Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

ISAKMP Protocol Policy Mode Commands

14-96 Configuring the VPN

Next Mode

ISAKMPprotocolproposalconfiguration:XSR(config-isakmp)#

Example

Thefollowingexampleconfigurestwopoliciesforthepeer:

XSR(config)#crypto isakmp proposal 57

XSR(config-isakmp)#hash md5

XSR(config-isakmp)#authentication rsa-sig

XSR(config-isakmp)#group2

XSR(config-isakmp)#lifetime 5000

XSR(config)#crypto isakmp policy 99

XSR(config-isakmp)#authentication pre-share

XSR(config-isakmp)#lifetime 10000

Theaboveconfigurationresultsinthefollowingpolicies:

XSR# show crypto isakmp proposal

Name Authentication Encrypt Integrity Group Lifetime

57 RSASignature DES HMAC-MD5 Modp1024 5000

99 PreSharedKeys DES HMAC-SHA Modp768 10000

DEFAULT RSASignature DES HMAC-SHA Modp768 86400

authentication

Thiscommandspecifiestheauthenticati onmethodusedwithinanIKEproposal(policy).

Syntax

authentication {rsa-sig | pre-share}

Syntax of the “no” Form

Thenoformofthiscommandresetsauthenticationtothedefault:

no authentication

Default

rsa‐sig

Mode

ISAKMPprotocolpolicyconfiguration:XSR(config-isakmp)#

Example

ThisexamplespecifiesRSAsignaturesauthenticationforIKEproposalACMEproposal:

XSR(config)#crypto isakmp proposal ACMEproposal

XSR(config-isakmp)#authentication rsa-sig

rsa-sig

RSAsignaturespublickeyauthenticationmethod.

pre-share

Pre‐sharedkeysauthenticationmethod.

previous next