Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Command or Action
Step 3
pre-shared-key {address address [mask] |
hostname hostname} key key
Example:
RP/0/RP0/CPU0:router(config-keyring)#
pre-shared-key address 10.72.23.11 key vpnkey
RP/0/RP0/CPU0:router(config-keyring)#
pre-shared-key hostname mycisco.com key vpnkey
Step 4
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-keyring)# end
or
RP/0/RP0/CPU0:router(config-keyring)# commit
Configuring Call Admission Control
These tasks are used to configure Call Admission Control (CAC):
•
•
Configuring the IKE Security Association Limit
This task configures the IKE security admission limit.
SUMMARY STEPS
1.
2.
OL-20382-01
Configuring the IKE Security Association Limit, page 129
Configuring the System Resource Limit, page 131
configure
crypto isakmp call admission limit {in-negotiation-sa number | sa number}
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
How to Implement IKE Security Protocol Configurations for IPSec Networks
Purpose
Defines a preshared key for IKE authentication.
•
Use the address keyword to specify the IP address of
the remote peer or a subnet and mask.
•
(Optional) Use the mask argument to match the range of
the address.
•
Use the hostname keyword to specify the fully
qualified domain name (FQDN) of the peer.
(Optional) Use the key keyword to specify the key.
•
Saves configuration changes.
•
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
–
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
–
configuration session without exiting or
committing the configuration changes.
•
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
SC-129