EasyManuals Logo

Cisco IOS XR User Manual

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #157 background imageLoading...
Page #157 background image
Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for an IPSec Network with a Cisco IPSec VPN SPA
SC-145
Cisco IOS XR System Security Configuration Guide
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local
Gateway of last resort is not set
S 30.0.1.0/24 is directly connected, 00:02:09, service-ipsec1
C 40.40.41.0/24 is directly connected, 00:02:09, service-ipsec1
L 40.40.41.41/32 is directly connected, 00:02:09, service-ipsec1
C 100.100.100.0/24 is directly connected, 00:01:26, GigabitEthernet0/0/0/3
L 100.100.100.1/32 is directly connected, 00:01:26, GigabitEthernet0/0/0/3
The following example shows that the interface service-ipsec command is set to 1 and is part of the
customer_1 VRF:
RP/0/RP0/CPU0:router# show crypto ipsec interface service-ipsec 1
--------------- IPSec interface ----------------
Interface service-ipsec1, mode Tunnel, intf_handle 0x5000180
Locations 0/1/1 0/2/0, VRF customer_1 (60000002)
Number of profiles 1, number of flows 1
Tunnel: source 4.0.1.1, destination 5.0.1.1, tunnel VRF default
DF-bit: copy, pre-fragmentation enable
default pmtu: 9216
1 connected flows:
502
Configuring a Service-gre Interface: Example
The following example shows a basic configuration of a service-gre interface and an IPSec SA that is
created on the interface.
Configuring the Transform-set to Use Transport Mode
crypto ipsec transform-set tsfm2
transform esp-3des esp-md5-hmac
mode transport
!
Configuring the IPSec Profile to Use the Set Transform-set Format
crypto ipsec profile gre
set transform-set tsfm2
!
Configuring the Service-gre Interface
interface service-gre1
ipv4 address 11.2.6.6 255.255.255.0
profile gre
tunnel source 50.50.50.2
tunnel destination 40.40.40.2
service-location preferred-active 0/1/1
!
The following example shows the sample output from the show crypto ipsec summary command:
RP/0/RP0/CPU0:router# show crypto ipsec summary
# * Attached to a transform indicates a bundle

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General IconGeneral
Operating SystemCisco IOS XR
ArchitectureMicrokernel
High AvailabilityYes
TypeNetwork operating system
Developed byCisco Systems
LicenseProprietary
Programming LanguageC, C++
KernelQNX
Supported PlatformsCisco ASR9000, NCS series
Security FeaturesRole-Based Access Control (RBAC), Secure Boot, Encryption
Management InterfaceCLI, SNMP, NETCONF, RESTCONF
Release Date2004
Target DevicesHigh-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported HardwareCisco routers and switches
Networking ProtocolsBGP, OSPF, IS-IS, MPLS
Virtualization SupportVirtualization-ready, supports network function virtualization (NFV) and containerization technologies.

Related product manuals