Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-55
Cisco IOS XR System Security Configuration Guide
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto keyring
keyring-name
[vrf
fvrf-name
]
Example:
RP/0/RP0/CPU0:router(config)# crypto keyring vpnkey
Defines a crypto keyring to be used during IKE
authentication.
• Use the keyring-name argument as the name of
the crypto keyring.
• Use the vrf keyword to specify that the front
door virtual routing and forwarding (FVRF)
name is the keyring that is referenced. The
fvrf-name argument must match the FVRF name
that was defined during a (VRF) configuration.
Step 3
description
string
Example:
RP/0/RP0/CPU0:router(config-keyring# description
this is a sample keyring
Creates a one-line description for a keyring.
• Use the string argument to specify the character
string that describes the keyring.
Step 4
local-address
ip-address
Example:
RP/0/RP0/CPU0:router(config-keyring)# local-address
130.40.1.1
Limits the scope of an ISAKMP keyring
configuration to a local termination address or
interface.
• Use the ip-address argument to specify the IP
address to which to bind.
Step 5
pre-shared-key {address
address
[
mask
] | hostname
hostname
} key
key
Example:
RP/0/RP0/CPU0:router(config-keyring)# pre-shared-key
address 10.72.23.11 key vpnkey
Defines a preshared key to be used for IKE
authentication.
• Use the address keyword to specify the IP
address of the remote peer or a subnet and mask.
The mask argument is optional.
• Use the hostname keyword to specify the fully
qualified domain name (FQDN) of the peer.
• Use the key keyword to specify the secret.
To Next Page
Loading...
Need help?
General
