.
KEY FEATURES AND BENEFITS
The Next Generation of Device-Embedded Solutions
The Cisco Catalyst 6500 Series IPSec VPN Services Module is a feature-rich VPN solution from Cisco Systems®. Managing this module requires a high level of awareness of the command-line interface (CLI) for users to take advantage of the VPNSM's versatility. Typical challenges faced by users include creating basic site-to-site VPN tunnels, configuring crypto maps, and configuring the remote-access VPN server.
The CiscoView Device Manager 1.1 for the VPNSM manages most of the IPSec VPNSM features and helps users to accomplish these tasks with ease. CiscoView Device Manager offers the following features:
• Customizable initial setup wizards
• Comprehensive configuration of IPSec VPN services using a single tool
CiscoView Device Manager 1.1 for the VPNSM (Figure 1) offers the following broad capabilities:
• Basic site-to-site VPN configuration
• Dynamic crypto map configuration
• Remote access server configuration
• VPN status and statistics
Figure 1. CiscoView Device Manager 1.1 for the VPNSM Home Page
Basic VPN configuration entails configuring the following through CiscoView Device Manager:
• Crypto Maps
• Transform sets
• Internet Key Exchange (IKE) policies (using only pre-shared keys)
• Pre-shared keys
• ACLs
CiscoView Device Manager users will also be able to configure the following advanced features:
• Remote access server configuration
• Dynamic crypto maps
• Dead Peer Detection (DPD)
• Reverse Route Injection (RRI) configuration
• Hot Standby Router Protocol (HSRP)
• Generic routing encapsulation (GRE) tunnel and tunnel protection
Figure 2 shows statistics that consist of the result of all "show crypto" commands.
Figure 2. IPSec VPN Statistics
Remote Access Server Configuration
In remote access VPN, a remote device contacts a central-site router or concentrator, and provides authentication credentials. If the credentials are valid, the central site "pushes" configuration data securely to the remote device and VPN is established.
CiscoView Device Manager supports the configuration policy lookup using authentication, authorization, and accounting (AAA). It can also help users to configure and edit group policy information for individual groups. CiscoView Device Manager supports the configuration of Apply mode and Xauth. Figure 3 shows the setup of VPN crypto configurations.
Figure 3. Remote Access VPN Configuration
Crypto Maps
CiscoView Device Manager allows users to create crypto maps, thus helping them to set up policies for encrypting connections. It also helps users to tie crypto maps to transform sets, ACLs, and peer information. CiscoView Device Manager can manage all the algorithms supported by the IPSec VPNSM. CiscoView Device Manager also supports the creation of dynamic crypto maps where some parameters are negotiated during the VPN tunnel setup (Figure 4).
Figure 4. Crypto Maps
IKE Policies
CiscoView Device Manager can configure IKE policies for security association negotiation. CiscoView Device Manager only supports IKE policies with pre-shared keys.
Transform Sets
CiscoView Device Manager can configure transform sets, which decide what algorithm to use for tunnel or transport-mode setup. This involves algorithms for encryption and data integrity.
Pre-Shared Keys
CiscoView Device Manager allows users to effectively manage their pre-shared keys by enabling them to configure, modify, and delete them.
Access Control Lists
CiscoView Device Manager supports the creation of named and numbered ACLs for all protocols supported by the VPNSM such as IP, TCP, UDP, GRE, Interior Gateway Routing Protocol (IGRP), and Internet Control Message Protocol (ICMP). Besides enabling users to group ACLs according to their usage, CiscoView Device Manager also helps them to carry out basic semantic checks of ACLs.
Dead Peer Detection
CiscoView Device Manager supports the configuration of the frequency of DPD keepalives which are sent to make sure the VPN peer is available in site-to-site VPNs.
Reverse Route Injection Configuration
CiscoView Device Manager supports the enabling of Reverse Route Injection (RRI) in crypto maps, which is used to populate the routing table of an internal router running Open Shortest Path First (OSPF) protocol or Routing Information Protocol (RIP) for remote VPN clients or LAN-to-LAN sessions.
Hot Standby Routing Protocol
By supporting Hot Standby Routing Protocol (HSRP), CiscoView Device Manager helps to achieve near-100 percent network uptime through IP network redundancy, by helping ensure that user traffic immediately and transparently recovers from first-hop failures in network-edge devices or access circuits. CiscoView Device Manager supports the configuration of HSRP groups on crypto maps and interfaces, setting up alternate router IP addresses and configuration of priorities.
GRE Tunnel and Tunnel Protection
CiscoView Device Manager supports configuration of one end of a GRE tunnel, creation of a mirror configuration for the VPN peer, and enabling VPN on GRE tunnel (Start encryption) (Figure 5).
Figure 5. Remote Access VPN Setup
Table 1 lists the system specifications for the CiscoView Device Manager 1.1 for the VPNSM, and Table 2 lists the Cisco IOS® Software releases that are supported.
Table 1. System Specifications for CiscoView Device Manager 1.1 for the VPNSM
Note: CiscoView Device Manager 1.1 for the Cisco Catalyst 6500 Series Switch supports native-mode deployments only.
ORDERING INFORMATION
CiscoView Device Manager for the Cisco Catalyst 6500 Series IPSec VPN Services Module is part of the CiscoView Device Manager suite of device-embedded management applications. These management solutions are available as downloadable files from Cisco.com or as part of the purchase of a Cisco Catalyst 6500 Series Switch through regular Cisco sales and distribution channels worldwide.
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services.
FOR MORE INFORMATION
For more information about the CiscoView Device Manager applications, visit http://www.cisco.com/go/cvdm or contact your local Cisco account representative or send an e-mail to the Product Marketing group at ciscoworks@cisco.com.
