Filter
Top Products
3 Interfaces
3-18
VPN 3000 Concentrator Series User Guide
Filter
The filter governs the handling of data packets through this interface: whether to forward or drop,
according to configured criteria. Cisco supplies three default filters that you can modify and use with the
VPN Concentrator. You can configure filters on the
Configuration | Policy Management | Traffic Management
screens.
Click the drop-down menu button and select the filter to apply to this interface:
1. Private (Default) = Allow all packets except source-routed IP packets.
2. Public (Default) = Allow inbound and outbound tunneling protocols plus ICMP and VRRP. Allow
fragmented IP packets. Drop everything else, including source-routed packets.
3. External (Default) = No rules applied to this filter. Drop all packets.
–None– = No filter applied to the interface, which means there are no restrictions on data packets.
–Make copy of filter 2 (public)– = Make and apply a copy of the 2. Public (Default) filter. The system
names this filter
WAN filter n, where n is the next available filter number (usually 4). It is a copy of
the current
2. Public (Default) filter with all its parameters and rules except any Apply IPSec
(LAN-to-LAN) rules. See
Configuration | Policy Management | Traffic Management | Filters.
Other filters that you have configured also appear in this menu.
We recommend that you accept the default
–Make copy of filter 2 (public)–, especially when you initially
configure this interface. You can select this option only when you initially configure this interface. If
you select a different option initially and decide later to use the public filter, you must manually make a
copy of the public filter and assign it to the interface.
Figure 3-9: Configuration | Interfaces | WAN Card in Slot N | Port A B as T1 or E1 screen, RIP tab
RIP Parameters tab
RIP is a routing protocol that routers use for messages to other routers, to determine network
connectivity, status, and optimum paths for sending data traffic. RIP uses distance-vector routing
algorithms, and it is an older protocol that generates more network traffic than OSPF. The VPN
Concentrator includes IP routing functions that support RIP versions 1 and 2. Many private networks
with simple topologies still use RIPv1, although it lacks security features. RIPv2 is generally considered
the preferred version; it includes functions for authenticating other routers, for example.