EasyManuals Logo
Home>Cisco>Network Router>CRS-1 - Carrier Routing System Router

Cisco CRS-1 - Carrier Routing System Router Configuration Guide

Cisco CRS-1 - Carrier Routing System Router
232 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #104 background imageLoading...
Page #104 background image
Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement IPSec Network Security for Locally Sourced and Destined Traffic
SC-98
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Be sure to define which packets to protect. If you must use the any keyword in a permit statement, you
must preface that statement with a series of deny statements to filter any traffic (that would otherwise
fall within that permit statement) that you do not want to be protected.
Applying Crypto Profiles to tunnel-ipsec Interfaces
This task applies a crypto IPsec profile to a tunnel-ipsec interface.
You must apply a crypto profile to each tunnel-ipsec interface through which IPSec traffic flows.
Applying the crypto profile set to a tunnel-ipsec interface instructs the router to evaluate all the
interface’s traffic against the crypto profile set and to use the specified policy during connection or SA
negotiation on behalf of traffic to be protected by crypto.
SUMMARY STEPS
1. configure
2. interface tunnel-ipsec interface-number
3. profile profile-name
4. tunnel source ip-address
5. tunnel destination ip-address
6. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure interface
Enters global configuration mode.
Step 2
interface tunnel-ipsec interface-number
Example:
RP/0/RP0/CPU0:router(config)# interface
tunnel-ipsec 0
Identifies the IPSec interface to which the crypto profile is
attached.
You can use the interface tunnel-ipsec command to enter
tunnel-ipsec interface configuration mode.
Step 3
profile profile-name
Example:
RP/0/RP0/CPU0:router(config-if)# profile
sample1
Specifies the crypto profile to use in IPSec processing.
The same crypto profile cannot be shared in different
IPSec modes.
Step 4
tunnel source ip-address
Example:
RP/0/RP0/CPU0:router(config-if)# tunnel source
10.0.0.2
Specifies the tunnel source IP address.
This command is required for both static and dynamic
profiles.

Table of Contents

Other manuals for Cisco CRS-1 - Carrier Routing System Router

Preview: Administration Guide
Administration Guide436 pages
Preview: Troubleshooting Guide
Troubleshooting Guide264 pages
Preview: Migration Guide
Migration Guide250 pages
Preview: Api Guide
Api Guide127 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco CRS-1 - Carrier Routing System Router and is the answer not in the manual?

Cisco CRS-1 - Carrier Routing System Router Specifications

General IconGeneral
BrandCisco
ModelCRS-1 - Carrier Routing System Router
CategoryNetwork Router
LanguageEnglish

Related product manuals