Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement General IPSec Configurations for IPSec Networks
SC-91
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
DETAILED STEPS
Configuring Crypto Profiles
This task configures static or dynamic crypto profiles.
SUMMARY STEPS
1. configure
2. crypto ipsec profile name
3. match acl-name transform-set transform-set-name
4. set pfs {group1 | group2 | group5}
5. set type {static | dynamic}
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto ipsec transform-set name
transform-set submode transform protocol
transform-set submode mode {transport | tunnel}
Example:
RP/0/RP0/CPU0:router(config)# crypto ipsec
transform-set new
RP/0/RP0/CPU0:router(config-transform-set new)#
transform esp-sha-hmac
Defines a transform set.
• Complex rules define which entries you can use for the
transform arguments. These rules are explained in the
command description for the crypto ipsec
transform-set command.
Step 3
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-transform-set
new)#
end
or
RP/0/RP0/CPU0:router(config-transform-set new)#
commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
–
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
–
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
To Next Page
Loading...
Need help?
General
