Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
3.
4.
5.
6.
7.
8.
9.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto isakmp profile [local] profile-name
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp profile
vpnprofile
RP/0/RP0/CPU0:router(config-isa-prof)#
Step 3
description string
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# description
this is a sample profile
Step 4
keepalive disable
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# keepalive
disable
description string
keepalive disable
self-identity {address | fqdn | user-fqdn user-fqdn}
keyring keyring-name
match identity {group group-name | address address [mask] vrf [fvrf] | host hostname | host
domain domain-name | user username | user domain domain-name}
set interface {service-ipsec | service-gre} intf-index
end
or
commit
How to Implement IKE for Cisco IPSec VPN SPAs on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Defines an ISAKMP profile and audits IPSec user
sessions.
•
(Optional) Use the local keyword to specify that
the profile is used for locally sourced or
terminated traffic.
The local keyword is specific only to the
Note
Cisco IPSec VPN SPA.
Use the profile-name argument to specify the
•
name of the user profile.
Creates a description for a keyring.
•
Use the string argument to specify the character
string that describes the keyring.
Lets the gateway send DPD messages to the
Cisco IOS XR peer.
Use the disable keyword to disable the
•
keepalive global declarations.
Cisco IOS XR System Security Configuration Guide
SC-65