Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto keyring keyring-name [vrf fvrf-name ]
Example:
RP/0/RP0/CPU0:router(config)# crypto keyring vpnkey
Step 3
description string
Example:
RP/0/RP0/CPU0:router(config-keyring# description
this is a sample keyring
Step 4
local-address ip-address
Example:
RP/0/RP0/CPU0:router(config-keyring)# local-address
130.40.1.1
Step 5
pre-shared-key {address address [ mask ] | hostname
hostname } key key
Example:
RP/0/RP0/CPU0:router(config-keyring)# pre-shared-key
address 10.72.23.11 key vpnkey
How to Implement IKE Security Protocol Configurations for IPSec Networks
Purpose
Enters global configuration mode.
Defines a crypto keyring to be used during IKE
authentication.
•
Use the keyring-name argument as the name of
the crypto keyring.
•
Use the vrf keyword to specify that the front
door virtual routing and forwarding (FVRF)
name is the keyring that is referenced. The
fvrf-name argument must match the FVRF name
that was defined during a (VRF) configuration.
Creates a one-line description for a keyring.
Use the string argument to specify the character
•
string that describes the keyring.
Limits the scope of an ISAKMP keyring
configuration to a local termination address or
interface.
Use the ip-address argument to specify the IP
•
address to which to bind.
Defines a preshared key to be used for IKE
authentication.
Use the address keyword to specify the IP
•
address of the remote peer or a subnet and mask.
The mask argument is optional.
•
Use the hostname keyword to specify the fully
qualified domain name (FQDN) of the peer.
Use the key keyword to specify the secret.
•
Cisco IOS XR System Security Configuration Guide
SC-55