EasyManuals Logo

Cisco IOS XR User Manual

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #123 background imageLoading...
Page #123 background image
Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement General IPSec Configurations for IPSec Networks
SC-111
Cisco IOS XR System Security Configuration Guide
Step 6
set transform-set
transform-set-name
Example:
RP/0/0/CPU0:router(config-new)# set
transform-set ts1
Specifies a list of transform sets in priority order. The set
transform-set command is used in profiles that are
attached to service-gre interfaces. The description for this
command is similar to the match transform-set command
but used on a different interface.
Note You can configure up to five different
transform-sets.
Use the transform-set-name argument to name the
transform-set. The maximum characters is 32.
Step 7
reverse-route
Example:
RP/0/0/CPU0:router(config-new)# reverse-route
Creates source proxy information for a crypto profile entry.
Step 8
set security-association idle-time
seconds
Example:
RP/0/0/CPU0:router(config-new)# set
security-association idle-time 800
Specifies the maximum time in which the current peer can
be idle before the default peer is used.
• Use the seconds argument to specify the number of
seconds for which the current peer can be idle before
the default peer is used. The valid values are 600 to
86400.
Step 9
set security-association lifetime seconds
seconds
kilobytes
kilobytes
Example:
RP/0/0/CPU0:router(config-new)# set
security-association lifetime seconds 2700
RP/0/0/CPU0:router(config-new)# set
security-association lifetime kilobytes 2304000
Overrides (for a particular crypto profile entry) the global
lifetime value, which is used when negotiating IP Security
security associations.
The example shows how to shorten lifetimes to reduce the
risk that the keys could be compromised. The timed lifetime
is shortened to 2700 seconds (45 minutes), and the
traffic-volume lifetime is shortened to 2,304,000 KB (10
MBps for 30 minutes).
• Use the seconds keyword to specify the number of
seconds a security association lives before expiring.
The range is from 120 to 86400.
• Use the kilobytes keyword to specify the volume of
traffic (in kilobytes) that can pass between IPSec peers
using a given security association before that security
association expires. The range is from 2560 to
536870912.
Step 10
set security-association replay disable
Example:
RP/0/0/CPU0:router(config-new)# set
security-association replay disable
Disables replay checking for a particular crypto profile.
Command or Action Purpose

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General IconGeneral
Operating SystemCisco IOS XR
ArchitectureMicrokernel
High AvailabilityYes
TypeNetwork operating system
Developed byCisco Systems
LicenseProprietary
Programming LanguageC, C++
KernelQNX
Supported PlatformsCisco ASR9000, NCS series
Security FeaturesRole-Based Access Control (RBAC), Secure Boot, Encryption
Management InterfaceCLI, SNMP, NETCONF, RESTCONF
Release Date2004
Target DevicesHigh-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported HardwareCisco routers and switches
Networking ProtocolsBGP, OSPF, IS-IS, MPLS
Virtualization SupportVirtualization-ready, supports network function virtualization (NFV) and containerization technologies.

Related product manuals