How to Implement IKE Security Protocol Configurations for IPSec Networks
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto keyring keyring-name [vrf fvrf-name]
Example:
RP/0/RP0/CPU0:router(config)# crypto keyring vpnkey
Step 3
description string
Example:
RP/0/RP0/CPU0:router(config-keyring# description
this is a sample keyring
Step 4
local-address ip-address
Example:
RP/0/RP0/CPU0:router(config-keyring)# local-address
130.40.1.1
Step 5
pre-shared-key {address address [mask] | hostname
hostname} key key
Example:
RP/0/RP0/CPU0:router(config-keyring)# pre-shared-key
address 10.72.23.11 key vpnkey
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-134
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Defines a crypto keyring to be used during IKE
authentication.
Use the keyring-name argument as the name of
•
the crypto keyring.
Use the vrf keyword to specify that the front
•
door virtual routing and forwarding (FVRF)
name is the keyring that is referenced. The
fvrf-name argument must match the FVRF name
that was defined during a (VRF) configuration.
Creates a one-line description for a keyring.
Use the string argument to specify the character
•
string that describes the keyring.
Limits the scope of an ISAKMP keyring
configuration to a local termination address or
interface.
Use the ip-address argument to specify the IP
•
address to which to bind.
Defines a preshared key to be used for IKE
authentication.
Use the address keyword to specify the IP
•
address of the remote peer or a subnet and mask.
The mask argument is optional.
Use the hostname keyword to specify the fully
•
qualified domain name (FQDN) of the peer.
Use the key keyword to specify the secret.
•
OL-20382-01