Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-119
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Limiting an IKE Peer to Use a Specific Policy Set
This task describes how to configure IKE to limit the policies it matches with the remote VPN peer to
those restricted by the IPSec hub. To restrict the IKE peer to a policy set on a the IPSec hub, the client
must negotiate the IP address of the SVI tunnel source (match identity local-address command).
Note A policy set may contain up to five IKE policies.
You may create as many policies as needed to add additional encryption methods to be prioritized for
matching.
To limit an IKE peer to use a specific policy set, you must also configure the policy set or sets. See
Configuring IKE Policies, page 117.
SUMMARY STEPS
1. configure
2. crypto isakmp policy-set policy-name
3. policy policy number
Step 8
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-isakmp)# end
or
RP/0/RP0/CPU0:router(config-isakmp)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
–
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
–
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Step 9
show crypto isakmp policy
Example:
RP/0/RP0/CPU0:router# show crypto isakmp policy
(Optional) Displays all existing IKE policies.
Command or Action Purpose
To Next Page
Loading...
Need help?
General
