Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Implementing IPSec Network Security on Cisco IOS XR Software

How to Implement General IPSec Configurations for IPSec Networks

SC-112

Cisco IOS XR System Security Configuration Guide

Step 11

set session-key inbound ah

spi hex-key-data

Example:

RP/0/0/CPU0:router(config-new)# set session-key

inbound ah 300

1111111111111111111111111111111111111111

(Optional) Manually specifies the IP Security session keys

to set the inbound IPSec session key for the Authentication

Header (AH) protocol.

The length of the keys should match the encryption or

authentication method that is specified in the transform-set.

• Use the spi argument to specify the security parameter

index (SPI), a number that uniquely identifies a

security association. The SPI is an arbitrary number

you assign in the range of 256 to 4,294,967,295 (FFFF

FFFF).

• Use the hex-key-data argument to specify the session

key; enter in hexadecimal format. This is an arbitrary

hexadecimal string of 8, 16, or 20 bytes.

Step 12

set session-key inbound esp

spi

{cipher

hex-key-data

authentication

hex-key-data

}

Example:

RP/0/0/CPU0:router(config-new)# set session-key

inbound esp 300 cipher 0123456789012345

authentication

0000111122223333444455556666777788889999

(Optional) Manually specifies the IP Security session key to

set the inbound IPSec session key for Encapsulation

Security Protocol (ESP).

The length of the keys should match the encryption or

authentication method that is specified in the transform-set.

• Use the spi argument to specify the SPI, a number that

is used to uniquely identify a security association. The

SPI is an arbitrary number you assign in the range of

256 to 4,294,967,295 (FFFF FFFF).

• Use the cipher keyword to specify the key string to be

used with the ESP encryption transform.

• Use the hex-key-data argument to specify the session

key; enter in hexadecimal format. This is an arbitrary

hexadecimal string of 8, 16, or 20 bytes.

• Use the authentication keyword to specify that the key

string is used with the ESP authentication transform.

The authentication keyword is required only when the

transform set includes an ESP authentication

transform.

Step 13

set session-key outbound ah

spi hex-key-data

Example:

RP/0/0/CPU0:router(config-new)# set session-key

outbound ah 300

fedcbafedcbafedcbafedcbafedcbafedcbafedc

(Optional) Manually specifies the IP Security session key to

set the outbound IPSec session key for the AH protocol.

The length of the keys should match the encryption or

authentication method that is specified in the transform-set.

• Use the spi argument to specify the security parameter

index (SPI), a number that uniquely identifies a

security association. The SPI is an arbitrary number

you assign in the range of 256 to 4,294,967,295 (FFFF

FFFF).

• Use the hex-key-data argument to specify the session

key; enter in hexadecimal format. This is an arbitrary

hexadecimal string of 8, 16, or 20 bytes.

Command or Action Purpose

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.