Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement General IPSec Configurations for IPSec Networks
SC-88
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Creating Crypto Access Lists
This task creates a crypto access list.
SUMMARY STEPS
1. configure
2. ipv4 access-list name
3. [sequence-number] permit {ipv4 | ipv4-protocol-number} {any | host source-ip | source-ip/prefix
| source-ip source-wildcard} {any | host destination-ip | destination-ip/prefix | destination-ip
destination-wildcard}
or
[sequence-number] permit {tcp | udp}{ any | host source-ip | source-ip/prefix | source-ip
source-wildcard}[eq port-number | gt port-number | lt port-number | neq port-number | range
port-number port-number] {any | host destination-ip | destination-ip/prefix | destination-ip
destination-wildcard} [eq port-number| gt port-number | lt port-number | neq port-number | range
port-number port-number]
4. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
ipv4 access-list name
Example:
RP/0/RP0/CPU0:router(config)# ipv4 access-list
InternetFilter
RP/0/RP0/CPU0:router(config-ipv4-acl)#
Creates an access list named “InternetFilter” and enters
IPv4 access list configuration mode.
Note Only IPv4 access list configuration mode is relevant
to creation of a crypto access list, not IPv6 access
list configuration mode.
To Next Page
Loading...
