Table of Contents
Advertisement
Internet Key Exchange (IKE)
Lifetime
IKE Pre-shared Keys
Icon
Peer IP/Name
Network Mask
Pre-Shared Key
Cisco Router and Security Device Manager 2.5 User's Guide
18-6
This is the lifetime of the security association, in hours, minutes and seconds. The
default is one day, or 24:00:00.
This window allows you to view, add, edit, and remove IKE pre-shared keys in the
router's configuration. A pre-shared key is exchanged with a remote peer during
IKE negotiation. Both peers must be configured with the same key.
If a pre-shared key is read-only, the read-only icon appears in this
column. A pre-shared key will be marked as read-only if it is
configured with the no-xauth CLI option
An IP address or name of a peer with whom this key is shared. If an IP address is
supplied, it can specify all peers in a network or subnetwork, or just an individual
host. If a name is specified, then the key is shared by only the named peer.
The
network mask
specifies how much of the peer IP address is used for the
network address and how much is used for the host address. A network mask of
255.255.255.255 indicates that the peer IP address is an address for a specific
host. A network mask containing zeros in the least significant bytes indicates that
the peer IP address is a network or subnet address. For example a network mask
of 255.255.248.0 indicates that the first 22 bits of the address are used for the
network address and that the last 10 bits are for the host part of the address.
The pre-shared key is not readable in Cisco SDM windows. If you need to
examine the pre shared key, go to View->Running Config. This will display the
running configuration. The key is contained in the crypto isakmp key command.
Chapter 18
Internet Key Exchange
OL-4015-12
Advertisement
Table of Contents
Troubleshooting
