Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Configuration Examples for Implementing IKE Security Protocol
SC-71
Cisco IOS XR System Security Configuration Guide
service-location preferred-active 0/2/0
!
crypto isakmp client configuration group group-a
key group-a-key
pool pool-1
!
crypto isakmp
crypto isakmp policy 30
authentication pre-share
group 2
encryption aes
lifetime 180
!
crypto isakmp profile isakmp-prof3
client authentication list authen-net-local
match identity group group-a
set interface service-ipsec3
!
isakmp authorization list author-net-local
!
crypto ipsec transform-set tsfm3
transform esp-3des esp-sha-hmac
!
crypto ipsec profile ipsec-prof-ezvpn
set type dynamic
match acl-3 transform-set tsfm3
!
Configuring VRF-Aware: Example
The following example shows how to configure VRF-aware:
ipv4 access-list acl-2_5-1
10 permit ipv4 any any
ipv4 access-list acl-2_5-4
10 permit ipv4 host 2.6.1.3 host 1.7.1.3
vrf IVRF1
!
vrf IVRF2
!
vrf IVRF3
!
vrf FVRF
!
interface GigabitEthernet0/1/0/0.1
vrf FVRF
ipv4 address 10.0.83.2 255.255.255.0
!
interface GigabitEthernet0/1/0/1.1
vrf IVRF1
ipv4 address 2.6.0.1 255.255.0.0
dot1q vlan 61
!
interface GigabitEthernet0/1/0/1.2
vrf IVRF2
ipv4 address 2.6.1.1 255.255.0.0
dot1q vlan 62
!
interface GigabitEthernet0/1/0/1.3
vrf IVRF3
ipv4 address 2.6.0.1 255.255.0.0
To Next Page
Loading...
