Cisco ISR 4000 series Configuration Manual page 22

Integrated services routers cc configuration guide

Hide thumbs Also See for ISR 4000 series:

Configuration manual (14 pages)

Table Of Contents

Table of Contents

Cisco ISR 4000 Family Routers Administrator Guidance

TOE-common-criteria(config)#interface g0/0

TOE-common-criteria(config-if)#ip address 10.10.10.110 255.255.255.0

TOE-common-criteria(config-if)#crypto map sample

TOE-common-criteria(config-if)#interface Loopback1

TOE-common-criteria(config-if)#ip address 30.0.0.1 255.0.0.0

TOE-common-criteria(config-if)#exit

TOE-common-criteria(config)# ip route 40.0.0.0 255.0.0.0 10.10.10.101

TOE-common-criteria(config)# access-list 170 permit ip 30.0.0.0 0.255.255.255 40.0.0.0

0.255.255.255

TOE-common-criteria(config)#logging source-interface Loopback1

TOE-common-criteria(config)#logging host 40.0.0.1

3.3.5.2 Syslog Server Adjacent to an IPsec Peer

If the syslog server is not directly co-located with the TOE, then the syslog server must be located

in a physically protected facility and connected to a router capable of establishing an IPsec tunnel

with the TOE. This will protect the syslog records as they traverse the public network.

Following are sample instructions to configure the TOE to support an IPsec tunnel with aes

encryption, with 11.1.1.4 as the IPsec peer, 10.1.1.7 and 11.1.1.6 as the local IPs, and the syslog

server on the 12.1.1.0 /28 subnet:

TOE-common-criteria#configure terminal

TOE-common-criteria(config)#crypto isakmp policy 1

TOE-common-criteria(config-isakmp)#encryption aes

TOE-common-criteria(config-isakmp)#authentication pre-share

TOE-common-criteria(config-isakmp)#group 14

TOE-common-criteria(config-isakmp)#lifetime 28800

TOE-common-criteria(config)#crypto isakmp key [insert 22 character preshared key]

address 10.10.10.101

TOE-common-criteria(config)#crypto isakmp key [insert 22 character preshared key]

address 40.0.0.1

TOE-common-criteria(config)#crypto ipsec transform-set sampleset esp-aes esp-sha-

hmac

TOE-common-criteria(cfg-crypto-trans)#mode tunnel

TOE-common-criteria(config)#crypto map sample 1 ipsec-isakmp

TOE-common-criteria(config-crypto-map)#set peer 11.1.1.4

TOE-common-criteria(config-crypto-map)#set transform-set sampleset

TOE-common-criteria(config-crypto-map)#match address 115

TOE-common-criteria(config-crypto-map)#exit

TOE-common-criteria(config)#interface g0/1

TOE-common-criteria(config-if)#ip address 10.1.1.7 255.255.255.0

TOE-common-criteria(config-if)#no ip route-cache

TOE-common-criteria(config-if)#crypto map sample

TOE-common-criteria(config-if)#interface g0/0

TOE-common-criteria(config-if)#ip address 11.1.1.6 255.255.255.0

Page 22 of 66

Table of Contents

Show Quick Links

Quick Links:
Introduction
Physical Installation
Initial Setup Via Direct Console Connection
Enabling Fips Mode
Table 9 Protocols and Services

Hide quick links:

Table of Contents

This manual is also suitable for:

Isr-4400 series

Cisco ISR 4000 series Configuration Manual page 22

Hide quick links:

Related Manuals for Cisco ISR 4000 series

Related Products for Cisco ISR 4000 series

This manual is also suitable for:

Table of Contents