[c-nsp] IPsec on IOS-XR?
Curtis Piehler
cpiehler2 at gmail.com
Wed Oct 26 09:00:52 EDT 2016
What Ted said :) unless you want to drop 50000 USD on 1 VSM it is more
cost effective to buy a smaller 1k for a dedicated ipsec endpoint
On Oct 26, 2016 8:57 AM, "Hank Nussbacher" <hank at efes.iucc.ac.il> wrote:
> On 26/10/2016 15:26, Curtis Piehler wrote:
>
> I have ASR1000s. But I need it on an ASR9000. :-(
>
> -Hank
>
> You are better off buying an ASR1000. They are designed to do ipsec at
> near line rate
>
> On Oct 26, 2016 8:13 AM, "Hank Nussbacher" <hank at efes.iucc.ac.il> wrote:
>
> I am following the IPsec example here:
> http://www.cisco.com/c/en/us/support/docs/ip/generic-routing
> -encapsulation-gre/9221-quicktip.html
> and have managed to alter the syntax to fit with IOS-XR but when I get
> to crypto map commands:
>
> *crypto map myvpn 10 ipsec-isakmp set peer 192.168.2.2 set transform-set
> to_fred match address 101 *
>
> I cannot find any comparable command syntax in IOS-XR:
> RP/0/RSP0/CPU0:petach-tikva-gp(config)#crypto map VPN 15 gdoi
> ?
> fail-close Specify a fail-close ACL.
> interface Enable crypto map on an interface
> ipsec-node Set the ipsec node on this crypto map
> match Match values.
> set Set values
>
> What am I missing?
>
> Thanks,
> Hank
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
More information about the cisco-nsp
mailing list