[c-nsp] IPsec on IOS-XR?

Ted Johansson ted.johansson at tele2.com
Wed Oct 26 08:59:04 EDT 2016 

You will need to buy the VSM or the ISM line card if you wish to do IPsec on ASR9K.

Best Regards
Ted

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Hank Nussbacher
Sent: den 26 oktober 2016 14:57
To: Curtis Piehler <cpiehler2 at gmail.com>
Cc: Cisco Network Service Providers <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] IPsec on IOS-XR?

On 26/10/2016 15:26, Curtis Piehler wrote:

I have ASR1000s.  But I need it on an ASR9000. :-(

-Hank

> You are better off buying an ASR1000.   They are designed to do ipsec
> at near line rate
>
>
> On Oct 26, 2016 8:13 AM, "Hank Nussbacher" <hank at efes.iucc.ac.il
> <mailto:hank at efes.iucc.ac.il>> wrote:
>
>     I am following the IPsec example here:
>     http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/9221-quicktip.html
>     <http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/9221-quicktip.html>
>     and have managed to alter the syntax to fit with IOS-XR but when I get
>     to crypto map commands:
>
>     *crypto map myvpn 10 ipsec-isakmp set peer 192.168.2.2 set
>     transform-set
>     to_fred match address 101 *
>
>     I cannot find any comparable command syntax in IOS-XR:
>     RP/0/RSP0/CPU0:petach-tikva-gp(config)#crypto map VPN 15 gdoi
>     ?
>       fail-close  Specify a fail-close ACL.
>       interface   Enable crypto map on an interface
>       ipsec-node  Set the ipsec node on this crypto map
>       match       Match values.
>       set         Set values
>
>     What am I missing?
>
>     Thanks,
>     Hank
>     _______________________________________________
>     cisco-nsp mailing list  cisco-nsp at puck.nether.net
>     <mailto:cisco-nsp at puck.nether.net>
>     https://puck.nether.net/mailman/listinfo/cisco-nsp
>     <https://puck.nether.net/mailman/listinfo/cisco-nsp>
>     archive at http://puck.nether.net/pipermail/cisco-nsp/
>     <http://puck.nether.net/pipermail/cisco-nsp/>
>
>

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

******** IMPORTANT NOTICE ********
The content of this e-mail is intended for the addressee(s) only and may contain information that is confidential and/or otherwise protected from disclosure. If you are not the intended recipient, please note that any copying, distribution or any other use or dissemination of the information contained in this e-mail (and its attachments) is strictly prohibited. If you have received this e-mail in error, kindly notify the sender immediately by replying to this e-mail and delete the e-mail and any copies thereof.

Tele2 AB (publ) and its subsidiaries (“Tele2 Group”) accepts no responsibility for the consequences of any viruses, corruption or other interference transmitted by e-mail.

More information about the cisco-nsp mailing list