Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Configure the ISAKMP Profile
SC-138
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
4. keepalive disable
5. self-identity {address | fqdn | user-fqdn user-fqdn}
6. keyring keyring-name
7. match identity {group group-name | address address [mask] vrf [fvrf] | host hostname | host
domain domain-name | user username | user domain domain-name}
8. set interface {tunnel-ipsec intf-index | | } intf-index
9. set ipsec-profile profile-name
10. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto isakmp profile [local] profile-name
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp profile
local vpnprofile
RP/0/RP0/CPU0:router(config-isa-prof)#
Defines an ISAKMP profile and audits IPSec user
sessions.
• (Optional) Use the local keyword to specify that
the profile is used for locally sourced or
terminated traffic.
Note The local keyword is required for use of the
set ipsec-profile and the set interface
tunnel-ipsec commands later in this
procedure.
• (Required) Use the profile-name argument to
specify the name of the user profile.
Step 3
description string
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# description
this is a sample profile
Creates a description for a keyring.
• Use the string argument to specify the character
string that describes the keyring.
Step 4
keepalive disable
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# keepalive
disable
Lets the gateway send DPD messages to the
Cisco
IOS XR peer.
• Use the disable keyword to disable the
keepalive global declarations.
To Next Page
Need help?
General
