Table of Contents
Advertisement
Configuring IP Security
Command
Step 9
crypto mib ipsec flowmib history failure
size size
Step 10
crypto map name local-address Ethernet 0 Specify and name an identifying interface to
Step 11
crypto map name seq-num ipsec-isakmp
Step 12
set peer ip-address
Step 13
set transform-set name
Step 14
set pfs [group1|group2]
Step 15
match address access-list-id
Step 16
exit
Disabling Hardware Encryption
Cisco 1710 Security Router Software Configuration Guide
2-4
The Cisco 1710 Security router is equipped with a Virtual Private Network (VPN)
module that provides hardware 3DES encryption by default. It is possible to
disable the VPN module and use Cisco IOS software encryption/decryption
instead.
The command which disables the VPN module is as follows:
no crypto engine accelerator
The command is executed in configuration mode. An example of its use is as
follows:
c1710(config)#no crypto engine accelerator
Warning! all current connections will be torn down.
Do you want to continue? [yes/no]: yes
.
Crypto accelerator in slot 0 disabled
.
switching to IPsec crypto engine
Chapter 2
Cisco 1710 Security Router Configuration
Task
Set the size of the failure history table.
be used by the crypto map for IPSec traffic
Create a crypto map entry in IPSec ISAKMP
mode, and enter crypto map configuration
mode.
Identify the remote IPSec peer.
Specify the transform set to be used.
Specify use of the perfect forward secrecy
(pfs) option in IPSec. The variation group1 is
default.
Specify an extended access list for the crypto
map entry.
Exit crypto map configuration mode.
78-12696-01
- Quick Links:
- Using Commands
Hide quick links:
Advertisement
Table of Contents
