Table of Contents
Advertisement
Defining User Reauthentication Protocol Values
The extended-authentication command specifies the extended user authentication
protocol for use during the extended user authentication protocol exchange.
The re-authenticate keyword enables the reauthentication option (a subsequent
authentication procedure). When this option is enabled, rekeying of IKE SAs uses
the initial authentication protocol to reauthenticate the user. When this option is
disabled, authentication is only performed at the first IKE SA establishment.
Subsequent IKE SAs rekey operations inherit the initial authentication and do not
reauthenticate users.
NOTE: For maximum security, enable reauthentication.
The skip-peer-config keyword disables the router from configuring peer IP
characteristics.
extended-authentication
Use to specify the IPSec lifetime parameters used on IPSec SA lifetime
negotiations.
Example
host1(config-ipsec-tunnel-profile)#lifetime seconds 5000 25000
Use the no version to return the lifetime to its default value, 28800 seconds (8
hours) and no traffic volume limit.
See lifetime.
Use to specify the extended user authentication protocol for use during the
extended user authentication protocol exchange. This command can also enable
or disable the reauthentication option (a subsequent authentication procedure).
The re-authenticate keyword enables the reauthentication option (a subsequent
authentication procedure).
The skip-peer-config keyword disables the router from configuring peer IP
characteristics.
Example
host1(config-ipsec-tunnel-profile)#extended-authentication chap
Use the no version to reset the extended authentication to the default protocol,
pap.
See extended-authentication.
Chapter 6: Configuring Dynamic IPSec Subscribers
Configuring IPSec Tunnel Profiles
187
Advertisement
Table of Contents
