To specify the authentication method within an IKE policy, use the authentication (IKE policy)ISAKMP policy configuration command. IKE policies define a set of parameters to be used during IKE negotiation. Use the no form of this command to reset the authentication method to the default value.
authentication {rsa-sig | rsa-encr | pre-share }
no authentication
rsa-sig Specifies RSA signatures as the authentication method.
rsa-encr Specifies RSA encrypted nonces as the authentication method.
pre-share Specifies preshared keys as the authentication method.
RSA signatures
ISAKMP policy configuration (config-isakmp)
| Release | Modification | 11.3 T | This command was introduced. |
|---|
Use this command to specify the authentication method to be used in an IKE policy.
If you specify RSA signatures, you must configure your peer routers to obtain certificates from a Certification Authority (CA).
If you specify RSA encrypted nonces, you must ensure that each peer has the other peer's RSA public keys. (See the crypto key pubkey-chain rsa, addressed-key, named-key, address, and key-string (IKE) commands.)
If you specify preshared keys, you must also separately configure these preshared keys. (See the cryptoisakmp identity and crypto isakmp key commands.)
This example configures an IKE policy with preshared keys as the authentication method (all other parameters are set to the defaults):
MyPeerRouter(config)# crypto isakmp policy 15 MyPeerRouter(config-isakmp)# authentication pre-share MyPeerRouter(config-isakmp)# exit MyPeerRouter(config)#
| Command | Description |
|---|---|
| crypto isakmp key | Configures a preshared authentication key. |
| crypto isakmp policy | Defines an IKE policy. |
| crypto key generate rsa (IKE) | Generates RSA key pairs. |
| encryption (IKE policy) | Specifies the encryption algorithm within an IKE policy. |
| group (IKE policy) | Specifies the Diffie-Hellman group identifier within an IKE policy. |
| hash (IKE policy) | Specifies the hash algorithm within an IKE policy. |
| lifetime (IKE policy) | Specifies the lifetime of an IKE SA. |
| show crypto isakmp policy | Displays the parameters for each IKE policy. |
Printed for apswan@ctr.ap.nic.in on Wed Mar 5 22:32:57 PST 2003
All material in this document copyright 2000 Cisco Systems, Inc. All rights reserved. No material may be reproduced or distributed without written permission of Cisco Systems, Inc.