EasyManuals Logo

Cisco IOS XR User Manual

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #122 background imageLoading...
Page #122 background image
Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement General IPSec Configurations for IPSec Networks
SC-110
Cisco IOS XR System Security Configuration Guide
11. set session-key inbound ah spi hex-key-data
12. set session-key inbound esp spi {cipher hex-key-data authentication hex-key-data}
13. set session-key outbound ah spi hex-key-data
14. set session-key outbound esp spi {cipher hex-key-data authentication hex-key-data}
15. exit
16. end
or
commit
17. show crypto ipsec sa [sa-id | peer ip-address | profile profile-name | detail | fvrf fvrf-name | ivrf
ivrf-name | location location]
18. show crypto ipsec summary
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto ipsec profile
name
Example:
RP/0/0/CPU0:router(config)# crypto ipsec
profile new
Creates the IPSec profile and enters profile configuration
mode.
Step 3
match
acl-name
transform-set
transform-set-name
Example:
RP/0/0/CPU0:router(config-new)# match sampleacl
transform-set tset1
Configures the ACL to use for packet classification, and if
the packets need protecting, the transform set to use for
IPSec processing.
Note You can configure up to five different
transform-sets.
The match transform-set command is used in profiles that
are attached to service-ipsec interfaces, tunnel-ipsec
interfaces, and transport. The description for this command
is similar to the set transform-set command but used on a
different interface.
Step 4
set pfs {group1 | group2 | group5}
Example:
RP/0/0/CPU0:router(config-new)# set pfs group5
(Optional) Specifies that IPSec should ask for perfect
forward secrecy (PFS) when requesting new security
associations for this crypto profile entry, or should demand
PFS in requests received from the IPSec peer.
Step 5
set type {static | dynamic}
Example:
RP/0/0/CPU0:router(config-new)# set type
dynamic
(Optional) Sets the profile mode type.
Default is static mode, which means that the peer is
identified in the configuration.
Dynamic mode lets the profile be dynamic, which
means that SA negotiation from any authenticated peer
is allowed.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General IconGeneral
Operating SystemCisco IOS XR
ArchitectureMicrokernel
High AvailabilityYes
TypeNetwork operating system
Developed byCisco Systems
LicenseProprietary
Programming LanguageC, C++
KernelQNX
Supported PlatformsCisco ASR9000, NCS series
Security FeaturesRole-Based Access Control (RBAC), Secure Boot, Encryption
Management InterfaceCLI, SNMP, NETCONF, RESTCONF
Release Date2004
Target DevicesHigh-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported HardwareCisco routers and switches
Networking ProtocolsBGP, OSPF, IS-IS, MPLS
Virtualization SupportVirtualization-ready, supports network function virtualization (NFV) and containerization technologies.

Related product manuals