Table of Contents
Advertisement
Remote Peer ISAKMP Protocol Policy Mode Commands
Syntax
crypto isakmp peer_address subnet-mask
peer_address
subnet-mask
Syntax
The no form of this command removes policies from a remote peer:
no crypto isakmp peer peer_address subnet-mask
Mode
Global configuration:
Next Mode
Remote Peer ISAKMP protocol policy configuration:
Example
The following example sets the remote peer's IKE policies:
XSR(config)#crypto isakmp peer 192.168.57.9 255.255.255.255
XSR(config-isakmp)#
config-mode
This command sets the local IKE Mode Configuration role. While not officially an IETF standard,
config‐mode is the de facto standard for assigning IP addresses within IKE.
Internet Key Exchange (IKE) Mode Configuration, as implemented by many vendors, allows a
gateway to download an IP address (and other network level configuration) to the client as part of
IKE negotiation. Using this exchange, the gateway gives IP addresses to the IKE client to be used
as an inner IP address encapsulated under IPSec. This method provides a known IP address for the
client that can be matched against IPSec policy.
When configured as a Mode Config gateway, the XSR allocates an IP address to a peerm requesting
it and when configured as a client, the XSR requests an IP address from the gateway.
Syntax
config-mode {client | gateway}
client
gateway
Syntax of the "no" Form
The no form of this command resets IKE configuration mode to the default:
no config-mode
14-100 Configuring the VPN
Peerʹs IP address or IP subnet to which the policy will be attached.
Value used with the peer‐address.
XSR(config)#
Act as a Configuration Mode client with this peer.
Act as a Configuration Mode server with this peer.
XSR(config-isakmp-peer)#
Advertisement
Table of Contents
