Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Implementing IPSec Network Security on Cisco IOS XR Software

How to Implement General IPSec Configurations for IPSec Networks

SC-115

Cisco IOS XR System Security Configuration Guide

Configuring the IPSec Antireplay Window: Expanding and Disabling

This section contains the following tasks:

• Configuring the IPSec Antireplay Window: Expanding and Disabling Globally, page SC-116

(optional)

• Disabling IPSec Replay Checking on a Crypto Profile, page SC-117 (optional)

Example:

RP/0/0/CPU0:router(config)# interface service-ipsec

RP/0/0/CPU0:router(config-if)# crypto ipsec df-bit

clear

RP/0/0/CPU0:router(config-if)# crypto ipsec df-bit

clear

Use the crypto ipsec df-bit command in global

configuration mode and service-ipsec interface

configuration mode.

• (Optional) Use the clear keyword to specify

that the outer IP header has the DF bit cleared

and the router can fragment the packet to add

the IPSec encapsulation.

• (Optional) Use the set keyword to specify that

the outer IP header has the DF bit set; however,

the router can fragment the packet if the original

packet had the DF bit cleared.

• (Optional) Use the copy keyword to specify that

the router looks in the original packet for the

outer DF bit setting. The copy keyword is the

default setting.

Step 3

end

commit

Example:

RP/0/0/CPU0:router(config-if)# end

RP/0/0/CPU0:router(config-if)# commit

Saves configuration changes.

• When you issue the end command, the system

prompts you to commit changes:

Uncommitted changes found, commit them

before exiting(yes/no/cancel)?

[cancel]:

–

Entering yes saves configuration changes to

the running configuration file, exits the

configuration session, and returns the

router to EXEC mode.

–

Entering no exits the configuration session

and returns the router to EXEC mode

without committing the configuration

changes.

–

Entering cancel leaves the router in the

current configuration session without

exiting or committing the configuration

changes.

• Use the commit command to save the

configuration changes to the running

configuration file and remain within the

configuration session.

Command or Action Purpose

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.