Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 152
Ios xr system security configuration guide
Hide thumbs
Also See for CRS-1 - Carrier Routing System Router:
- Administration manual (436 pages) ,
- Getting started manual (289 pages) ,
- Troubleshooting manual (264 pages)
Table of Contents
Advertisement
Configuration Examples for Implementing IKE Security Protocol
RP/0/RP0/CPU0:router(config-isakmp)# encryption des << restricts use to DES only
RP/0/RP0/CPU0:router(config-isakmp)# group 2
RP/0/RP0/CPU0:router(config-isakmp)# authentication pre-share
RP/0/RP0/CPU0:router(config)# crypto isakmp policy 20
RP/0/RP0/CPU0:router(config-isakmp)# encryption aes << restricts use to AES only
RP/0/RP0/CPU0:router(config-isakmp)# group 2
RP/0/RP0/CPU0:router(config-isakmp)# authentication pre-share
RP/0/RP0/CPU0:router(config)# crypto isakmp policy-set policy_1 << match ID
RP/0/RP0/CPU0:router(config-isakmp-pol-set)# policy 10 << routing priority
RP/0/RP0/CPU0:router(config-isakmp-pol-set)# match identity local-address 1.1.1.1
RP/0/RP0/CPU0:router(config)# crypto isakmp policy-set policy_2 << match ID
RP/0/RP0/CPU0:router(config-isakmp-pol-set)# policy 20
RP/0/RP0/CPU0:router(config-isakmp-pol-set)# match identity local-address 2.2.2.2
RP/0/RP0/CPU0:router(config-isakmp-pol-set)# commit
RP/0/RP0/CPU0:router(config-isakmp-pol-set)# exit
RP/0/RP0/CPU0:router(config-isakmp)#
Configuring Cisco Easy VPN with a Local AAA-Method Server: Example
The following example shows how to configure Cisco Easy VPN with a local method-AAA server:
aaa authorization network author-net-local local
aaa authentication login authen-net-local local
local pool
ipv4 pool-1 20.20.20.4 20.20.20.255
!
ipv4 access-list acl-3
!
interface MgmtEth0/0/CPU0/0
!
interface GigabitEthernet0/1/0/1
!
interface service-ipsec3
!
crypto isakmp client configuration group group-a
!
crypto isakmp
crypto isakmp policy 30
!
crypto isakmp profile isakmp-prof3
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-146
10 permit ipv4 any any
ipv4 address 3.1.73.1 255.255.0.0
ipv4 address 2.0.0.1 255.0.0.0
negotiation auto
ipv4 address 30.3.3.3 255.255.0.0
profile ipsec-prof-ezvpn
tunnel source 10.20.100.3
service-location preferred-active 0/2/0
key group-a-key
pool pool-1
authentication pre-share
group 2
encryption aes
lifetime 180
client authentication list authen-net-local
match identity group group-a
set interface service-ipsec3
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
OL-20382-01
Advertisement
Chapters
Table of Contents
