How to Implement General IPSec Configurations for IPSec Networks
3.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Step 2
crypto ipsec pre-fragmentation disable
Example:
RP/0/0/CPU0:router(config)# crypto ipsec
pre-fragmentation disable
or
Example:
RP/0/0/CPU0:router(config)# interface service-gre
500
RP/0/0/CPU0:router(config-if)# crypto ipsec
pre-fragmentation disable
Step 3
end
or
commit
Example:
RP/0/0/CPU0:router(config)# end
or
RP/0/0/CPU0:router(config)# commit
Cisco IOS XR System Security Configuration Guide
SC-126
end
or
commit
Implementing IPSec Network Security on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Specifies the handling of fragmentation for the
near-MTU-sized packets.
Use the disable keyword to disable the
•
fragmentation of large packets before IPSec
encapsulation.
You can use the crypto ipsec pre-fragmentation
command in global configuration mode or
service-gre interface configuration mode.
Saves configuration changes.
When you issue the end command, the system
•
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to
–
the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session
–
and returns the router to EXEC mode
without committing the configuration
changes.
Entering cancel leaves the router in the
–
current configuration session without
exiting or committing the configuration
changes.
Use the commit command to save the
•
configuration changes to the running
configuration file and remain within the
configuration session.