How to Implement IKE for Cisco IPSec VPN SPAs on Cisco IOS XR Software
Command or Action
Step 2
crypto isakmp keepalive seconds retry-seconds
[periodic | on-demand]
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp
keepalive 20 20 on-demand
Step 3
end
or
commit
Example:
RP/0/RP0/CPU0:router(config)# end
or
RP/0/RP0/CPU0:router(config)# commit
Configuring the ISAKMP Profile for Service Interfaces
This task configures the ISAKMP profile for service interfaces.
SUMMARY STEPS
1.
2.
Cisco IOS XR System Security Configuration Guide
SC-64
configure
crypto isakmp profile [local] profile-name
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Purpose
Uses the IKE security association (SA) feature to
provide a mechanism to detect loss of connectivity
between two IP Security (IPSec) peers.
•
Use the seconds argument to specify the number
of seconds between keepalive messages. The
range is from 10 to 3600.
Use the retry-seconds argument to specify the
•
number of seconds between retries if keepalive
fails. The range is from 2 to 60.
(Optional) Use the periodic keyword to specify
•
the keepalive messages that are sent at regular
intervals for DPD messages.
(Optional) Use the on-demand keyword to
•
specify the DPD retries that are sent on demand.
Saves configuration changes.
When you issue the end command, the system
•
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to
–
the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session
–
and returns the router to EXEC mode
without committing the configuration
changes.
Entering cancel leaves the router in the
–
current configuration session without
exiting or committing the configuration
changes.
Use the commit command to save the
•
configuration changes to the running
configuration file and remain within the
configuration session.