EasyManuals Logo

Cisco IOS XR User Manual

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #155 background imageLoading...
Page #155 background image
Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for an IPSec Network with a Cisco IPSec VPN SPA
SC-143
Cisco IOS XR System Security Configuration Guide
import route-target
100:1000
!
export route-target
100:1000
!
!
!
Configuring ACL That Is Used by the IPSec Profile
ipv4 access-list acl1
10 permit ipv4 100.0.1.0 0.0.0.255 30.0.1.0 0.0.0.255
!
Configuring the Service-ipsec Interface
interface service-ipsec1
vrf customer_1 <------------- IVRF
ipv4 address 40.40.41.41 255.255.255.0
profile prof1 <--------- the ipsec profile
tunnel source 4.0.1.1
tunnel destination 5.0.1.1
service-location preferred-active 0/1/1 preferred-standby 0/2/0 <----------- The IPSec
SPA is located on the 0/1/1 and the standby SPA on 0/2/0
!
Configuring IKE
crypto isakmp
crypto isakmp policy 1
authentication pre-share
encryption 3des
lifetime 86400
!
crypto keyring kr1 vrf default
pre-shared-key address 5.0.1.1 255.255.255.255 key aBrAkAdAbRa
crypto isakmp profile a_prof
keyring kr1
match identity address 5.0.1.1/32 vrf default
set interface service-ipsec1
!
Configuring IPSec
The following example shows that the transform-set is set to esp-256-aes:
crypto ipsec transform-set ts1
transform esp-256-aes
!
The following example shows that the IPSec profile uses acl1 as the traffic proxy and transform-set is
ts1. In addition, RRI is configured.
crypto ipsec profile prof1
set pfs group1
set type static
match acl1 transform-set ts1
reverse-route

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General IconGeneral
Operating SystemCisco IOS XR
ArchitectureMicrokernel
High AvailabilityYes
TypeNetwork operating system
Developed byCisco Systems
LicenseProprietary
Programming LanguageC, C++
KernelQNX
Supported PlatformsCisco ASR9000, NCS series
Security FeaturesRole-Based Access Control (RBAC), Secure Boot, Encryption
Management InterfaceCLI, SNMP, NETCONF, RESTCONF
Release Date2004
Target DevicesHigh-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported HardwareCisco routers and switches
Networking ProtocolsBGP, OSPF, IS-IS, MPLS
Virtualization SupportVirtualization-ready, supports network function virtualization (NFV) and containerization technologies.

Related product manuals