Table of Contents
Advertisement
How to Implement IPSec Network Security for VPNs
Configuring IPSec-Protected GRE Virtual Interfaces
This task configures IPSec-protected GRE service virtual interfaces.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Step 2
interface service-gre number
Example:
RP/0/0/CPU0:router(config)# interface service-gre 2
RP/0/0/CPU0:router(config-if)#
Step 3
profile profile-name
Example:
RP/0/0/CPU0:router(config-if)# profile ipsec_profa
Step 4
tunnel source {ip-address}
Example:
RP/0/0/CPU0:router(config-if)# tunnel source
172.19.72.92
Cisco IOS XR System Security Configuration Guide
SC-136
configure
interface service-gre number
profile profile-name
tunnel source {ip-address}
tunnel destination ip-address
tunnel vrf vrf-name
vrf vrf-name
ipv4 address ipv4-address mask [secondary]
service-location preferred-active location [preferred-standby location] [auto-revert]
end
or
commit
show route [vrf vrf name]
Implementing IPSec Network Security on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Creates a GRE service virtual interface.
You can use the interface service-gre command to
enter service-gre interface configuration mode
Specifies the crypto profile to use for IPSec
processing. For the service-gre interface, the IPSec
profile must be static.
•
Use the profile-name argument to define the
previous crypto profile to use. The character
range is from 1 to 32 characters.
Specifies the source address for a tunnel-ipsec
interface.
Use the ip-address argument to set the IP
•
address to use as the source address for packets
in the tunnel.
Hide quick links:
Advertisement
Chapters
Table of Contents
