Configuring A Service-Gre Interface: Example - Cisco IOS XR Configuration Manual

System security configuration guide

Hide thumbs Also See for IOS XR:

Getting started manual (222 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

page of 254

/ 254
Contents
Table of Contents
Bookmarks

Table of Contents

Implementing IPSec Network Security on Cisco IOS XR Software

Gateway of last resort is not set

The following example shows that the interface service-ipsec command is set to 1 and is part of the

customer_1 VRF:

RP/0/RP0/CPU0:router# show crypto ipsec interface service-ipsec 1

--------------- IPSec interface ----------------

Interface service-ipsec1, mode Tunnel, intf_handle 0x5000180

Locations 0/1/1 0/2/0,

Number of profiles 1, number of flows 1

Tunnel: source 4.0.1.1, destination 5.0.1.1, tunnel VRF default

DF-bit: copy, pre-fragmentation enable

default pmtu: 9216

1 connected flows:

502

Configuring a Service-gre Interface: Example

The following example shows a basic configuration of a service-gre interface and an IPSec SA that is

created on the interface.

Configuring the Transform-set to Use Transport Mode

crypto ipsec transform-set tsfm2

transform esp-3des esp-md5-hmac

mode transport

Configuring the IPSec Profile to Use the Set Transform-set Format

crypto ipsec profile gre

set transform-set tsfm2

Configuring the Service-gre Interface

interface service-gre1

ipv4 address 11.2.6.6 255.255.255.0

profile gre

tunnel source 50.50.50.2

tunnel destination 40.40.40.2

service-location preferred-active 0/1/1

The following example shows the sample output from the show crypto ipsec summary command:

RP/0/RP0/CPU0:router# show crypto ipsec summary

# * Attached to a transform indicates a bundle

ia - IS-IS inter area, su - IS-IS summary null, * - candidate default

U - per-user static route, o - ODR, L - local

30.0.1.0/24 is directly connected, 00:02:09, service-ipsec1

40.40.41.0/24 is directly connected, 00:02:09, service-ipsec1

40.40.41.41/32 is directly connected, 00:02:09, service-ipsec1

100.100.100.0/24 is directly connected, 00:01:26, GigabitEthernet0/0/0/3

100.100.100.1/32 is directly connected, 00:01:26, GigabitEthernet0/0/0/3

VRF customer_1 (60000002)

Configuration Examples for an IPSec Network with a Cisco IPSec VPN SPA

Cisco IOS XR System Security Configuration Guide

SC-145

Table of Contents

Show Quick Links

Quick Links:
Prerequisites for Configuring Aaa Services

Hide quick links:

Chapters

Table of Contents

This manual is also suitable for:

Ios xr 3.5

Configuring A Service-Gre Interface: Example - Cisco IOS XR Configuration Manual

Configuring a Service-gre Interface: Example

Hide quick links:

Chapters

Related Manuals for Cisco IOS XR

Related Content for Cisco IOS XR

This manual is also suitable for:

Table of Contents