EasyManuals Logo

Cisco IOS XR User Manual

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #158 background imageLoading...
Page #158 background image
Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for an IPSec Network with a Cisco IPSec VPN SPA
SC-146
Cisco IOS XR System Security Configuration Guide
# Active IPSec Sessions: 2
SA Local Peer Remote Peer FVRF Profile Transform Lifetime
-------------------------------------------------------------------------------
503 50.50.50.2 40.40.40.2 default gre esp-3des esp 120/4194303
The following example shows that the service-gre interface is set to 1 with a profile gre:
RP/0/RP0/CPU0:router# show crypto ipsec sa 503
SA id: 503
Node id: 0/1/1
SA Type: ISAKMP
interface: service-gre1
profile : gre
local ident (addr/mask/prot/port) : (50.50.50.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port) : (40.40.40.2/255.255.255.255/47/0)
local crypto endpt: 50.50.50.2, remote crypto endpt: 40.40.40.2, vrf default
#pkts tx :0 #pkts rx :0
#bytes tx :0 #bytes rx :0
#pkts encrypt :0 #pkts decrypt :0
#pkts digest :0 #pkts verify :0
#pkts encrpt fail:0 #pkts decrpt fail:0
#pkts digest fail:0 #pkts verify fail:0
#pkts replay fail:0
#pkts tx errors :0 #pkts rx errors :0
outbound esp sas:
spi: 0x5aeffcbd(1525677245)
transform: esp-3des esp-md5-hmac
in use settings = Transport
sa agreed lifetime: 120s, 4194303kb
sa timing: remaining key lifetime (sec/kb): (108/4194303)
sa DPD disabled
sa idle timeout: disable, 0s
sa anti-replay (HW accel): enable, window 64
inbound esp sas:
spi: 0x54373dd3(1412906451)
transform: esp-3des esp-md5-hmac
in use settings = Transport
sa agreed lifetime: 120s, 4194303kb
sa timing: remaining key lifetime (sec/kb): (108/4194303)
sa DPD disabled
sa idle timeout: disable, 0s
sa anti-replay (HW accel): enable, window 64
The following example shows that the interface service-gre command is set to 1:
RP/0/RP0/CPU0:router# show crypto ipsec interface service-gre 1
--------------- IPSec interface ----------------
Interface service-gre1, mode Transport, intf_handle 0x5000880
Locations 0/1/1, VRF default (60000000)
Number of profiles 1, number of flows 1
Tunnel: source 50.50.50.2, destination 40.40.40.2, tunnel VRF default
DF-bit: copy, pre-fragmentation enable
default pmtu: 9216
1 connected flows:
503

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General IconGeneral
Operating SystemCisco IOS XR
ArchitectureMicrokernel
High AvailabilityYes
TypeNetwork operating system
Developed byCisco Systems
LicenseProprietary
Programming LanguageC, C++
KernelQNX
Supported PlatformsCisco ASR9000, NCS series
Security FeaturesRole-Based Access Control (RBAC), Secure Boot, Encryption
Management InterfaceCLI, SNMP, NETCONF, RESTCONF
Release Date2004
Target DevicesHigh-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported HardwareCisco routers and switches
Networking ProtocolsBGP, OSPF, IS-IS, MPLS
Virtualization SupportVirtualization-ready, supports network function virtualization (NFV) and containerization technologies.

Related product manuals