Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-134
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto keyring keyring-name [vrf fvrf-name]
Example:
RP/0/RP0/CPU0:router(config)# crypto keyring vpnkey
Defines a crypto keyring to be used during IKE
authentication.
• Use the keyring-name argument as the name of
the crypto keyring.
• Use the vrf keyword to specify that the front
door virtual routing and forwarding (FVRF)
name is the keyring that is referenced. The
fvrf-name argument must match the FVRF name
that was defined during a (VRF) configuration.
Step 3
description string
Example:
RP/0/RP0/CPU0:router(config-keyring# description
this is a sample keyring
Creates a one-line description for a keyring.
• Use the string argument to specify the character
string that describes the keyring.
Step 4
local-address ip-address
Example:
RP/0/RP0/CPU0:router(config-keyring)# local-address
130.40.1.1
Limits the scope of an ISAKMP keyring
configuration to a local termination address or
interface.
• Use the ip-address argument to specify the IP
address to which to bind.
Step 5
pre-shared-key {address address [mask] | hostname
hostname} key key
Example:
RP/0/RP0/CPU0:router(config-keyring)# pre-shared-key
address 10.72.23.11 key vpnkey
Defines a preshared key to be used for IKE
authentication.
• Use the address keyword to specify the IP
address of the remote peer or a subnet and mask.
The mask argument is optional.
• Use the hostname keyword to specify the fully
qualified domain name (FQDN) of the peer.
• Use the key keyword to specify the secret.
To Next Page
Loading...
Need help?
General
