Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-116
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
How to Implement IKE Security Protocol Configurations for
IPSec Networks
To configure the IKE security protocol for IPSec networks, perform the tasks described in the following
sections. The tasks in the first two sections are required; the remaining may be optional, depending on
which parameters are configured.
• Enabling or Disabling IKE, page 116 (required)
• Configuring IKE Policies, page 117 (required)
• Limiting an IKE Peer to Use a Specific Policy Set, page 119 (optional)
• Manually Configuring RSA Keys, page 121 (optional, depending on IKE parameters)
• Configuring ISAKMP Preshared Keys in ISAKMP Keyrings, page 128 (optional, depending on IKE
parameters)
• Configuring Call Admission Control, page 129 (optional)
• Configuring Crypto Keyrings, page 133 (required)
• Configuring IP Security VPN Monitoring, page 136 (optional)
Enabling or Disabling IKE
This task enables or disables the Internet Key Exchange protocol.
IKE is disabled by default. IKE need not be enabled for individual interfaces, but it is enabled globally
for all interfaces at the router.
SUMMARY STEPS
1. configure
2. crypto isakmp
3. no crypto isakmp
4. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto isakmp
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp
Globally enables IKE at the peer router.
To Next Page
Loading...
Need help?
General
