Contents
vi
Cisco IOS XR System Security Configuration Guide
Perfect Forward Secrecy SC-97
Checkpointing SC-98
DF Bit Override Functionality with IPSec Tunnels SC-98
IPSec Antireplay Window SC-98
IPSec NAT Transparency SC-99
IPSec Security Association Idle Timers SC-99
Prefragmentation for Cisco IPSec VPN SPAs SC-99
Reverse-Route Injection SC-100
IPSec—SNMP Support SC-101
Information About an IPSec Network with a Cisco IPSec VPN SPA on Cisco IOS XR Software SC-101
Cisco IPSec VPN SPA Overview SC-101
Displaying the SPA Hardware Type SC-101
Information About Security for VPNs with IPSec SC-102
How to Implement General IPSec Configurations for IPSec Networks SC-104
Setting Global Lifetimes for IPSec Security Associations SC-105
Creating Crypto Access Lists SC-106
Defining Transform Sets SC-108
Configuring Crypto Profiles SC-109
Configuring the DF Bit for the Encapsulating Header in IPSec Tunnels SC-114
Configuring the IPSec Antireplay Window: Expanding and Disabling SC-115
Configuring IPSec NAT Transparency SC-118
Configuring IPSec Security Association Idle Timers SC-120
Disabling Prefragmentation for Cisco IPSec VPN SPAs SC-124
Configuring Reverse-Route Injection in a Crypto Profile SC-127
Configuring IPSec Failure History Table Size SC-128
How to Implement IPSec Network Security for Locally Sourced and Destined Traffic SC-129
Applying Crypto Profiles to tunnel-ipsec Interfaces SC-130
Applying Crypto Profiles to Crypto Transport SC-131
How to Implement IPSec Network Security for VPNs SC-132
Configuring IPSec Virtual Interfaces SC-133
Configuring the Default Path Maximum Transmission Unit for the SA SC-139
Configuration Examples for Implementing IPSec Network Security for Locally Sourced Traffic and Destined
Traffic
SC-140
Configuring a Static Profile and Attaching to a Tunnel-ipsec Interface: Example SC-140
Configuring a Dynamic Profile and Attaching to a Tunnel-ipsec Interface: Example SC-141
Configuring a Static Profile and Attaching to Transport: Example SC-142
Configuration Examples for an IPSec Network with a
Cisco IPSec VPN SPA
SC-142
Configuring IPSec for a VRF-aware Service-ipsec Interface: Example SC-142
To Next Page
Loading...
