Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE for Locally Sourced and Destined Traffic
SC-59
Cisco IOS XR System Security Configuration Guide
SUMMARY STEPS
1. configure
2. crypto isakmp profile [local] profile-name
3. description string
4. keepalive disable
5. self-identity {address | fqdn | user-fqdn user-fqdn}
6. keyring keyring-name
7. match identity {group group-name | address address [mask] vrf [fvrf] | host hostname | host
domain domain-name | user username | user domain domain-name}
8. set interface tunnel-ipsec intf-index
9. set ipsec-profile profile-name
10. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto isakmp profile [local]
profile-name
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp profile
local vpnprofile
RP/0/RP0/CPU0:router(config-isa-prof)#
Defines an ISAKMP profile and audits IPSec user
sessions.
• (Optional) Use the local keyword to specify that
the profile is used for locally sourced or
terminated traffic.
Note The local keyword is specific only to the
Cisco IPSec VPN SPA.
• Use the profile-name argument to specify the
name of the user profile.
Step 3
description
string
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# description
this is a sample profile
Creates a description for a keyring.
• Use the string argument to specify the character
string that describes the keyring.
Step 4
keepalive disable
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# keepalive
disable
Lets the gateway send DPD messages to the
Cisco IOS XR peer.
• Use the disable keyword to disable the
keepalive global declarations.
To Next Page
Loading...
