Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-121
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
For an example, see Limiting an IKE Peer to a Particular Policy Set Based on Local IP Address:
Example, page 145.
Manually Configuring RSA Keys
Manually configure RSA keys when you specify RSA encrypted nonces as the authentication method in
an IKE policy and you are not using a CA.
To manually configure RSA keys, perform these tasks at each IPSec peer that uses RSA encrypted
nonces in an IKE policy:
• Generating RSA Keys, page 122
• Configuring ISAKMP Identity, page 122
• Configuring RSA Public Keys of All the Other Peers, page 123
• Importing a Public Key for RSA based User Authentication, page 125
• Deleting an RSA Public Key from the Router, page 126
Step 6
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-isakmp-pol-set)# end
or
RP/0/RP0/CPU0:router(config-isakmp-pol-set)# commit
Saves configuration changes.
• When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting (yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to
the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
–
Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
–
Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
• Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
Step 7
exit
Example:
RP/0/0/CPU0:router(config-isakmp-pol-set)# exit
RP/0/0/CPU0:router(config)#
Exits the crypto ISAKMP policy- set configuration
mode.
Command or Action Purpose
To Next Page
Loading...
Need help?
General
