Filter
Top Products
3-13
Cisco uBR924 Software Configuration Guide
OL-0337-05 (8/2002)
Chapter 3 Advanced Data-Only Configurations
IPSec (56-bit) Example
Note To enable IPSec encryption, the peer router must also be configured for IPSec encryption, using the
identical parameters used on the Cisco uBR924 router.
Sample Configuration
The following configuration shows a typical IPSec configuration with the following parameters:
• The IKE policy is defined as policy priority 1 with the following parameters:
Step 10
uBR924(config)# crypto isakmp identity hostname Sets the ISAKMP identity of the router to its host
name concatenated with the domain name (for
example, ubr924.cisco.com).
Step 11
uBR924(config)# crypto ipsec transform-set
transform-set-name transform1 transform2 transform3
Establishes the transform set to be used for IPSec
encryption. Up to three transformations can be
specified for a set, such as ah-md5-hmac esp-des
esp-md5-hmac.
Step 12
uBR924(config)# crypto map crypto-map-name
local-address cable-modem0
Creates the specified crypto map and applies it to the
cable interface.
Step 13
uBR924(config)# crypto map crypto-map-name 10
ipsec-isakmp
Creates a crypto map numbered 10 and enters the
crypto map configuration mode.
Step 14
uBR924(config-crypto)# set peer ip-address Identifies the IP address for the destination peer
router.
Step 15
uBR924(config-crypto)# set transform-set
transform-set-name
Sets the crypto map to use the transform set created
previously.
Step 16
uBR924(config-crypto)# match address access-list-number Sets the crypto map to use the access list that will
specify the type of traffic to be encrypted.
Note Access lists 100 and 101 cannot be used
because they are reserved for DOCSIS use.
Step 17
uBR924(config-crypto)# exit Exits crypto map configuration mode.
Step 18
uBR924(config)# int c 0 Enters interface configuration mode for the cable
interface.
Step 19
uBR924 (config-if)# crypto map crypto-map-name Applies the crypto map created above to the cable
interface.
Step 20
uBR924 (config-if)# access-list access-list-number permit
ip host ubr924-ip-address peer-ip-address filter-mask
Creates an access list to identify the traffic that will
be encrypted. (This should match the access list
created above.)
Step 21
uBR924(config-if)# Ctrl-z Return to privileged EXEC mode.
Step 22
uBR924# copy running-config startup-config
Building configuration...
Save the configuration to nonvolatile memory so
that it will not be lost in the event of a reset, power
cycle, or power outage.
Step 23
uBR924# show startup-config Display the configuration file that was just created.
Command Purpose