Interface VPN Commands
14-122 Configuring the VPN
crypto ezipsec
ThiscommandcreatesasuiteofIPSecpolicies,sortedbycryptograp hicstrength,thatareoffered
totheremotesecuritygateway.Thegatewayselectsoneofthesepoliciesbasedonitslocal
configuration.EZ‐IPSecreliesupontheIKEModeConfigurationprotocoltoobtainan IPaddress
fromtheremotesecuritygateway.
AnEZ‐IPSeccryptomapisalsocreatedandattachedtotheinterfaceunderconfiguration.Referto
theXSRUser’sGuideforspecificexamplesandhow
crypto ezipsecisusedwithRIPandNAT.
Beawareofthefollowingrulesgoverningthiscommand:
•
Crypto ezipsecmaynotbeenabledonaninterfacethatalreadyhasacryptomap.
•Cryptomapsmaybeattachedtoothernetworkinterfaces.
•EZ‐IPSecparameterscannotbechangedbutcanbesupplementedwithcustomvalues.
Syntax
crypto ezipsec
Syntax of the “no” Form
no crypto ezipsec
Default
Disabled
Mode
Interfaceconfiguration:XSR(config-if<xx>)#
Example
ThefollowingexampleconfiguresEZ‐IPSeconSerialinterface 1:
XSR(config-if<S1/0>)#crypto ezipsec
Interface VPN Commands
interface vpn
ThiscommandacquiresvirtualInterfaceVPNconfigurationmodefromwhichyoucanconfigure
thefollowingsub‐commands:
•
copy-tos‐CopiesTOSbitsduringtheencapsulation/decapsulationprocess.Referto
page14‐124forthecommanddefinition.
•
description -DescribestheVPNinterface.Refertopage14‐125forthecommand
definition.
•
ip address negotiated - Requiresasite‐to‐sitetunneltoobtainanIPaddressfromthe
remotetunnelgatewayviaPPPorIKEModeConfig.Refertopage14‐126forthecommand
definition.