Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 154

Configuration Examples for Implementing IKE Security Protocol
self-identity address
client authentication list banana
match identity group grp1
set interface service-ipsec1000
!
isakmp authorization list banana
!
crypto ipsec transform-set ATT
transform esp-3des esp-sha-hmac
!
crypto ipsec profile vrf1000-prof-ipsec
set type dynamic
match remote_list transform-set ATT
reverse-route
!
end
Cisco Easy VPN is supported only on the Cisco XR 12000 Series Router.
Note
Configuring a Local ISAKMP Profile for Preshared Keys in ISAKMP Keyrings:
Example
The following example shows how to configure a local ISAKMP profile:
interface tunnel-ipsec3001
ipv4 unnumbered GigabitEthernet0/0/1/1.3001
profile TUNNEL_IPSEC
tunnel source GigabitEthernet0/0/1/1.3001
tunnel destination 1.1.1.6
!
crypto ipsec profile TUNNEL_IPSEC
set type static
match TUNNEL_IPSEC transform-set TRANSFORM_SET
reverse-route
The reverse-route command is not supported on the Cisco CRS-1 Router, and it can be omitted.
Note
!
crypto keyring TUNNEL_IPSEC vrf default
local-address 1.1.1.5
pre-shared-key address 1.1.1.6 255.255.255.255 key cisco123
pre-shared-key address 20.0.7.210 255.255.255.255 key cisco123
crypto isakmp profile local TUNNEL_IPSEC
keyring TUNNEL_IPSEC
match identity address 1.1.1.6/32 vrf default
set interface tunnel-ipsec3001
!
Configuring VRF-Aware: Example
The following example shows how to configure VRF-aware:
ipv4 access-list acl-2_5-1
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-148
10 permit ipv4 any any
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
OL-20382-01