3-13
CiscouBR924 Software Configuration Guide
OL-0337-05 (8/2002)
Chapter3 Advanced Data-Only Configurations
IPSec (56-bit) Example
Note To enable IPSec encryption, the peer router must also be configured for IPSec encryption, using the
identical parameters used on the CiscouBR924 router.
Sample ConfigurationThe following configuration shows a typical IPSec configuration with the following parameters:
•The IKE policy is defined as policy priority 1 with the following parameters:
Step10 uBR924(config)# crypto isakmp identity hostname Sets the ISAKMP identity of the router to its host
name concatenated with the domain name (for
example, ubr924.cisco.com).
Step11 uBR924(config)# crypto ipsec transform-set
transform-set-name transform1 transform2 transform3
Establishes the transform set to be used for IPSec
encryption. Up to three transformations can be
specified for a set, such as ah-md5-hmac esp-des
esp-md5-hmac.
Step12 uBR924(config)# crypto map crypto-map-name
local-address cable-modem0
Creates the specified crypto map and applies it to the
cable interface.
Step13 uBR924(config)# crypto map crypto-map-name 10
ipsec-isakmp
Creates a crypto map numbered 10 and enters the
crypto map configuration mode.
Step14 uBR924(config-crypto)# set peer ip-address Identifies the IP address for the destination peer
router.
Step15 uBR924(config-crypto)# set transform-set
transform-set-name
Sets the crypto map to use the transform set created
previously.
Step16 uBR924(config-crypto)# match address access-list-number Sets the crypto map to use the access list that will
specify the type of traffic to be encrypted.
Note Access lists 100 and 101 cannot be used
because they are reserved for DOCSIS use.
Step17 uBR924(config-crypto)# exit Exits crypto map configuration mode.
Step18 uBR924(config)# int c 0 Enters interface configuration mode for the cable
interface.
Step19 uBR924 (config-if)# crypto map crypto-map-name Applies the crypto map created above to the cable
interface.
Step20 uBR924 (config-if)# access-list access-list-number permit
ip host ubr924-ip-address peer-ip-address filter-mask
Creates an access list to identify the traffic that will
be encrypted. (This should match the access list
created above.)
Step21 uBR924(config-if)# Ctrl-z Return to privileged EXEC mode.
Step22 uBR924# copy running-config startup-config
Building configuration...
Save the configuration to nonvolatile memory so
that it will not be lost in the event of a reset, power
cycle, or power outage.
Step23 uBR924# show startup-config Display the configuration file that was just created.
Command Purpose