Cisco ISR 4000 series

To Next Page

To Previous Page

Cisco ISR 4000 Family Routers Administrator Guidance

Page 22 of 66

TOE-common-criteria(config)#interface g0/0

TOE-common-criteria(config-if)#ip address 10.10.10.110 255.255.255.0

TOE-common-criteria(config-if)#crypto map sample

TOE-common-criteria(config-if)#interface Loopback1

TOE-common-criteria(config-if)#ip address 30.0.0.1 255.0.0.0

TOE-common-criteria(config-if)#exit

TOE-common-criteria(config)# ip route 40.0.0.0 255.0.0.0 10.10.10.101

TOE-common-criteria(config)# access-list 170 permit ip 30.0.0.0 0.255.255.255 40.0.0.0

0.255.255.255

TOE-common-criteria(config)#logging source-interface Loopback1

TOE-common-criteria(config)#logging host 40.0.0.1

3.3.5.2 Syslog Server Adjacent to an IPsec Peer

If the syslog server is not directly co-located with the TOE, then the syslog server must be located

in a physically protected facility and connected to a router capable of establishing an IPsec tunnel

with the TOE. This will protect the syslog records as they traverse the public network.

Following are sample instructions to configure the TOE to support an IPsec tunnel with aes

encryption, with 11.1.1.4 as the IPsec peer, 10.1.1.7 and 11.1.1.6 as the local IPs, and the syslog

server on the 12.1.1.0 /28 subnet:

TOE-common-criteria#configure terminal

TOE-common-criteria(config)#crypto isakmp policy 1

TOE-common-criteria(config-isakmp)#encryption aes

TOE-common-criteria(config-isakmp)#authentication pre-share

TOE-common-criteria(config-isakmp)#group 14

TOE-common-criteria(config-isakmp)#lifetime 28800

TOE-common-criteria(config)#crypto isakmp key [insert 22 character preshared key]

address 10.10.10.101

TOE-common-criteria(config)#crypto isakmp key [insert 22 character preshared key]

address 40.0.0.1

TOE-common-criteria(config)#crypto ipsec transform-set sampleset esp-aes esp-sha-

hmac

TOE-common-criteria(cfg-crypto-trans)#mode tunnel

TOE-common-criteria(config)#crypto map sample 1 ipsec-isakmp

TOE-common-criteria(config-crypto-map)#set peer 11.1.1.4

TOE-common-criteria(config-crypto-map)#set transform-set sampleset

TOE-common-criteria(config-crypto-map)#match address 115

TOE-common-criteria(config-crypto-map)#exit

TOE-common-criteria(config)#interface g0/1

TOE-common-criteria(config-if)#ip address 10.1.1.7 255.255.255.0

TOE-common-criteria(config-if)#no ip route-cache

TOE-common-criteria(config-if)#crypto map sample

TOE-common-criteria(config-if)#interface g0/0

TOE-common-criteria(config-if)#ip address 11.1.1.6 255.255.255.0

Main Page

Cisco ISR 4000 series - Page 22

Table of Contents

Related product manuals