How To Implement Ike Security Protocol Configurations For Ipsec Networks - Cisco CRS-1 - Carrier Routing System Router Configuration Manual

How to Implement IKE Security Protocol Configurations for IPSec Networks

How to Implement IKE Security Protocol Configurations for
IPSec Networks
To configure the IKE security protocol for IPSec networks, perform the tasks described in the following
sections. The tasks in the first two sections are required; the remaining may be optional, depending on
which parameters are configured.
•
•
•
•
•
•
•
•
Enabling or Disabling IKE
This task enables or disables the Internet Key Exchange protocol.
IKE is disabled by default. IKE need not be enabled for individual interfaces, but it is enabled globally
for all interfaces at the router.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto isakmp
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-116
Enabling or Disabling IKE, page 116
Configuring IKE Policies, page 117
Limiting an IKE Peer to Use a Specific Policy Set, page 119
Manually Configuring RSA Keys, page 121
Configuring ISAKMP Preshared Keys in ISAKMP Keyrings, page 128
parameters)
Configuring Call Admission Control, page 129
Configuring Crypto Keyrings, page 133
Configuring IP Security VPN Monitoring, page 136
configure
crypto isakmp
no crypto isakmp
end
or
commit
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
(required)
(required)
(optional, depending on IKE parameters)
(optional)
(required)
(optional)
Purpose
Enters global configuration mode.
Globally enables IKE at the peer router.
(optional)
(optional, depending on IKE
OL-20382-01