Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-54
Cisco IOS XR System Security Configuration Guide
Configuring Crypto Keyrings
A crypto keyring is a repository of preshared and Rivest, Shamir, and Adelman (RSA) public keys. The
router can have zero or more keyrings. Each keyring optionally allows the specification of a VRF in
which the keys defined in the keyring belong.
This task configures crypto keyrings.
Crypto Keyrings Configuration Guidelines and Restrictions
Follow these guidelines and restrictions when configuring crypto keyrings:
• The VRF associated with a crypto keyring cannot be changed. A different keyring must be
configured with the new VRF value.
• Address overlapping in a keyring is not allowed and must be enforced during configuration.
• A crypto keyring is attached to one or more ISAKMP profiles and cannot be deleted while in use.
SUMMARY STEPS
1. configure
2. crypto keyring keyring-name [vrf fvrf-name]
3. description string
4. local-address ip-address
5. pre-shared-key {address address [mask] | hostname hostname} key key
6. rsa-pubkey {address address | name fqdn} [encryption | signature]
7. key-string key-string
8. quit
9. end
or
commit
To Next Page
Loading...
