Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 146

How to Configure the ISAKMP Profile
Command or Action
Step 7
match identity {group group-name | address address
[mask] vrf [fvrf] | host hostname | host domain
domain-name | user username | user domain
domain-name}
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# match
identity group vpngroup
RP/0/RP0/CPU0:router(config-isa-prof-match)#
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-140
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Purpose
Matches the identity from a peer in an ISAKMP
profile.
• Use the group keyword to specify a Unity group
that matches identification (ID) type
ID_KEY_ID. If RSA signatures are used, the
group-name argument matches the
organizational unit (OU) field of the
distinguished name (DN).
• Use the address keyword to match the address
argument with the ID type ID_IPV4_ADDR.
• Use the mask argument to specify a range of
addresses.
Use the vrf keyword to specify the front door
•
VPN routing and forwarding (VRF) of the peer.
Use the fvrf argument to match the address in
•
the front door virtual router forwarding (FVRF)
Virtual Private Network (VPN) space.
Use the host keyword to specify an identity that
•
matches the type ID_FQDN, whose fully
qualified domain name (FQDN) ends with the
domain name.
• Use the host domain keyword to specify an
identity that matches type ID_FQDN. The
domain name is the same as the domain-name
argument.
Use the user keyword to specify an identity that
•
matches the FQDN.
Use the user domain keyword to specify an
•
identity that matches the type
ID_USER_FQDN. When the user domain
keyword is present, all users having identities of
the type ID_USER_FQDN and ending with
domain-name are matched.
OL-20382-01