Table of Contents
Advertisement
Default
Disabled
Mode
Remote Peer ISAKMP protocol policy configuration:
Example
The following example configures the IKE IP address assignment mode to client:
XSR(config)#crypto isakmp peer 2.2.2.2 255.255.255.0
XSR(config-isakmp-peer)#config-mode client
exchange-mode
This command sets IKE to main or aggressive exchange mode.
Syntax
exchange-mode {main | aggressive}
main
aggressive
Syntax of the "no" Form
The no form of this command resets the exchange mode to the default:
no exchange-mode
Default
Aggressive mode
Mode
Remote Peer ISAKMP protocol policy configuration:
Example
The following example configures the IKE mode to main:
XSR(config)#crypto isakmp peer 192.168.57.9 255.255.255.255
Notes: It is useful to specify a user ID instead of an IP address when configuring an SA in
aggressive mode (with pre-shared keys) for a peer whose IP address is dynamic. If you specify no
ID, its IP address will be used by default. But, in that case, you will have to re-configure (with a new
entry in the aaa user database) both ends of the tunnel every time the address changes. Use the
user-id <string> command instead.
Due to the vulnerability of pre-shared keys on VPN devices using aggressive mode tunnels,
Enterasys Networks recommends instead using a certificate or employing a very long password
which is not listed in a dictionary.
IKE exchange mode set to main mode.
IKE exchange mode set to aggressive mode.
Remote Peer ISAKMP Protocol Policy Mode Commands
XSR(config-isakmp-peer)#
XSR(config-isakmp-peer)#
XSR CLI Reference Guide 14-101
Advertisement
Table of Contents
