Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Contents
SC-106
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Contents
• Prerequisites for Implementing Internet Key Exchange, page 106
• Information About Implementing IKE Security Protocol Configurations for IPSec Networks,
page 106
• IPSec Dead Peer Detection Periodic Message Option, page 115
• How to Implement IKE Security Protocol Configurations for IPSec Networks, page 116
• How to Configure the ISAKMP Profile, page 137
• How to Configure a Dead Peer Detection Message, page 142
• Configuration Examples for Implementing IKE Security Protocol, page 144
• Additional References, page 150
Prerequisites for Implementing Internet Key Exchange
The following prerequisites are required to implement Internet Key Exchange:
• You must be in a user group associated with a task group that includes the proper task IDs. The
command reference guides include the task IDs required for each command.
• If you suspect user group assignment is preventing you from using a command, contact your AAA
administrator for assistance.
• You must install and activate the package installation envelope (PIE) for the security software.
For detailed information about optional PIE installation, see Cisco IOS XR System Management
Configuration Guide.
Information About Implementing IKE Security Protocol
Configurations for IPSec Networks
To implement IKE, you should understand the following concepts:
• Supported Standards, page 107
• Concessions for Not Enabling IKE, page 108
• IKE Policies, page 108
• ISAKMP Identity, page 112
• ISAKMP Profile Overview, page 113
• Call Admission Control, page 114
• Information About IP Security Monitoring, page 114
• IPSec Dead Peer Detection Periodic Message Option, page 115
Release 3.8.0 Information was edited to make clearer which features are supported on the
Cisco
CRS-1 exclusively.
Release 3.9.0 No modification.
To Next Page
Loading...
Need help?
General
