Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for an IPSec Network with a Cisco IPSec VPN SPA
SC-145
Cisco IOS XR System Security Configuration Guide
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local
Gateway of last resort is not set
S 30.0.1.0/24 is directly connected, 00:02:09, service-ipsec1
C 40.40.41.0/24 is directly connected, 00:02:09, service-ipsec1
L 40.40.41.41/32 is directly connected, 00:02:09, service-ipsec1
C 100.100.100.0/24 is directly connected, 00:01:26, GigabitEthernet0/0/0/3
L 100.100.100.1/32 is directly connected, 00:01:26, GigabitEthernet0/0/0/3
The following example shows that the interface service-ipsec command is set to 1 and is part of the
customer_1 VRF:
RP/0/RP0/CPU0:router# show crypto ipsec interface service-ipsec 1
--------------- IPSec interface ----------------
Interface service-ipsec1, mode Tunnel, intf_handle 0x5000180
Locations 0/1/1 0/2/0, VRF customer_1 (60000002)
Number of profiles 1, number of flows 1
Tunnel: source 4.0.1.1, destination 5.0.1.1, tunnel VRF default
DF-bit: copy, pre-fragmentation enable
default pmtu: 9216
1 connected flows:
502
Configuring a Service-gre Interface: Example
The following example shows a basic configuration of a service-gre interface and an IPSec SA that is
created on the interface.
Configuring the Transform-set to Use Transport Mode
crypto ipsec transform-set tsfm2
transform esp-3des esp-md5-hmac
mode transport
!
Configuring the IPSec Profile to Use the Set Transform-set Format
crypto ipsec profile gre
set transform-set tsfm2
!
Configuring the Service-gre Interface
interface service-gre1
ipv4 address 11.2.6.6 255.255.255.0
profile gre
tunnel source 50.50.50.2
tunnel destination 40.40.40.2
service-location preferred-active 0/1/1
!
The following example shows the sample output from the show crypto ipsec summary command:
RP/0/RP0/CPU0:router# show crypto ipsec summary
# * Attached to a transform indicates a bundle
To Next Page
Loading...
