How to Implement General IPSec Configurations for IPSec Networks
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Step 2
crypto ipsec profile name
Example:
RP/0/0/CPU0:router(config)# crypto ipsec profile
myprofile
Step 3
set security-association replay disable
Example:
RP/0/0/CPU0:router(config-myprofile)# set
security-association replay disable
Step 4
end
or
commit
Example:
RP/0/0/CPU0:router(config-myprofile)# end
or
RP/0/0/CPU0:router(config-myprofile)# commit
Configuring IPSec NAT Transparency
Network Address Translator (NAT) is automatically detected by the Cisco IPSec VPN SPA. If both VPN
devices are NAT-T capable, NAT Transparency is automatically detected and automatically negotiated.
No configuration steps are needed to enable IPSec NAT transparency.
Cisco IOS XR System Security Configuration Guide
SC-118
Implementing IPSec Network Security on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Creates or modifies a crypto profile entry and enters
profile configuration mode.
•
Use the name argument to specify the name of
an IPSec profile. The maximum length is 32
characters.
Disables replay checking for a particular crypto
profile.
Saves configuration changes.
•
When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to
the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session
–
and returns the router to EXEC mode
without committing the configuration
changes.
–
Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
Use the commit command to save the
•
configuration changes to the running
configuration file and remain within the
configuration session.