Tunnel-Ipsec: Example - Cisco 6000 Series Configuration Manual

Tunnel-IPSec: Example

Tunnel-IPSec: Example
This example shows the process of creating and applying a profile to an IPSec tunnel. The necessary preliminary
steps are also shown. You must first define a transform set and then create a profile before configuring the
IPSec tunnel.
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# crypto ipsec transform-set
tset1
RP/0/RP0/CPU0:router(configtransform-set tset1)# transform esp-sha-hmac
RP/0/RP0/CPU0:router(config-transform-set tset1)# end
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: yes
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# crypto ipsec profile user1
RP/0/RP0/CPU0:router(config-user1)# match sampleac1 transform-set tset1
RP/0/RP0/CPU0:router(config-user1)# set pfs group5
RP/0/RP0/CPU0:router(config-user1)# set type dynamic
RP/0/RP0/CPU0:router(config-user1)# exit
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# interface tunnel-ipsec 30
RP/0/RP0/CPU0:router(config-if)# profile user1
RP/0/RP0/CPU0:router(config-if)# tunnel source MgmtEth 0/RP0/CPU0/0
RP/0/RP0/CPU0:router(config-if)# tunnel destination 192.168.164.19
RP/0/RP0/CPU0:router(config-if)# end
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: yes
Where to Go Next
You now must apply a crypto profile to each transport. Applying the crypto profile set to a transport instructs
the router to evaluate all the interface's traffic against the crypto profile set and to use the specified policy
during connection or security association negotiation on behalf of traffic to be protected by crypto.
For information on applying a crypto profile to each transport, see the Implementing IPSec Network Security
on module of System Security Configuration Guide .
Interface and Hardware Component Configuration Guide for Cisco NCS 6000 Series Routers, IOS XR Release 6.4.x
128
Configuring Tunnel Interfaces