Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Implementing IPSec Network Security on Cisco IOS XR Software

Contents

SC-92

Cisco IOS XR System Security Configuration Guide

Contents

• Prerequisites for Implementing IPSec Network Security, page SC-92

• Restrictions for Implementing IPSec Network Security, page SC-93

• Restrictions for Implementing IPSec Network with a Cisco IPSec VPN SPA, page SC-93

• Information About Implementing IPSec Networks, page SC-94

• Information About an IPSec Network with a Cisco IPSec VPN SPA on Cisco IOS XR Software,

page SC-101

• How to Implement General IPSec Configurations for IPSec Networks, page SC-104

• How to Implement IPSec Network Security for Locally Sourced and Destined Traffic, page SC-129

• How to Implement IPSec Network Security for VPNs, page SC-132

• Configuration Examples for Implementing IPSec Network Security for Locally Sourced Traffic and

Destined Traffic, page SC-140

• Configuration Examples for an IPSec Network with a Cisco IPSec VPN SPA, page SC-142

• Additional References, page SC-147

Prerequisites for Implementing IPSec Network Security

The following prerequisites are required to implement IPSec network security:

• You must be in a user group associated with a task group that includes the proper task IDs for

security commands. For detailed information about user groups and task IDs, see the Configuring

AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security

Configuration Guide.

• You must install and activate the Package Installation Envelope (PIE) for the security software.

For detailed information about optional PIE installation, see the Cisco IOS XR System Management

Configuration Guide.

Note For Cisco XR 12000 Series Router IPSec VPN SPA, you must install a service software PIE.

• You must configure Internet Key Exchange (IKE), as described in the Implementing Internet Key

Exchange Security Protocol on Cisco IOS XR Software module.

Release 3.4.0

• Support was added for Cisco XR 12000 Series Router IPSec VPN

SPA.

• The crypto ipsec chkpt-disabled command was removed; therefore,

the Configuring Checkpointing section was removed.

Release 3.5.0

• The Multiprotocol Label Switching (MPLS) Encapsulated Packets on

Inbound Direction feature was added.

• IPSec—SNMP support feature was added on the

Cisco XR 12000 Series Router IPSec VPN SPA.

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.