Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 139

Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Configuring Crypto Keyrings
A crypto keyring is a repository of preshared and Rivest, Shamir, and Adelman (RSA) public keys. The
router can have zero or more keyrings. Each keyring optionally allows the specification of a VRF in
which the keys defined in the keyring belong.
This task configures crypto keyrings.
Crypto Keyrings Configuration Guidelines and Restrictions
Follow these guidelines and restrictions when configuring crypto keyrings:
•
•
•
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
OL-20382-01
The VRF associated with a crypto keyring cannot be changed. A different keyring must be
configured with the new VRF value.
Address overlapping in a keyring is not allowed and must be enforced during configuration.
A crypto keyring is attached to one or more ISAKMP profiles and cannot be deleted while in use.
configure
crypto keyring keyring-name [vrf fvrf-name]
description string
local-address ip-address
pre-shared-key {address address [mask] | hostname hostname} key key
rsa-pubkey {address address | name fqdn} [encryption | signature]
key-string key-string
quit
end
or
commit
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-133