Name: Cisco 2911
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

149

Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide

Chapter Configuring Security Features

Configuring Dynamic Multipoint VPN

! VLAN 1 is the internal home network.

interface vlan 1

ip address 10.1.1.1 255.255.255.0

ip nat inside

ip inspect firewall in ! Inspection examines outbound traffic.

crypto map static-map

no cdp enable

! FE4 is the outside or Internet-exposed interface

interface fastethernet 4

ip address 210.110.101.21 255.255.255.0

! acl 103 permits IPsec traffic from the corp. router as well as

! denies Internet-initiated traffic inbound.

ip access-group 103 in

ip nat outside

no cdp enable

crypto map to_corporate ! Applies the IPsec tunnel to the outside interface.

! Utilize NAT overload in order to make best use of the

! single address provided by the ISP.

ip nat inside source list 102 interface Ethernet1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 210.110.101.1

no ip http server

! acl 102 associated addresses used for NAT.

access-list 102 permit ip 10.1.1.0 0.0.0.255 any

! acl 103 defines traffic allowed from the peer for the IPsec tunnel.

access-list 103 permit udp host 200.1.1.1 any eq isakmp

access-list 103 permit udp host 200.1.1.1 eq isakmp any

access-list 103 permit esp host 200.1.1.1 any

! Allow ICMP for debugging but should be disabled because of security implications.

access-list 103 permit icmp any any

access-list 103 deny ip any any ! Prevents Internet-initiated traffic inbound.

! acl 105 matches addresses for the IPsec tunnel to or from the corporate network.

access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255

no cdp run

Configuring Dynamic Multipoint VPN

The Dynamic Multipoint VPN (DMVPN) feature allows users to better scale large and small IP

Security (IPsec) VPNs by combining GRE tunnels, IPsec encryption, and Next Hop Resolution Protocol

(NHRP).

For additional information about configuring DMVPN, see the “Dynamic Multipoint VPN” section of

Cisco IOS Security Configuration Guide: Secure Connectivity, Release 12.4T at:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/12_4t/

sec_secure_connectivity_12_4t_book.html.

Cisco 2911 Specifications

General

Ethernet LAN	Yes
Cabling technology	10/100/1000Base-T(X)
Networking standards	IEEE 802.1Q, IEEE 802.1ag, IEEE 802.3, IEEE 802.3ab, IEEE 802.3af, IEEE 802.3ah, IEEE 802.3u
Ethernet LAN data rates	10, 100, 1000 Mbit/s
Ethernet interface type	Gigabit Ethernet
DHCP client	-
Routing protocols	BGP, EIGRP, OSPF
Supported protocols	IPv4, IPv6, IS-IS, IGMPv3, PIM SM, SSM, DVMRP, IPSec, GRE, BVD, MPLS, L2TPv3, PPP, MLPPP, MLFR, HDLC, RS-232, RS-449, X.21, V.35, EIA-530, PPPoE, ATM
USB version	2.0
RS-232 ports	1
Expansion slots	4 x EHWIC 2 x DSP 1 x ISM
USB ports quantity	2
Ethernet LAN (RJ-45) ports	3
Firewall security	Cisco IOS
Input current	2.2 A
AC input voltage	100 - 240 V
Power source type	AC
AC input frequency	47 - 63 Hz
Power consumption (typical)	50 W
Product color	Black
Rack capacity	2U
Operating altitude	0 - 4000 m
Non-operating altitude	0 - 4570 m
Storage temperature (T-T)	-40 - 80 °C
Operating temperature (T-T)	0 - 40 °C
Storage relative humidity (H-H)	5 - 95 %
Operating relative humidity (H-H)	5 - 85 %
Safety	UL 60950-1, CAN/CSA C22.2 No. 60950-1, EN 60950-1, AS/NZS 60950-1, IEC 60950-1
Electromagnetic compatibility	47 CFR, ICES-003, EN55022, CISPR22, AS/NZS 3548, VCCI V-3, EN 300-386, EN 61000, EN 55024, CISPR 24EN50082-1

Weight and Dimensions

Depth	304.8 mm
Width	438.2 mm
Height	88.9 mm
Weight	8200 g

Cisco 2911 Configuration Guide

Table of Contents

Other manuals for Cisco 2911

Questions and Answers:

Cisco 2911 Specifications

Related product manuals