Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-128
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Configuring ISAKMP Preshared Keys in ISAKMP Keyrings
This task configures ISAKMP preshared keys in ISAKMP keyrings.
Prerequisites
To configure ISAKMP preshared keys in ISAKMP keyrings, perform these tasks at each peer that uses
preshared keys in an IKE policy:
• Set the ISAKMP identity of each peer. Each peer’s identity should be set either to its hostname or
by its IP address. By default, a peer’s identity is set to its IP address. Setting ISAKMP identities is
described in the
“Configuring ISAKMP Identity” section on page 122.
• Specify the shared keys at each peer. Note that a given preshared key is shared between two peers.
At a given peer you could specify the same key to share with multiple remote peers; however, a more
secure approach is to specify different keys to share between different pairs of peers.
• You must specify the support for masked preshared keys. Remember to repeat these tasks at each
peer that uses preshared keys in an IKE policy.
SUMMARY STEPS
1. configure
2. crypto keyring keyring-name [vrf fvrf-name]
3. pre-shared-key {address address [mask] | hostname hostname} key key
4. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto keyring keyring-name [vrf fvrf-name]
Example:
RP/0/RP0/CPU0:router(config)# crypto keyring
vpnkeyring
RP/0/RP0/CPU0:router(config-keyring)#
Defines a crypto keyring during IKE authentication.
• Use the keyring-name argument to specify the name of
the crypto keyring.
• (Optional) Use the vrf keyword to specify that the front
door virtual routing and forwarding (FVRF) name is the
keyring that is referenced.
To Next Page
Loading...
Need help?
General
