Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Configuration Examples for Implementing IKE Security Protocol
SC-70
Cisco IOS XR System Security Configuration Guide
group 5
encryption 3des
lifetime 86400
!
crypto keyring ring1 vrf default
pre-shared-key address 40.0.0.1 255.255.255.255 key key1
!
crypto isakmp profile ike-profile1
keyring ring1
match identity address 40.0.0.0/16 vrf default
set interface service-ipsec1
!
!
crypto isakmp keepalive 60 5
crypto ipsec transform-set tsfm1 esp-3des esp-md5-hmac
!
crypto ipsec profile ipsec-profile1
set type dynamic
match acl1 transform-set tsfm1
!
Configuring Easy VPN with a Local AAA: Example
The following example shows how to configure Easy VPN with a local AAA:
aaa authorization network author-net-local local
aaa authentication login authen-net-local local
aaa authentication login author-net-local local
local pool
ipv4 pool-1 20.20.20.4 20.20.20.255
!
ipv4 access-list acl-3
10 permit ipv4 any any
!
interface Loopback30
ipv4 address 10.20.100.1 255.255.255.255
interface Loopback31
ipv4 address 2.1.0.5 255.255.255.255
!
interface Loopback33
ipv4 address 10.20.100.3 255.255.255.255
interface MgmtEth0/0/CPU0/0
ipv4 address 3.1.73.1 255.255.0.0
!
interface GigabitEthernet0/1/0/0.1
ipv4 address 10.0.83.2 255.255.255.0
dot1q vlan 83
!
interface GigabitEthernet0/1/0/0.2
ipv4 address 10.0.81.4 255.255.255.0
dot1q vlan 81
!
interface GigabitEthernet0/1/0/1
ipv4 address 2.0.0.1 255.0.0.0
negotiation auto
!
interface service-ipsec3
ipv4 address 30.3.3.3 255.255.0.0
profile ipsec-prof-ezvpn
tunnel source 10.20.100.3
To Next Page
Loading...
