How to Implement General IPSec Configurations for IPSec Networks
Creating Crypto Access Lists
This task creates a crypto access list.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
ipv4 access-list name
Example:
RP/0/RP0/CPU0:router(config)# ipv4 access-list
InternetFilter
RP/0/RP0/CPU0:router(config-ipv4-acl)#
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-88
configure
ipv4 access-list name
[sequence-number] permit {ipv4 | ipv4-protocol-number} {any | host source-ip | source-ip/prefix
| source-ip source-wildcard} {any | host destination-ip | destination-ip/prefix | destination-ip
destination-wildcard}
or
[sequence-number] permit {tcp | udp}{ any | host source-ip | source-ip/prefix | source-ip
source-wildcard}[eq port-number | gt port-number | lt port-number | neq port-number | range
port-number port-number] {any | host destination-ip | destination-ip/prefix | destination-ip
destination-wildcard} [eq port-number| gt port-number | lt port-number | neq port-number | range
port-number port-number]
end
or
commit
Implementing IPSec Network Security on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Creates an access list named "InternetFilter" and enters
IPv4 access list configuration mode.
Only IPv4 access list configuration mode is relevant
Note
to creation of a crypto access list, not IPv6 access
list configuration mode.
OL-20382-01