[c-nsp] IPsec on IOS-XR?
Hank Nussbacher
hank at efes.iucc.ac.il
Wed Oct 26 08:57:24 EDT 2016
On 26/10/2016 15:26, Curtis Piehler wrote:
I have ASR1000s. But I need it on an ASR9000. :-(
-Hank
> You are better off buying an ASR1000. They are designed to do ipsec
> at near line rate
>
>
> On Oct 26, 2016 8:13 AM, "Hank Nussbacher" <hank at efes.iucc.ac.il
> <mailto:hank at efes.iucc.ac.il>> wrote:
>
> I am following the IPsec example here:
> http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/9221-quicktip.html
> <http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/9221-quicktip.html>
> and have managed to alter the syntax to fit with IOS-XR but when I get
> to crypto map commands:
>
> *crypto map myvpn 10 ipsec-isakmp set peer 192.168.2.2 set
> transform-set
> to_fred match address 101 *
>
> I cannot find any comparable command syntax in IOS-XR:
> RP/0/RSP0/CPU0:petach-tikva-gp(config)#crypto map VPN 15 gdoi
> ?
> fail-close Specify a fail-close ACL.
> interface Enable crypto map on an interface
> ipsec-node Set the ipsec node on this crypto map
> match Match values.
> set Set values
>
> What am I missing?
>
> Thanks,
> Hank
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> <mailto:cisco-nsp at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> <https://puck.nether.net/mailman/listinfo/cisco-nsp>
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> <http://puck.nether.net/pipermail/cisco-nsp/>
>
>
More information about the cisco-nsp
mailing list