Cisco 6000 Series Configuration Manual page 138

Interface and hardware component configuration guide for cisconcs 6000 series routers, ios xr release 6.4.x
Hide thumbs Also See for 6000 Series:
Table of Contents

Advertisement

Configuring Tunnel-IPSec Interfaces
Before you begin
To use the profile command, you must be in a user group associated with a task group that includes the proper
task IDs for crypto commands. To use the tunnel destination command, you must be in a user group associated
with a task group that includes the proper task IDs for interface commands.
For detailed information about user groups and task IDs, see the Configuring AAA Services module of System
Security Configuration Guide for the Cisco NCS 6000 Series Routers The following tasks are required for
creating Tunnel-IPSec interfaces:
• Setting Global Lifetimes for IPSec Security Associations
• Configuring Checkpointing
• Configuring Crypto Profiles
For detailed information on configuring the prerequisite checkpointing and crypto profiles, and setting the
global lifetimes for IPSec security associations, refer to the Implementing IPSec Network Security module
in System Security Configuration Guide for Cisco NCS 6000 Series Routers .
After configuring crypto profiles, you must apply a crypto profile to each tunnel interface through which
IPSec traffic will flow. Applying the crypto profile set to a tunnel interface instructs the router to evaluate all
the interface's traffic against the crypto profile set and to use the specified policy during connection or security
association negotiation on behalf of traffic to be protected by crypto.
SUMMARY STEPS
1. configure
2. interface tunnel-ipsec identifier
3. profile profile-name
4. tunnel source {ip-address | interface-id }
5. tunnel destination {ip-address | tunnel-id }
6. Do one of the following:
7. show ip route
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
interface tunnel-ipsec identifier
Example:
RP/0/RP0/CPU0:router(config)# interface
tunnel-ipsec 30
Interface and Hardware Component Configuration Guide for Cisco NCS 6000 Series Routers, IOS XR Release 6.4.x
126
• end
• commit
Purpose
Enters XR configuration mode.
Identifies the IPSec interface to which the crypto profile
will be attached and enters interface configuration mode.
Configuring Tunnel Interfaces

Advertisement

Table of Contents
loading

Table of Contents