SC-91
Cisco IOS XR System Security Configuration Guide
Implementing IPSec Network Security on
Cisco IOS XR Software
IP Security (IPSec) provides security for transmission of sensitive information over unprotected
networks such as the Internet. IPSec acts at the network layer, protecting and authenticating IP packets
between participating IPSec devices (“peers”), such as Cisco routers.
With IPSec, data can be sent across a public network without observation, modification, or spoofing,
which enables applications, such as Virtual Private Networks (VPNs), including intranets, extranets, and
remote user access.
IPSec for Cisco IOS XR supports the following two types of traffic:
• IPSec for locally sourced traffic or traffic terminated on the router. This mode is supported on both
Cisco CRS-1 and Cisco XR 12000 Series Router. Either tunnel-ipsec interfaces or a transport entity
are used. This type is also called software-based IPSec.
• IPSec for transit traffic is supported on the Cisco XR 12000 Series Router IPSec VPN SPA. This
mode is also called hardware-based IPSec. Both service-ipsec and service-gre interfaces are used
for this type.
This module describes the tasks that you need to implement IPSec network security on your
Cisco IOS XR network.
Note For a complete description of the IPSec network security commands used in this chapter, see the IPSec
Network Security Commands on Cisco IOS XR Software module of the Cisco IOS XR System Security
Command Reference publication. To locate documentation of other commands that appear in this
chapter, use the command reference master index, or search online.
Feature History for Implementing IPSec Network Security on Cisco IOS XR Software
Release Modification
Release 2.0 This feature was introduced on the Cisco CRS-1.
Release 3.0 No modification.
Release 3.2 Support was added for the Cisco XR 12000 Series Router.
Release 3.3.0 No modification.
To Next Page
Loading...
Need help?
General
