Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement IPSec Network Security for VPNs
SC-133
Cisco IOS XR System Security Configuration Guide
Configuring IPSec Virtual Interfaces
These tasks configure IPSec virtual interfaces:
• Configuring Static IPSec Virtual Interfaces, page SC-133
• Configuring IPSec-Protected GRE Virtual Interfaces, page SC-136
Configuring Static IPSec Virtual Interfaces
This task configures static IPSec service virtual interfaces (SVIs).
SUMMARY STEPS
1. configure
2. interface service-ipsec number
3. profile profile-name
4. tunnel source ip-address
5. tunnel destination ip-address
6. tunnel vrf vrf-name
7. vrf vrf-name
8. ipv4 address ipv4-address mask [secondary]
9. service-location preferred-active location [preferred-standby location [auto-revert]]
10. end
or
commit
11. show route [vrf vrf name]
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Enters global configuration mode.
Step 2
interface service-ipsec
number
Example:
RP/0/0/CPU0:router(config)# interface service-ipsec
2
RP/0/0/CPU0:router(config-if)#
Creates a static IPSec SVI.
You can use the interface service-ipsec command
to enter service-ipsec interface configuration mode.
Step 3
profile
profile-name
Example:
RP/0/0/CPU0:router(config-if)# profile ipsec_profa
Specifies the crypto profile to use for IPSec
processing.
• Use the profile-name argument to define the
previous crypto profile to use. The character
range is from 1 to 32 characters.
To Next Page
Loading...
