Table of Contents
Advertisement
Specifying an IP Profile for IP Interface Instantiations
The ip profile command specifies the IP profile that is passed from the IPSec layer
to the IP layer upon request for upper layer instantiation.
ip profile
Defining the Server IP Address
The local ip address command defines the specified local IP address as the server
address. The router monitors UDP port 500 for incoming login requests (that is, IKE
SA negotiations) from users.
NOTE: This address is typically made public to all users trying to connect to a VPN
on this router.
This command enables you to optionally set a global preshared key for the specified
server address. When using global preshared keys, keep the following in mind:
Use to override the peer identity (phase 2 identity) used for IPSec security
association negotiations. For IPSec negotiations to succeed, the local and peer
identities at one end of the tunnel must match the peer and local identities at
the other end (respectively).
Example
host1(config-ipsec-tunnel-profile)#peer ip identity address 10.227.1.2
Use the no version to restore the default value, the internal IP address allocated
for the subscriber.
See peer ip identity.
Use to specify the IP profile that the IPSec layer passes on to the IP layer upon
request for upper-layer instantiation.
Example
host1(config-ipsec-tunnel-profile)#ip profile ipProfile1
Use the no version to remove the association with this profile.
See ip profile.
Global preshared keys enable a group of users to share a single authentication
key, simplifying the administrative job of setting up keys for multiple users.
Specific keys for individual users have higher priority than global keys. If both
individual and global keys are configured, the individual that also has a specific
key must use that key or authentication fails.
Chapter 6: Configuring Dynamic IPSec Subscribers
Configuring IPSec Tunnel Profiles
185
Advertisement
Table of Contents
