Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software

Configuration Examples for Implementing IKE Security Protocol

SC-69

Cisco IOS XR System Security Configuration Guide

Creating IKE Policies: Example

This example shows how to create two IKE policies with policy 15 as the highest priority, policy 20 as

the next priority, and the existing default priority as the lowest priority.

crypto isakmp policy 15

encryption 3des

hash md5

authentication rsa-sig

group 2

lifetime 5000

crypto isakmp policy 20

authentication pre-share

lifetime 10000

In the example, the encryption des of policy 15 would not appear in the written configuration because

this is the default value for the encryption algorithm parameter.

If the show crypto isakmp policy command is issued with this configuration, the output is as follows:

Protection suite priority 15

encryption algorithm:DES - Data Encryption Standard (56 bit keys)

hash algorithm:Message Digest 5

authentication method:Rivest-Shamir-Adelman Signature

Diffie-Hellman group:#2 (1024 bit)

lifetime:5000 seconds, no volume limit

Protection suite priority 20

encryption algorithm:DES - Data Encryption Standard (56 bit keys)

hash algorithm:Secure Hash Standard

authentication method:preshared Key

Diffie-Hellman group:#1 (768 bit)

lifetime:10000 seconds, no volume limit

Default protection suite

encryption algorithm:DES - Data Encryption Standard (56 bit keys)

hash algorithm:Secure Hash Standard

authentication method:Rivest-Shamir-Adelman Signature

Diffie-Hellman group:#1 (768 bit)

lifetime:86400 seconds, no volume limit

Note Although the output shows “no volume limit” for the lifetimes, you can configure only a time lifetime

(such as 86,400 seconds); volume-limit lifetimes are not configurable.

Configuring a service-ipsec Interface with a Dynamic Profile: Example

The following shows how to configure a service-ipsec interface with a dynamic profile:

ipv4 access-list acl1

10 permit ipv4 any any

interface service-ipsec1

ipv4 address 44.44.44.44 255.255.255.0

profile ipsec-profile1

tunnel source 100.0.0.1

service-location preferred-active 0/4/0

crypto isakmp

crypto isakmp policy 10

authentication pre-share

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.