Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Remote Peer ISAKMP Protocol Policy Mode Commands

14-100 Configuring the VPN

Syntax

crypto isakmp peer_address subnet-mask

Syntax

Thenoformofthiscommandremovespoliciesfromaremotepeer:

no crypto isakmp peer peer_address subnet-mask

Mode

Globalconfiguration:XSR(config)#

Next Mode

RemotePeerISAKMPprotocolpolicyconfiguration:XSR(config-isakmp-peer)#

Example

Thefollowingexamplesetstheremotepeer’sIKEpolicies:

XSR(config)#crypto isakmp peer 192.168.57.9 255.255.255.255

XSR(config-isakmp)#

config-mode

ThiscommandsetsthelocalIKEModeConfigurationrole.WhilenotofficiallyanIETFstandard,

config‐modeisthedefacto standardforassigningIPaddresseswithinIKE.

InternetKeyExchange(IKE)ModeConfiguration,asimplementedbymanyvendors,allowsa

gatewaytodownloadanIPaddress(andothernetworklevel

configuration)totheclientaspartof

IKEnegotiation.Usingthisexchange,thegatewaygivesIPaddressestotheIKEclienttobeused

asaninnerIPaddressencapsulated underIPSec.ThismethodprovidesaknownIPaddressforthe

clientthatcanbematchedagainstIPSecpolicy.

Whenconfigured

asaModeConfiggateway,theXSRallocatesanIPaddresstoapeermrequesting

itandwhenconfiguredasaclient,theXSRrequestsan IPaddressfromthegateway.

Syntax

config-mode {client | gateway}

Syntax of the “no” Form

ThenoformofthiscommandresetsIKEconfigurationmodetothedefault:

no config-mode

peer_address

PeerʹsIPaddressorIPsu bnettowhichthepolicywillbeattached.

subnet-mask

Valueusedwiththepeer‐address.

client

ActasaConfigurationModeclientwiththispeer.

gateway

ActasaConfigurationModeserverwiththispeer.

previous next