Table of Contents
Advertisement
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto isakmp profile [local] profile-name
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp profile
local vpnprofile
RP/0/RP0/CPU0:router(config-isa-prof)#
Step 3
description string
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# description
this is a sample profile
Step 4
keepalive disable
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# keepalive
disable
configure
crypto isakmp profile [local] profile-name
description string
keepalive disable
self-identity {address | fqdn | user-fqdn user-fqdn}
keyring keyring-name
match identity {group group-name | address address [mask] vrf [fvrf] | host hostname | host
domain domain-name | user username | user domain domain-name}
set interface tunnel-ipsec intf-index
set ipsec-profile profile-name
end
or
commit
How to Implement IKE for Locally Sourced and Destined Traffic
Purpose
Enters global configuration mode.
Defines an ISAKMP profile and audits IPSec user
sessions.
(Optional) Use the local keyword to specify that
•
the profile is used for locally sourced or
terminated traffic.
The local keyword is specific only to the
Note
Cisco IPSec VPN SPA.
Use the profile-name argument to specify the
•
name of the user profile.
Creates a description for a keyring.
Use the string argument to specify the character
•
string that describes the keyring.
Lets the gateway send DPD messages to the
Cisco IOS XR peer.
Use the disable keyword to disable the
•
keepalive global declarations.
Cisco IOS XR System Security Configuration Guide
SC-59
Hide quick links:
Advertisement
Chapters
Table of Contents
