Implementing IPSec Network Security on Cisco IOS XR Software
Configuring IPSec Virtual Interfaces
These tasks configure IPSec virtual interfaces:
•
•
Configuring Static IPSec Virtual Interfaces
This task configures static IPSec service virtual interfaces (SVIs).
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Step 2
interface service-ipsec number
Example:
RP/0/0/CPU0:router(config)# interface service-ipsec
2
RP/0/0/CPU0:router(config-if)#
Step 3
profile profile-name
Example:
RP/0/0/CPU0:router(config-if)# profile ipsec_profa
Configuring Static IPSec Virtual Interfaces, page SC-133
Configuring IPSec-Protected GRE Virtual Interfaces, page SC-136
configure
interface service-ipsec number
profile profile-name
tunnel source ip-address
tunnel destination ip-address
tunnel vrf vrf-name
vrf vrf-name
ipv4 address ipv4-address mask [secondary]
service-location preferred-active location [preferred-standby location [auto-revert]]
end
or
commit
show route [vrf vrf name]
How to Implement IPSec Network Security for VPNs
Purpose
Enters global configuration mode.
Creates a static IPSec SVI.
You can use the interface service-ipsec command
to enter service-ipsec interface configuration mode.
Specifies the crypto profile to use for IPSec
processing.
Use the profile-name argument to define the
•
previous crypto profile to use. The character
range is from 1 to 32 characters.
Cisco IOS XR System Security Configuration Guide
SC-133