EasyManua.ls Logo

Cisco IOS XR

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for an IPSec Network with a Cisco IPSec VPN SPA
SC-144
Cisco IOS XR System Security Configuration Guide
!
The following example shows that the IPSec SA is created from the show crypto ipsec summary
command and show crypto ipsec sa command:
RP/0/RP0/CPU0:router# show crypto ipsec summary
# * Attached to a transform indicates a bundle
# Active IPSec Sessions: 1
SA Local Peer Remote Peer FVRF Profile Transform Lifetime
-------------------------------------------------------------------------------
502 4.0.1.1 5.0.1.1 default prof1 esp-256-aes 3600/4194303
RP/0/RP0/CPU0:router# show crypto ipsec sa
SA id: 502
Node id: 0/1/1 0/2/0
SA Type: ISAKMP
interface: service-ipsec1
profile : prof1
local ident (addr/mask/prot/port) : (100.0.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port) : (30.0.1.0/255.255.255.0/0/0)
local crypto endpt: 4.0.1.1, remote crypto endpt: 5.0.1.1, vrf default
#pkts tx :0 #pkts rx :0
#bytes tx :0 #bytes rx :0
#pkts encrypt :0 #pkts decrypt :0
#pkts digest :0 #pkts verify :0
#pkts encrpt fail:0 #pkts decrpt fail:0
#pkts digest fail:0 #pkts verify fail:0
#pkts replay fail:0
#pkts tx errors :0 #pkts rx errors :0
outbound esp sas:
spi: 0x3482d5c8(880989640)
transform: esp-256-aes
in use settings = Tunnel
sa agreed lifetime: 3600s, 4194303kb
sa timing: remaining key lifetime (sec/kb): (3525/4194303)
sa DPD disabled
sa idle timeout: disable, 0s
sa anti-replay (HW accel): enable, window 64
inbound esp sas:
spi: 0x3c9869ee(1016621550)
transform: esp-256-aes
in use settings = Tunnel
sa agreed lifetime: 3600s, 4194303kb
sa timing: remaining key lifetime (sec/kb): (3525/4194303)
sa DPD disabled
sa idle timeout: disable, 0s
sa anti-replay (HW accel): enable, window 64
The following example shows that RRI was configured so the proxy is added to the routing table of the
VRF:
RP/0/RP0/CPU0:router# show route vrf customer_1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2

Table of Contents

Related product manuals