Defining Group Policy Information For Mode Configuration - Cisco IOS XR Configuration Manual

How to Implement IKE Security Protocol Configurations for IPSec Networks
Command or Action
Step 8
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-isakmp)# end
or
RP/0/RP0/CPU0:router(config-isakmp)# commit
Step 9
show crypto isakmp policy
Example:
RP/0/RP0/CPU0:router# show crypto isakmp policy

Defining Group Policy Information for Mode Configuration

Although users can belong to only one group for each connection, they may belong to specific groups
with different policy requirements. Thus, users may decide to connect to the client using a different
group ID by changing their client profile on the VPN device.
This task defines the group policy attributes that are pushed to the client through mode configuration.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Cisco IOS XR System Security Configuration Guide
SC-36
configure
crypto isakmp client configuration group group-name
key preshared-key
acl acl-name
backup-server {ip-address | hostname}
dns primary-server [secondary-server]
domain name
firewall are-u-there
group-lock
include-local-lan
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Purpose
Saves configuration changes.
When you issue the end command, the system prompts
•
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
–
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
–
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
–
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
•
changes to the running configuration file and remain
within the configuration session.
(Optional) Displays all existing IKE policies.