Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement IPSec Network Security for VPNs
SC-136
Cisco IOS XR System Security Configuration Guide
Configuring IPSec-Protected GRE Virtual Interfaces
This task configures IPSec-protected GRE service virtual interfaces.
SUMMARY STEPS
1. configure
2. interface service-gre number
3. profile profile-name
4. tunnel source {ip-address}
5. tunnel destination ip-address
6. tunnel vrf vrf-name
7. vrf vrf-name
8. ipv4 address ipv4-address mask [secondary]
9. service-location preferred-active location [preferred-standby location] [auto-revert]
10. end
or
commit
11. show route [vrf vrf name]
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Enters global configuration mode.
Step 2
interface service-gre
number
Example:
RP/0/0/CPU0:router(config)# interface service-gre 2
RP/0/0/CPU0:router(config-if)#
Creates a GRE service virtual interface.
You can use the interface service-gre command to
enter service-gre interface configuration mode
Step 3
profile
profile-name
Example:
RP/0/0/CPU0:router(config-if)# profile ipsec_profa
Specifies the crypto profile to use for IPSec
processing. For the service-gre interface, the IPSec
profile must be static.
• Use the profile-name argument to define the
previous crypto profile to use. The character
range is from 1 to 32 characters.
Step 4
tunnel source {ip-address}
Example:
RP/0/0/CPU0:router(config-if)# tunnel source
172.19.72.92
Specifies the source address for a tunnel-ipsec
interface.
• Use the ip-address argument to set the IP
address to use as the source address for packets
in the tunnel.
To Next Page
Loading...
