Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Additional References
SC-150
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
10.0.0.0/16 10.0.83.1
crypto isakmp
crypto isakmp policy 60
authentication pre-share
hash sha
group 5
encryption aes
lifetime 86400
!
crypto keyring kr11 vrf FVRF
pre-shared-key address 10.0.91.2 255.255.255.255 key key-vrf
pre-shared-key address 10.0.92.2 255.255.255.255 key key-vrf
pre-shared-key address 10.0.93.2 255.255.255.255 key key-vrf
!
crypto keyring kr12 vrf FVRF
local-address 10.20.100.16
pre-shared-key address 0.0.0.0 0.0.0.0 key key16
!
crypto isakmp profile isakmp-prof6
keyring kr11
match identity address 10.0.91.2/32 vrf FVRF
set interface service-ipsec15
match identity address 10.0.92.2/32 vrf FVRF
set interface service-ipsec15
match identity address 10.0.93.2/32 vrf FVRF
set interface service-ipsec15
!
!
crypto isakmp profile isakmp-prof7
keyring kr12
match identity address 10.0.85.2/32 vrf FVRF
set interface service-ipsec16
Note VRF-aware is supported only on the Cisco XR 12000 Series Router.
Additional References
The following sections provide references related to implementing the IKE security protocol.
Related Documents
Related Topic Document Title
IKE security protocol commands: complete
command syntax, command modes, command
history, defaults, usage guidelines, and examples
Cisco IOS XR System Security Command Reference
IPSec-related object tracking commands:
complete command syntax, command modes,
command history, defaults, usage guidelines, and
examples
Cisco IOS XR System Management Command Reference
To Next Page
Loading...
Need help?
General
