127
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Configuring Security Features
Cisco 3900 series, Cisco 2900 series, and Cisco 1900 series integrated services routers (ISRs) provide
the following security features:
• Configuring the Cryptographic Engine Accelerator, page 127
• Configuring SSL VPN, page 127
• Authentication, Authorization, and Accounting, page 128
• Configuring AutoSecure, page 128
• Configuring Access Lists, page 129
• Configuring Cisco IOS Firewall, page 130
• Zone-Based Policy Firewall, page 130
• Configuring Cisco IOS IPS, page 131
• Content Filtering, page 131
• Configuring VPN, page 131
• Configuring Dynamic Multipoint VPN, page 149
• Configuring Group Encrypted Transport VPN, page 150
Configuring the Cryptographic Engine Accelerator
Services Performance Engine 200 and Services Performance Engine 250 have an onboard cryptographic
engine accelerator that is shared between SSLVPN and IPSec protocols.
By default, acceleration of SSL is disabled so IPSec performance is maximized. To set up a router as an
SSLVPN gateway, enable hardware acceleration for SSLVPN with the crypto engine accelerator
bandwidth-allocation ssl fair command from global configuration mode. Issue the reload command.
Configuring SSL VPN
The Secure Socket Layer Virtual Private Network (SSL VPN) feature (also known as WebVPN) provides
support, in Cisco IOS software, for remote user access to enterprise networks from anywhere on the
Internet. Remote access is provided through a SSL–enabled SSL VPN gateway. The SSL VPN gateway
allows remote users to establish a secure VPN tunnel using a web browser. This feature provides a
To Next Page
Loading...
