Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Contents
SC-20
Cisco IOS XR System Security Configuration Guide
Contents
• Prerequisites, page SC-20
• Information About Implementing IKE Security Protocol Configurations for IPSec Networks,
page SC-20
• Information About IKE for the Cisco IPSec VPN SPA on Cisco IOS XR Software, page SC-32
• How to Implement IKE Security Protocol Configurations for IPSec Networks, page SC-32
• How to Implement IKE for Locally Sourced and Destined Traffic, page SC-58
• How to Implement IKE for Cisco IPSec VPN SPAs on Cisco IOS XR Software, page SC-62
• Configuration Examples for Implementing IKE Security Protocol, page SC-68
• Additional References, page SC-73
Prerequisites
The following prerequisites are required to implement Internet Key Exchange:
• You must be in a user group associated with a task group that includes the proper task IDs for
security commands. For detailed information about user groups and task IDs, see the Configuring
AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security
Configuration Guide.
• You must install and activate the package installation envelope (PIE) for the security software.
For detailed information about optional PIE installation, see the Cisco IOS XR System Management
Guide.
Information About Implementing IKE Security Protocol
Configurations for IPSec Networks
To implement IKE, you should understand the following concepts:
• Supported Standards, page SC-21
• Concessions for Not Enabling IKE, page SC-22
• IKE Policies, page SC-22
• ISAKMP Identity, page SC-26
• ISAKMP Profile Overview, page SC-26
• Mask Preshared Keys, page SC-27
• Preshared Keys Using a AAA Server, page SC-27
• Internet Key Exchange Mode Configuration, page SC-28
• Banner, Auto-Update, and Browser-Proxy, page SC-29
• Pushing a Configuration URL Through a Mode-Configuration Exchange, page SC-29
• Internet Key Exchange Extended Authentication, page SC-30
To Next Page
Loading...
Need help?
General
