Interface VPN Commands
14-122 Configuring the VPN

crypto ezipsec

ThiscommandcreatesasuiteofIPSecpolicies,sortedbycryptographicstrength,thatareoffered
totheremotesecuritygateway.Thegatewayselectsoneofthesepoliciesbasedonitslocal
configuration.EZIPSecreliesupontheIKEModeConfigurationprotocoltoobtainanIPaddress
fromtheremotesecuritygateway.
AnEZIPSeccryptomapisalsocreatedandattachedtotheinterfaceunderconfiguration.Referto
theXSRUser’sGuideforspecificexamplesandhowcrypto ezipsecisusedwithRIPandNAT.
Beawareofthefollowingrulesgoverningthiscommand:
Crypto ezipsecmaynotbeenabledonaninterfacethatalreadyhasacryptomap.
•Cryptomapsmaybeattachedtoothernetworkinterfaces.
•EZIPSecparameterscannotbechangedbutcanbesupplementedwithcustomvalues.
Syntax
crypto ezipsec
Syntax of the “no” Form
no crypto ezipsec
Default
Disabled
Mode
Interfaceconfiguration:XSR(config-if<xx>)#
Example
ThefollowingexampleconfiguresEZIPSeconSerialinterface1:
XSR(config-if<S1/0>)#crypto ezipsec

Interface VPN Commands

interface vpn

ThiscommandacquiresvirtualInterfaceVPNconfigurationmodefromwhichyoucanconfigure
thefollowingsubcommands:
copy-tos‐CopiesTOSbitsduringtheencapsulation/decapsulationprocess.Referto
page14124forthecommanddefinition.
description -DescribestheVPNinterface.Refertopage14125forthecommand
definition.
ip address negotiated - RequiresasitetositetunneltoobtainanIPaddressfromthe
remotetunnelgatewayviaPPPorIKEModeConfig.Refertopage14126forthecommand
definition.