Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 144

How to Configure the ISAKMP Profile
4.
5.
6.
7.
8.
9.
10.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto isakmp profile [local] profile-name
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp profile
local vpnprofile
RP/0/RP0/CPU0:router(config-isa-prof)#
Step 3
description string
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# description
this is a sample profile
Step 4
keepalive disable
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# keepalive
disable
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-138
keepalive disable
self-identity {address | fqdn | user-fqdn user-fqdn}
keyring keyring-name
match identity {group group-name | address address [mask] vrf [fvrf] | host hostname | host
domain domain-name | user username | user domain domain-name}
set interface {tunnel-ipsec intf-index | | } intf-index
set ipsec-profile profile-name
end
or
commit
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Defines an ISAKMP profile and audits IPSec user
sessions.
(Optional) Use the local keyword to specify that
•
the profile is used for locally sourced or
terminated traffic.
The local keyword is required for use of the
Note
set ipsec-profile and the set interface
tunnel-ipsec commands later in this
procedure.
• (Required) Use the profile-name argument to
specify the name of the user profile.
Creates a description for a keyring.
Use the string argument to specify the character
•
string that describes the keyring.
Lets the gateway send DPD messages to the
Cisco IOS XR peer.
• Use the disable keyword to disable the
keepalive global declarations.
OL-20382-01