Configuration Examples For Implementing Ipsec Network Security For Locally Sourced And Destined Traffic - Cisco CRS-1 - Carrier Routing System Router Configuration Manual

Implementing IPSec Network Security on Cisco IOS XR Software
Configuration Examples for Implementing IPSec Network
Security for Locally Sourced and Destined Traffic
This section provides the following configuration examples:
•
•
•
Configuring a Static Profile and Attaching to a tunnel-ipsec Interface: Example
The following example shows a minimal IPSec configuration where a static crypto profile is created and
attached to a tunnel-ipsec interface.
An IPSec access list named sample1 defines which traffic to protect:
ipv4 access-list sample1 permit ip 10.0.0.0 0.0.0.255 10.2.2.0 0.0.0.255
A transform set defines how the traffic is protected. In this example, transform set myset1 uses Data
Encryption Standard (DES) encryption and Secure Hash Algorithm (SHA) for data packet
authentication:
crypto ipsec transform-set myset1
transform esp-des esp-sha
Another transform set example is myset2, which uses 3DES encryption and the Message Digest 5 (MD5)
(Hashed Message Authentication Code [HMAC] variant) algorithm for data packet authentication:
crypto ipsec transform-set myset2
transform esp-3des esp-md5-hmac
A crypto profile named toRemoteSite is created and joins the IPSec access list and transform set:
crypto ipsec profile toRemoteSite
The toRemoteSite crypto profile is then applied to a tunnel-ipsec interface:
interface tunnel-ipsec0
Configuring a Dynamic Profile and Attaching It to a tunnel-ipsec Interface:
Example
The following example shows a minimal IPSec configuration where a dynamic crypto profile is created
and attached to a tunnel-ipsec interface.
An IPSec access list named sample2 defines which traffic to protect:
ipv4 access-list sample2 permit ip 10.0.0.0 0.0.0.255 10.2.2.0 0.0.0.255
A transform set defines how the traffic is protected. In this example, transform set myset2 uses DES
encryption and SHA for data packet authentication:
OL-20382-01

Configuration Examples for Implementing IPSec Network Security for Locally Sourced and Destined Traffic

Configuring a Static Profile and Attaching to a tunnel-ipsec Interface: Example, page 101
Configuring a Dynamic Profile and Attaching It to a tunnel-ipsec Interface: Example, page 101
Configuring a Static Profile and Attaching to Transport: Example, page 102
match sample1 transform-set myset1
end
profile toRemoteSite
tunnel source 10.0.0.2
tunnel destination 10.0.0.5
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-101