EasyManuals Logo

Cisco IOS XR User Manual

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #156 background imageLoading...
Page #156 background image
Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for an IPSec Network with a Cisco IPSec VPN SPA
SC-144
Cisco IOS XR System Security Configuration Guide
!
The following example shows that the IPSec SA is created from the show crypto ipsec summary
command and show crypto ipsec sa command:
RP/0/RP0/CPU0:router# show crypto ipsec summary
# * Attached to a transform indicates a bundle
# Active IPSec Sessions: 1
SA Local Peer Remote Peer FVRF Profile Transform Lifetime
-------------------------------------------------------------------------------
502 4.0.1.1 5.0.1.1 default prof1 esp-256-aes 3600/4194303
RP/0/RP0/CPU0:router# show crypto ipsec sa
SA id: 502
Node id: 0/1/1 0/2/0
SA Type: ISAKMP
interface: service-ipsec1
profile : prof1
local ident (addr/mask/prot/port) : (100.0.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port) : (30.0.1.0/255.255.255.0/0/0)
local crypto endpt: 4.0.1.1, remote crypto endpt: 5.0.1.1, vrf default
#pkts tx :0 #pkts rx :0
#bytes tx :0 #bytes rx :0
#pkts encrypt :0 #pkts decrypt :0
#pkts digest :0 #pkts verify :0
#pkts encrpt fail:0 #pkts decrpt fail:0
#pkts digest fail:0 #pkts verify fail:0
#pkts replay fail:0
#pkts tx errors :0 #pkts rx errors :0
outbound esp sas:
spi: 0x3482d5c8(880989640)
transform: esp-256-aes
in use settings = Tunnel
sa agreed lifetime: 3600s, 4194303kb
sa timing: remaining key lifetime (sec/kb): (3525/4194303)
sa DPD disabled
sa idle timeout: disable, 0s
sa anti-replay (HW accel): enable, window 64
inbound esp sas:
spi: 0x3c9869ee(1016621550)
transform: esp-256-aes
in use settings = Tunnel
sa agreed lifetime: 3600s, 4194303kb
sa timing: remaining key lifetime (sec/kb): (3525/4194303)
sa DPD disabled
sa idle timeout: disable, 0s
sa anti-replay (HW accel): enable, window 64
The following example shows that RRI was configured so the proxy is added to the routing table of the
VRF:
RP/0/RP0/CPU0:router# show route vrf customer_1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General IconGeneral
Operating SystemCisco IOS XR
ArchitectureMicrokernel
High AvailabilityYes
TypeNetwork operating system
Developed byCisco Systems
LicenseProprietary
Programming LanguageC, C++
KernelQNX
Supported PlatformsCisco ASR9000, NCS series
Security FeaturesRole-Based Access Control (RBAC), Secure Boot, Encryption
Management InterfaceCLI, SNMP, NETCONF, RESTCONF
Release Date2004
Target DevicesHigh-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported HardwareCisco routers and switches
Networking ProtocolsBGP, OSPF, IS-IS, MPLS
Virtualization SupportVirtualization-ready, supports network function virtualization (NFV) and containerization technologies.

Related product manuals