Cisco ISR 4000 series User Manual

Switch(config-applet)#end

See https://supportforums.cisco.com/community/netpro/network-infrastructure/eem for more

information on EEM scripting.

peer within a trusted facility, and the records are tunneled over the public network.

For deployments where the syslog server is able to operate as an IPsec peer of the TOE, the IPsec

tunnel will protect events as they are sent to the server. When an audit event is generated, it is

simultaneously sent to both the external server and the local store. Examples of products that can

be installed on a syslog server to allow it to be an IPsec peer include the Racoon tool that is part

of the IPsec Tools on many Linux systems, strongSwan, Openswan, and FreeS/WAN.

Following are sample instructions to configure the TOE to support an IPsec tunnel with aes

encryption, with 10.10.10.101 as the IPsec peer IP on the syslog server, 10.10.10.110 and 30.0.0.1

as the local TOE IPs, and the syslog server running on 40.0.0.1 (a separate interface on the syslog

server).

TOE-common-criteria#configure terminal

TOE-common-criteria(config-isakmp)#authentication pre-share

TOE-common-criteria(config-isakmp)#group 14

address 40.0.0.1

TOE-common-criteria(config)#crypto ipsec transform-set sampleset esp-aes esp-sha-

hmac

TOE-common-criteria(cfg-crypto-trans)#mode tunnel

TOE-common-criteria(config)#crypto map sample 19 ipsec-isakmp

TOE-common-criteria(config-crypto-map)#set peer 10.10.10.101

TOE-common-criteria(config-crypto-map)#set transform-set sampleset

TOE-common-criteria(config-crypto-map)#set pfs group14

TOE-common-criteria(config-crypto-map)#match address 170