Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Remote Peer ISAKMP Protocol Policy Mode Commands

XSR CLI Reference Guide 14-103

Syntax of the “no” Form

Thenoformofthiscommandremovespoliciesfromthepeer:

no proposal

Mode

RemotePeerISAKMPprotocolpolicyconfiguration:XSR(config-isakmp-peer)#

Example

Thefollowingexampleatta chesaproposaltotheremotepeer:

XSR(config)#crypto isakmp peer 192.168.57.9 255.255.255.255

XSR(config-isakmp-peer)#proposal 3des_md5_gh2

user-id

ThiscommanddefinestheidentityinformationtobeusedduringaggressiveIKEPhase1

negotiationforpeer‐to‐peerconnections.Enteritwhenconfiguringthepeer’sISAKMPforapeer

withpre‐sharedkeyswhoseIPaddressisdynamic.IfyouspecifynoID,theIPaddresswillbeused

bydefault.But,inthatcase,youwillhavetore‐configure(withanewentryintheaaa user

database)bothendsofthetunneleverytimetheaddresschanges.

Syntax

user-id “string”

Syntax of the “no” Form

Thenoformofthiscommanddeletestheuseridentity:

no user-id “string”

Mode

PrivilegedEXEC:XSR#

Example

ThefollowingexampleconfigurestheidentificationROBO1.ThisIDwillbeusedforaggressive

IKEPhase1messagessenttothepeermatchingtheISAKMP’speeraddress(0.0.0.0,forexample):

XSR(config)#crypto isakmp peer 0.0.0.0 0.0.0.0

XSR(config-isakmp-peer)#exchange-mode aggressive

XSR(config-isakmp-peer)#user-id “ROBO1 in Shrewsbury”

Note: The exchange mode for this ISAKMP must be set to aggressive.

“string”

User‐definedidentificationenclosedbyquotations.

previous next