Index

A B C D E F G H I J K L M N O P Q R S T U W X

AAA
and Mobile IP home agent
access lists, BGP
access lists, IP
monitoring
redirecting traffic with null interface instead
redistributing access routes
redistributing access-internal routes
redistributing static routes
access-list command    1, 2, 3
adjustment-factor command
aggregation flow caches
configuring
ANCP (Access Node Control Protocol)
adjusting downstream rates
monitoring
overview
ANCP commands
clear l2c neighbor
id
l2c
l2c end-user-id
l2c ip listen
l2c ip oif
l2c line-configuration
l2c max-branches
l2c peer-attachment-id
max-branches
neighbor
qos-adaptive-mode
session-timeout
AS-path attribute
authentication
Mobile IP home agent
authentication commands
authentication    1, 2

baseline commands
baseline ip
baseline ip mobile home-agent
baseline ip tunnel-reassembly
baseline, setting
Mobile IP home agent
tunnel reassembly
BFD (Bidirectional Forwarding Detection)
BGP peer reachability detection
license
liveness detection
liveness detection interval, negotiating the
transmit interval, negotiating the
BFD commands
clear bfd session
clear ipv6 bfd session
show license bfd
BGP (Border Gateway Protocol)
BFD
clearing IP routing table
reinstalling routes in IP routing table
well-known communities
Bidirectional Forwarding Detection.     See BFD

cache flow, IP
monitoring    1, 2
certificate revocation list.     See CRL
checksum computation    1, 2
clear commands
clear ip mobile binding
clear l2c neighbor
clear ip commands
clear ip prefix-list    1, 2
clear ip prefix-tree
clear ip routes
clearing L2C neighbors
communities, BGP
community lists, BGP
conventions
notice icons
text and syntax
CRL (certificate revocation list)
checking
viewing
customer support
contacting JTAC

dead peer detection.     See DPD
default-information originate command
destination profiles
configuring
monitoring    1, 2
destruct timeout period for single-shot tunnels
digital certificates
authenticating the peer
base64
CA hierarchy
certificate chains
checking CRLs
configuring
file extensions
generating private/public key pairs
monitoring
obtaining a public key certificate
obtaining a root CA certificate
obtaining public keys without    1, 2
offline configuration
offline enrollment
online configuration
online enrollment
overview
signature authentication
standards
viewing    1, 2, 3, 4
X.509v3
documentation set
comments on
DPD (dead peer detection)
DVMRP (Distance Vector Multicast Routing Protocol)
reassembly of tunnel packets
tunnels
dvmrp destination profile command
DVMRP with IPSec
how it works
setting up secure connection
dynamic IP tunnels
configuring
monitoring
overview
dynamic tunnels

enable commands
enable ipsec-transport
enable ipsec-transport command
endpoints, tunnel

filter lists, BGP
filtering
AS paths
network prefixes
undesirable traffic
flow statistics commands
cache entries
cache timeout
enabled
export destination
export source    1, 2
ip flow-aggregation cache
mask destination
FQDN (fully qualified domain name)
aggressive mode
user@fqdn format
with digital certificates
with preshared keys
fully qualified domain name.     See FQDN

GRE (Generic Routing Encapsulation)
reassembly of tunnel packets
tunnels
gre destination profile command
GRE with IPSec
how it works
setting up secure connection

home agent, Mobile IP. See Mobile IP home agent

idle timeout period for single-shot tunnels
IKE (Internet Key Exchange)
aggressive mode characteristics
aggressive mode negotiations
authentication without digital certificates    1, 2
initiator proposals and policy rules
main mode characteristics
overview
SA negotiation
using digital certificates
IKE commands
ike local-identity
ike peer-identity
IKE message notification type
IKE policies
authentication mode
Diffie-Hellman group
encryption algorithms
3DES
DES
hash function
MD5
SHA-1
IPSec tunnels
lifetime
priority
instance, route map
interface commands
interface null
interface tunnel
ipsec-transport keyword
interfaces
NAT, marking
internet community, BGP
Internet Key Exchange.     See IKE
invalid cookies, IPSec
IP
managing the routing table
IP addresses
prefix lists
prefix trees
ip commands
ip as-path access-list
ip bgp-community new-format
ip community-list
ip prefix-list    1, 2
ip prefix-tree    1, 2, 3
ip refresh-route
ip route
ip tunnel reassembly
IP flow
export
sampling
IP fragmentation
reassembling for tunnel packets
ip mobile commands     See also show ip mobile commands
ip mobile home-agent
ip mobile host
ip mobile profile
ip mobile secure foreign-agent
ip mobile secure host
ip nat commands     See also show ip nat commands
address
ip nat
ip nat inside source list
ip nat inside source static
ip nat outside source list
ip nat outside source static
ip nat pool
ip nat translation
ip nat translation max-entries
IP reassembly of tunnel packets
configuring
monitoring
IP security policies
IP tunnels
configuring
monitoring    1, 2
IP-in-IP tunnels    1, 2
IPSec (IP Security)     See also L2TP with IPSec
AH
AH processing
concepts
configuration
examples
tasks
configuring
IKE policy
IPSec parameters
tunnels
digital certificates
encapsulation modes
encapsulation protocols
ESP
ESP processing
invalid cookies
L2TP with IPSec    1, 2
license
monitoring
overview
packet encapsulation
protocol stack
reassembly of tunnel packets
remote access    1, 2
secure IP interfaces
security parameters
security parameters per policy type
tunnel destination endpoint
tunnel failover    1, 2
tunnel source endpoint
IPSec CA identity commands
crl
enrollment retry-limit
enrollment retry-period
enrollment url
ipsec ca identity
issuer-identifier
root proxy url
ipsec certificate commands
ipsec certificate-database refresh
ipsec certificate-request generate
ipsec commands     See also show ipsec commands
ipsec ca authenticate
ipsec ca enroll
ipsec ca identity
ipsec clear
ipsec crl    1, 2
ipsec identity
ipsec ike-policy-rule
ipsec isakmp-policy-rule
ipsec key generate    1, 2, 3
ipsec key manual pre-share
ipsec key pubkey-chain rsa
ipsec key zeroize    1, 2
ipsec lifetime
ipsec local-endpoint
ipsec option dpd
ipsec option nat-t
ipsec option tx-invalid-cookie
ipsec transform-set
key
masked-key
IPSec identity commands
common-name
country
domain-name
ipsec identity
organization
IPSec IKE policy commands
aggressive-mode    1, 2
authentication    1, 2, 3, 4
encryption
group
hash
ip address virtual-router
ipsec ike-policy-rule    1, 2, 3
ipsec isakmp-policy-rule    1, 2
lifetime
IPSec security parameters
in relation to IPSec interface
inbound SAs    1, 2
lifetime
lifetime for user SAs
manual versus signaled
negotiating transforms
operational VR
outbound SAs    1, 2
per IPSec policy type
perfect forward secrecy (PFS)    1, 2
transform combinations supported
transform sets    1, 2
transforms supported
transport VR    1, 2
IPSec transport local profile commands
pre-share
pre-share-masked
IPSec transport profile commands     See also show ipsec transport commands
application
ipsec transport profile
lifetime
local ip address
pfs group
transform-set
IPSec tunnel profile commands
domain-suffix
extended-authentication
ike local-identity
ike peer-identity
ip profile
ipsec tunnel profile
lifetime
local ip address
local ip identity
local ip network
max-interfaces
peer ip identity
pfs group
transform
tunnel mtu
IPSec tunnel profiles
IPv6
license
monitoring    1, 2

J-Flow commands
clear ip flow stats
ip flow statistics
ip flow-cache entries
ip flow-cache timeout active
ip flow-cache timeout inactive
ip flow-export
ip flow-sampling-mode packet-interval
ip route-cache flow sampled
J-Flow statistics, clearing

keepalive messages, NAT-T
key-string command
keys, public
displaying on router
format of
obtaining without digital certificates 1, 2

L2C (Layer 2 Control)     See ANCP (Access Node Control Protocol)
L2F, reassembly of tunnel packets
L2TP (Layer 2 Tunneling Protocol)
reassembly of tunnel packets
l2tp commands
l2tp destination profile    1, 2
l2tp ignore-receive-data-sequencing
L2TP with IPSec
client software supported
compatibility
configuring
client PC
E Series router    1, 2
IPSec transport profiles
L2TP destination profiles    1, 2
single-shot tunnels
control and data frames
group preshared key
how it works
LNS change of port
monitoring
NAT interactions
overview    1, 2
references
requirements
setting up secure connection
troubleshooting
tunnel creation
with PPP
license commands
license ipsec-tunnels
license mobile-ip home-agent
license nat
lifetime, IPSec    1, 2
limiting translation entries
local-as community, BGP
loopback interfaces    1, 2

manual IPSec interfaces
manuals
comments on
map tag, route map
match commands
and route maps
match as-paths
match community
match distance
match extcommunity    1, 2
match ip address    1, 2, 3, 4, 5
match ip next-hop    1, 2, 3, 4, 5
match level
match metric
match metric-type
match policy-list
match route-type
match tag
match-set summary prefix-tree    1, 2, 3
max-interfaces command
Mobile IP home agent     See also ip mobile commands
AAA
agent discovery
authentication
configuration prerequisites
configuring
home address assignment
licensing    1, 2, 3
monitoring
overview
platform considerations
references
registration
routing and forwarding
security associations
for foreign agents
for mobile nodes
subscriber management
MTU (maximum transmission unit)
IP tunnels

NAT (Network Address Translation)
access list rules, creating
address pools, defining
address translation
dynamic
inside source
outside source
static
bidirectional
configuration examples
configuration types
configuring
dynamic address translation, defining
dynamic inside source translation, creating
dynamic outside source translation, creating
interfaces, specifying inside and outside
license
monitoring
NAT-T
overview
passthrough mode
references
static address translation, defining
terms
inside global address
inside local address
outside global address
outside local address
timeouts, defining
translation entries, limiting
translation rules, defining
translations, clearing
NAT-T (Network Address Translation Traversal)
configuring
ipsec option nat-t command
keepalive messages
overview
show ike sa command
show ipsec ike-sa command
show ipsec option command
tasks
UDP encapsulation
UDP statistics
neighbor commands
neighbor distribute-list
neighbor filter-list    1, 2
neighbor prefix-list
neighbor prefix-tree
neighbor send-community
Network Address Translation Traversal.     See NAT-T
Network Address Translation.     See NAT
network prefixes, filtering
next-hop routers
setting or redistributing routes for
setting/redistributing routes for    1, 2
no-advertise community, BGP
no-export community, BGP
no-export-subconfed community, BGP
notice icons
null interface

OSPF (Open Shortest Path First)
clearing IP routing table
reinstalling routes in IP routing table

peer public keys
displaying on router
obtaining without digital certificates    1, 2
perfect forward secrecy
policy list
monitoring
prefix lists
prefix trees
prefixes
filtering network
preventing recursive tunnels
profile commands
profile
public keys
displaying on router
format of
obtaining without digital certificates    1, 2

qos-adaptive-mode command

recursive tunnels, preventing
redistribute command
redistribution policy (IP), monitoring
redundancy
tunnel server    1, 2
regular expressions and routing policy
AS-path lists
community lists
community number format
metacharacters
defined
specifying as literals
RIP (Routing Information Protocol)
clearing IP routing table
reinstalling routes in IP routing table
route maps
and routing policy
deny keyword
filtering incoming/outgoing routes with access lists
instance
map tag
match clause
monitoring
permit keyword
sequence number
set clause
route-map command
routing policy
community
community list
configuring
managing the routing table
monitoring
overview
prefix lists
prefix trees
route maps
troubleshooting
routing policy, BGP
access lists    1, 2
monitoring    1, 2
route maps
routing table
managing the IP
routing, IP     See also IP
monitoring    1, 2

secure IP interfaces
security parameters
sequence number, route map
Service Modules.     See SMs
set commands
and route maps
set as-path prepend
set automatic-tag
set comm-list delete
set community    1, 2
set dampening
set distance
set extcommunity    1, 2
set ip next-hop
set level
set local-preference
set metric
set metric-type
set origin
set route-class
set route-type
set tag
set weight
shared tunnel-server ports    1, 2, 3, 4, 5, 6
show access-list command
show adjustment-factor command
show bfd session command
show dvmrp commands
show dvmrp destination profile
show dvmrp tunnel    1, 2, 3
show dvmrp tunnel summary    1, 2
show gre commands
show gre destination profile
show gre tunnel    1, 2, 3
show gre tunnel summary    1, 2
show ike commands
show ike policy-rule
show ike sa    1, 2
show ip commands
show ip as-path-access-list
show ip cache flow
show ip cache flow aggregation
show ip community-list
show ip extcommunity-list
show ip prefix-list
show ip prefix-list detail
show ip prefix-list summary
show ip prefix-tree
show ip prefix-tree detail
show ip prefix-tree summary
show ip protocols
show ip redistribute
show ip route
show ip route slot
show ip static
show ip traffic
show ip tunnel reassembly statistics
show ip flow sampling command    1, 2
show ip match-policy-list command
show ip mobile commands     See also ip mobile commands
show ip mobile binding
show ip mobile home-agent
show ip mobile host
show ip mobile profile
show ip mobile secure foreign-agent
show ip mobile secure host
show ip mobile traffic
show ip nat commands
show ip nat inside rule
show ip nat outside rule
show ip nat statistics
show ip nat translations    1, 2
show ipsec commands
show ike certificates
show ike configuration
show ike identity
show ipsec ca identity
show ipsec certificates
show ipsec identity    1, 2
show ipsec ike-configuration
show ipsec ike-policy-rule
show ipsec ike-sa    1, 2
show ipsec key mypubkey rsa
show ipsec key pubkey-chain rsa
show ipsec lifetime
show ipsec local-endpoint
show ipsec option    1, 2
show ipsec transform-set
show ipsec tunnel detail
show ipsec tunnel summary
show ipsec tunnel virtual-router
show license ipsec-tunnels
show ipsec transport commands
show ipsec transport interface
show ipsec transport interface summary
show ipsec transport profile
show ipv6 commands
show license nat
show l2c commands
show l2c
show l2c label
show l2c neighbor
show l2c statistics    1, 2
show l2tp commands
show l2tp destination profile command
show license commands
show license mobile-ip home-agent
show route-map command
single-shot tunnels
configuring
handling timeout periods
monitoring
overview
single-shot-tunnel command
SMs (Service modules)
installing    1, 2, 3, 4
monitoring parameters
redundancy    1, 2
source, tunnel
static routes    1, 2
static tunnels
statistics, tunnel reassembly
displaying
setting baseline for
subscriber management
Mobile IP home agent
support, technical     See technical support

table-map command
IP    1, 2
technical support
contacting JTAC
text and syntax conventions
timeout periods for single-shot tunnels
traffic, IP
transform sets, IPSec
transport network
troubleshooting
DVMRP/IPSec, GRE/IPSec, and L2TP/IPSec tunnels
routing policy
tunnel commands
tunnel mdt profile
tunnel commands, IP
tunnel checksum    1, 2
tunnel destination    1, 2
tunnel mtu
tunnel sequence-datagrams
tunnel source    1, 2
tunnel commands, IPSec
tunnel destination
tunnel destination backup
tunnel lifetime
tunnel local-identity
tunnel mtu
tunnel peer-identity
tunnel pfs group
tunnel session-key-inbound
tunnel session-key-outbound
tunnel signaling
tunnel source
tunnel transform set
tunnel-server ports
shared    1, 2, 3
tunnels, IP
DVMRP
DVMRP (IP in IP)
dynamic
endpoints
GRE
reassembling tunnel packets
shared tunnel-server ports    1, 2, 3, 4, 5, 6
static
tunnels, IPSec monitoring
DVMRP/IPSec
GRE/IPSec
L2TP/IPSec
tunnels, single-shot
configuring
handling timeout periods
monitoring
overview

UDP (User Datagram Protocol)
encapsulation for NAT-T
statistics for NAT-T
updates, BGP
AS-path filters

well-known communities, BGP

X.509v3 certificates