EasyManua.ls Logo

Cisco IOS XR

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement General IPSec Configurations for IPSec Networks
SC-115
Cisco IOS XR System Security Configuration Guide
Configuring the IPSec Antireplay Window: Expanding and Disabling
This section contains the following tasks:
Configuring the IPSec Antireplay Window: Expanding and Disabling Globally, page SC-116
(optional)
Disabling IPSec Replay Checking on a Crypto Profile, page SC-117 (optional)
Example:
RP/0/0/CPU0:router(config)# interface service-ipsec
5
RP/0/0/CPU0:router(config-if)# crypto ipsec df-bit
clear
RP/0/0/CPU0:router(config-if)# crypto ipsec df-bit
clear
Use the crypto ipsec df-bit command in global
configuration mode and service-ipsec interface
configuration mode.
(Optional) Use the clear keyword to specify
that the outer IP header has the DF bit cleared
and the router can fragment the packet to add
the IPSec encapsulation.
(Optional) Use the set keyword to specify that
the outer IP header has the DF bit set; however,
the router can fragment the packet if the original
packet had the DF bit cleared.
(Optional) Use the copy keyword to specify that
the router looks in the original packet for the
outer DF bit setting. The copy keyword is the
default setting.
Step 3
end
or
commit
Example:
RP/0/0/CPU0:router(config-if)# end
or
RP/0/0/CPU0:router(config-if)# commit
Saves configuration changes.
When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to
the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
Command or Action Purpose

Table of Contents

Related product manuals