Cisco Cisco IOS Software Release 12.2(8)YJ
12
Release Notes for the Cisco 1700 Series Routers for Cisco IOS Release 12.2(8)YJ
OL-2792-02
New and Changed Information
•
Authenticating users—Making sure users are who they say they are, by way of usernames, group
names and passwords.
names and passwords.
•
Managing security keys for encryption and decryption.
•
Authenticating, encrypting, and decrypting data through the tunnel.
Release 12.2(8)YJ provides functionality for a Cisco 1700 series router to simultaneously act as a
Cisco Easy VPN client and as a VPN server (supporting VPN remote office extensions, such as a Unity
server) for Cisco VPN software clients.
Cisco Easy VPN client and as a VPN server (supporting VPN remote office extensions, such as a Unity
server) for Cisco VPN software clients.
Release 12.2(8)YJ provides functionality for a Cisco 1700 series router to simultaneously act as a
Cisco Easy VPN client and as a VPN server (supporting VPN remote office extensions, such as a unity
server) for Cisco VPN software clients.
Cisco Easy VPN client and as a VPN server (supporting VPN remote office extensions, such as a unity
server) for Cisco VPN software clients.
Release 12.2(8)YJ also supports the following IP Security functionality:
•
ACL Firewall interoperability with Easy VPN (
•
Configurable inside interface support (
)
•
DHCP server enhancements/DNS proxy (
•
Multiple WAN interface support (
)
•
NAT configuration restoration (
•
Peer hostname enhancements (
This functionality is supported in the images: IP Plus ADSL IPSec 3DES, IP Plus ADSL/FW/IDS IPSec
3DES, and IP Plus ADSL/IPX/AT/IBM/FW/IDS IPSec 3DES. For more information, see the
3DES, and IP Plus ADSL/IPX/AT/IBM/FW/IDS IPSec 3DES. For more information, see the
or the specific “Important Notes” sections listed above.
The related caveat numbers are provided in the parenthesis above.
The following sections and the section
describe the feature
enhancements for Cisco Easy VPN Client that are supported in Release 12.2(8)YJ:
•
•
Manual Tunnel Control Enhancement
In the initial release of the Cisco Easy VPN feature, the IPSec Virtual Private Network (VPN) tunnel is
automatically connected when the Easy VPN Client is configured on an interface. If the tunnel times out
or fails, the tunnel automatically reconnects and retries indefinitely.
automatically connected when the Easy VPN Client is configured on an interface. If the tunnel times out
or fails, the tunnel automatically reconnects and retries indefinitely.
The Cisco Easy VPN Client Phase II release adds support for manual control of the IPSec VPN tunnels,
so that you can establish and terminate the IPSec VPN tunnel on demand. Manual tunnel control is
enabled or disabled using the following command in Cisco Easy VPN Client configuration mode:
so that you can establish and terminate the IPSec VPN tunnel on demand. Manual tunnel control is
enabled or disabled using the following command in Cisco Easy VPN Client configuration mode:
router(config-crypto-ezvpn)# connect [auto | manual]
The auto setting is the default setting and matches the functionality of the initial release of the Cisco
Easy VPN Client feature. You do not need to use the connect command if you want to retain the
automatic configuration.
Easy VPN Client feature. You do not need to use the connect command if you want to retain the
automatic configuration.
To enable manual tunnel control, use the connect manual command in Cisco Easy VPN Client
configuration mode:
configuration mode:
router# config t
router(config)# crypto ipsec client ezvpn telecommuter-client
router(config-crypto-ezvpn)# connect manual
router(config-crypto-ezvpn)#