Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for Implementing IPSec Network Security for Locally Sourced and Destined Traffic
SC-102
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
crypto ipsec transform-set myset2
transform esp-des esp-sha
Another transform set example is myset3, which uses 3DES encryption and MD5 (HMAC variant) for
data packet authentication:
crypto ipsec transform-set myset3
transform esp-3des esp-md5-hmac
A dynamic crypto profile named toRemoteSite is created and joins the IPSec access list and transform
set:
crypto ipsec profile toRemoteSite
match sample2 transform-set myset3
set type dynamic
end
The toRemoteSite profile is applied to a tunnel-ipsec interface:
interface tunnel-ipsec0
profile toRemoteSite
tunnel source 10.0.0.2
The tunnel destination is not required when the profile is dynamic.
Configuring a Static Profile and Attaching to Transport: Example
The following example shows a minimal IPSec configuration in which a static profile is created and
attached to a transport.
An IPSec access list named sample3 defines which traffic to protect:
ipv4 access-list sample3 permit ip 10.0.0.0 0.0.0.255 10.2.2.0 0.0.0.255
A transform set defines how the traffic is protected. In this example, transform set myset1 uses DES
encryption and SHA for data packet authentication:
crypto ipsec transform-set myset1
transform esp-des esp-sha
Another transform set example is myset2, which uses 3DES encryption and the MD5 (HMAC variant)
for data packet authentication:
crypto ipsec transform-set myset2
transform esp-3des esp-md5-hmac
A crypto profile named toRemoteSite is created and joins the IPSec access list and transform set:
crypto ipsec profile toRemoteSite
match sample3 transform-set myset2
end
The toRemoteSite profile is applied to a transport:
crypto ipsec transport
profile toRemoteSite
end
To Next Page
Loading...
Need help?
General
