
3-11
CiscouBR924 Software Configuration Guide
OL-0337-05 (8/2002)
Chapter3 Advanced Data-Only Configurations
IPSec (56-bit) Example
 load-interval 30
!
interface cable-modem0
 ip nat outside
 load-interval 30
 no cable-modem compliant bridge
 cable-modem dhcp-proxy nat nat-pool
!
ip nat pool nat-pool 10.15.0.10 10.15.0.10 netmask 255.255.0.0
When you copy this configuration file to the TFTP server, modify this portion of t he configuration file 
to add the no bridge-group commands under each interface and to remove the ip nat pool command:
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 load-interval 30
 no bridge-group 59
 no bridge-group 59 spanning-disabled
!
interface cable-modem0
 ip nat outside
 load-interval 30
 no cable-modem compliant bridge
 cable-modem dhcp-proxy nat nat-pool
 no bridge-group 59
 no bridge-group 59 spanning-disabled
!
Note Be sure to remove the ip nat pool command.
IPSec (56-bit) ExampleIPSec encryption provides end-to-end encryption of IP traffic across unprotected  public networks such 
as the Internet. To use IPSec, the CiscouBR924 cable access router must meet the following 
prerequisites:
•The Cisco uBR924 router must be using a Cis co IOS Release 12.0(5)T or higher image that supports 
the IPSec feature set.
•The Cisco uBR924 router must be configured for routing mode. 
•The Cisco uBR924 router and endpoint must both support IPSec encryption and be configured for 
the same encryption policy. (The endpoint is typically an IPSec gateway such as a  peer router, 
PIX firewall, or other device that can be configured for IPSec.) 
Note Images that support encryption are subject to United States government export controls an d have limited 
distribution. Strong encryption images to be installed outside the  United States may require an export 
license. Contact your sales representative or distributor for more informati on, or send an e-mail to 
export@cisco.com. 
Note Cisco IOS Release 12.1(5)T, 12.2(2), or greater is required to support GRE IP tunnels.