EasyManua.ls Logo

Cisco IOS XR

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for an IPSec Network with a Cisco IPSec VPN SPA
SC-146
Cisco IOS XR System Security Configuration Guide
# Active IPSec Sessions: 2
SA Local Peer Remote Peer FVRF Profile Transform Lifetime
-------------------------------------------------------------------------------
503 50.50.50.2 40.40.40.2 default gre esp-3des esp 120/4194303
The following example shows that the service-gre interface is set to 1 with a profile gre:
RP/0/RP0/CPU0:router# show crypto ipsec sa 503
SA id: 503
Node id: 0/1/1
SA Type: ISAKMP
interface: service-gre1
profile : gre
local ident (addr/mask/prot/port) : (50.50.50.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port) : (40.40.40.2/255.255.255.255/47/0)
local crypto endpt: 50.50.50.2, remote crypto endpt: 40.40.40.2, vrf default
#pkts tx :0 #pkts rx :0
#bytes tx :0 #bytes rx :0
#pkts encrypt :0 #pkts decrypt :0
#pkts digest :0 #pkts verify :0
#pkts encrpt fail:0 #pkts decrpt fail:0
#pkts digest fail:0 #pkts verify fail:0
#pkts replay fail:0
#pkts tx errors :0 #pkts rx errors :0
outbound esp sas:
spi: 0x5aeffcbd(1525677245)
transform: esp-3des esp-md5-hmac
in use settings = Transport
sa agreed lifetime: 120s, 4194303kb
sa timing: remaining key lifetime (sec/kb): (108/4194303)
sa DPD disabled
sa idle timeout: disable, 0s
sa anti-replay (HW accel): enable, window 64
inbound esp sas:
spi: 0x54373dd3(1412906451)
transform: esp-3des esp-md5-hmac
in use settings = Transport
sa agreed lifetime: 120s, 4194303kb
sa timing: remaining key lifetime (sec/kb): (108/4194303)
sa DPD disabled
sa idle timeout: disable, 0s
sa anti-replay (HW accel): enable, window 64
The following example shows that the interface service-gre command is set to 1:
RP/0/RP0/CPU0:router# show crypto ipsec interface service-gre 1
--------------- IPSec interface ----------------
Interface service-gre1, mode Transport, intf_handle 0x5000880
Locations 0/1/1, VRF default (60000000)
Number of profiles 1, number of flows 1
Tunnel: source 50.50.50.2, destination 40.40.40.2, tunnel VRF default
DF-bit: copy, pre-fragmentation enable
default pmtu: 9216
1 connected flows:
503

Table of Contents

Related product manuals