Implementing IPSec Network Security on Cisco IOS XR Software
Information About an IPSec Network with a Cisco IPSec VPN SPA on Cisco IOS XR Software
SC-102
Cisco IOS XR System Security Configuration Guide
The following sample output is from the show diag command on the Cisco XR 12000 Series Router
IPSec VPN SPA installed in slot 1:
RP/0/0/CPU0:router# show diag
SLOT 1 (RP/LC 1): Cisco 12000 Series SPA Interface Processor-600
MAIN: type 117, 800-26102-01 rev B0 dev 0
HW config: 0x01 SW key: 00-00-00
PCA: 73-9863-02 rev B0 ver 8
HW version 1.0 S/N SAD092306A5
MBUS: Embedded Agent
Test hist: 0x00 RMA#: 00-00-00 RMA hist: 0x00
DIAG: Test count: 0x00000000 Test results: 0x00000000
FRU: Linecard/Module: 12000-SIP-600
Route Memory: MEM-LC5-1024=
Packet Memory: MEM-LC5-PKT-512=
L3 Engine: 5 - ISE OC192 (10 Gbps)
MBUS Agent Software version 2.49 (RAM) (ROM version is 3.6)
Using CAN Bus A
ROM Monitor version 17.1
Fabric Downloader version used 3.9 (ROM version is 3.9)
Primary clock is CSC1
Board State is IOS-XR RUN
Insertion time: Thu Jun 29 23:23:48 2006 (1w0d ago)
DRAM size: 1073741824 bytes
FrFab SDRAM size: 268435456 bytes
ToFab SDRAM size: 268435456 bytes
0 crashes since restart/fault forgive
SPA Information:
subslot 0/1/0: SPA-IPSEC-2G (0x3d7), status is ok
Information About Security for VPNs with IPSec
To implement security for VPNs with IPSec, you should understand the following concepts:
• IPSec Virtual Interfaces, page SC-102
• IPSec Load Balancing and High Availability, page SC-103
• VRF-aware IPSec, page SC-104
• MPLS Encapsulated Packets on Inbound Direction, page SC-104
• Reverse-Route Injection, page SC-100
IPSec Virtual Interfaces
IPSec virtual interfaces simplify configuration of IPSec for protection of remote links, support multicast,
and simplify network management and load balancing.
Table 5 SPA Hardware Description in show diag Command
SPA Description in show diag Command
SPA-IPSEC-2G SPA-IPSEC-2G (0x3d7)
To Next Page
Loading...
Need help?
General
