Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Configure the ISAKMP Profile
SC-140
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Step 7
match identity {group group-name | address address
[mask] vrf [fvrf] | host hostname | host domain
domain-name | user username | user domain
domain-name}
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# match
identity group vpngroup
RP/0/RP0/CPU0:router(config-isa-prof-match)#
Matches the identity from a peer in an ISAKMP
profile.
• Use the group keyword to specify a Unity group
that matches identification (ID) type
ID_KEY_ID. If RSA signatures are used, the
group-name argument matches the
organizational unit (OU) field of the
distinguished name (DN).
• Use the address keyword to match the address
argument with the ID type ID_IPV4_ADDR.
• Use the mask argument to specify a range of
addresses.
• Use the vrf keyword to specify the front door
VPN routing and forwarding (VRF) of the peer.
• Use the fvrf argument to match the address in
the front door virtual router forwarding (FVRF)
Virtual Private Network (VPN) space.
• Use the host keyword to specify an identity that
matches the type ID_FQDN, whose fully
qualified domain name (FQDN) ends with the
domain name.
• Use the host domain keyword to specify an
identity that matches type ID_FQDN. The
domain name is the same as the domain-name
argument.
• Use the user keyword to specify an identity that
matches the FQDN.
• Use the user domain keyword to specify an
identity that matches the type
ID_USER_FQDN. When the user domain
keyword is present, all users having identities of
the type ID_USER_FQDN and ending with
domain-name are matched.
Command or Action Purpose
To Next Page
Loading...
Need help?
General
