EasyManuals Logo
Home>Cisco>Network Router>CRS-1 - Carrier Routing System Router

Cisco CRS-1 - Carrier Routing System Router Configuration Guide

Cisco CRS-1 - Carrier Routing System Router
232 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #107 background imageLoading...
Page #107 background image
Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for Implementing IPSec Network Security for Locally Sourced and Destined Traffic
SC-101
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Configuration Examples for Implementing IPSec Network
Security for Locally Sourced and Destined Traffic
This section provides the following configuration examples:
Configuring a Static Profile and Attaching to a tunnel-ipsec Interface: Example, page 101
Configuring a Dynamic Profile and Attaching It to a tunnel-ipsec Interface: Example, page 101
Configuring a Static Profile and Attaching to Transport: Example, page 102
Configuring a Static Profile and Attaching to a tunnel-ipsec Interface: Example
The following example shows a minimal IPSec configuration where a static crypto profile is created and
attached to a tunnel-ipsec interface.
An IPSec access list named sample1 defines which traffic to protect:
ipv4 access-list sample1 permit ip 10.0.0.0 0.0.0.255 10.2.2.0 0.0.0.255
A transform set defines how the traffic is protected. In this example, transform set myset1 uses Data
Encryption Standard (DES) encryption and Secure Hash Algorithm (SHA) for data packet
authentication:
crypto ipsec transform-set myset1
transform esp-des esp-sha
Another transform set example is myset2, which uses 3DES encryption and the Message Digest 5 (MD5)
(Hashed Message Authentication Code [HMAC] variant) algorithm for data packet authentication:
crypto ipsec transform-set myset2
transform esp-3des esp-md5-hmac
A crypto profile named toRemoteSite is created and joins the IPSec access list and transform set:
crypto ipsec profile toRemoteSite
match sample1 transform-set myset1
end
The toRemoteSite crypto profile is then applied to a tunnel-ipsec interface:
interface tunnel-ipsec0
profile toRemoteSite
tunnel source 10.0.0.2
tunnel destination 10.0.0.5
Configuring a Dynamic Profile and Attaching It to a tunnel-ipsec Interface:
Example
The following example shows a minimal IPSec configuration where a dynamic crypto profile is created
and attached to a tunnel-ipsec interface.
An IPSec access list named sample2 defines which traffic to protect:
ipv4 access-list sample2 permit ip 10.0.0.0 0.0.0.255 10.2.2.0 0.0.0.255
A transform set defines how the traffic is protected. In this example, transform set myset2 uses DES
encryption and SHA for data packet authentication:

Table of Contents

Other manuals for Cisco CRS-1 - Carrier Routing System Router

Preview: Administration Guide
Administration Guide436 pages
Preview: Troubleshooting Guide
Troubleshooting Guide264 pages
Preview: Migration Guide
Migration Guide250 pages
Preview: Getting Started Guide
Getting Started Guide289 pages
Preview: Api Guide
Api Guide127 pages
Preview: Hardware Installation Guide
Hardware Installation Guide104 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco CRS-1 - Carrier Routing System Router and is the answer not in the manual?

Cisco CRS-1 - Carrier Routing System Router Specifications

General IconGeneral
BrandCisco
ModelCRS-1 - Carrier Routing System Router
CategoryNetwork Router
LanguageEnglish

Related product manuals