Cisco IOS Security Command Reference
22.09.2013 Views
Share Embed Flag

Cisco IOS Security Command Reference

Cisco IOS Security Command Reference

Cisco IOS Security Command Reference

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
ftj.agh.edu.pl

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

<strong>Security</strong> <strong>Command</strong>s<br />

crypto isakmp peer<br />

Syntax Description<br />

January 2008<br />

<strong>Cisco</strong> <strong>IOS</strong> <strong>Security</strong> <strong>Command</strong> <strong>Reference</strong><br />

crypto isakmp peer<br />

To enable an IP <strong>Security</strong> (IPSec) peer for Internet Key Exchange (IKE) querying of authentication,<br />

authorization, and accounting (AAA) for tunnel attributes in aggressive mode, use the crypto isakmp<br />

peer command in global configuration mode. To disable this functionality, use the no form of this<br />

command.<br />

<strong>Command</strong> Default No default behavior or values<br />

<strong>Command</strong> Modes Global configuration<br />

<strong>Command</strong> History<br />

crypto isakmp peer {address {ipv4-address | ipv6 ipv6-address} | hostname fqdn-hostname}<br />

no crypto isakmp peer {address {ipv4-address | ipv6 ipv6-address} | hostname fqdn-hostname}<br />

address ip-address Address of the peer router.<br />

ipv4-address IPv4 address of the peer router.<br />

ipv6 ipv6-address IPv6 address of the peer router.<br />

hostname Hostname of the peer router.<br />

fqdn-hostname Fully qualified domain name (FQDN) of the peer router.<br />

Release Modification<br />

12.2(8)T This command was introduced.<br />

12.2(15)T The vrf keyword and fvrf-name argument were added.<br />

12.2(18)SXD This command was integrated into <strong>Cisco</strong> <strong>IOS</strong> Release 12.2(18)SXD.<br />

12.4(4)T The ipv6 keyword and ipv6-address argument were added.<br />

Usage Guidelines After enabling this command, you can use the set aggressive-mode client-endpoint and set<br />

aggressive-mode password commands to specify RADIUS tunnel attributes in the Internet <strong>Security</strong><br />

Association and Key Management Protocol (ISAKMP) peer policy for IPSec peers.<br />

Instead of keeping your preshared keys on the hub router, you can scale your preshared keys by storing<br />

and retrieving them from an AAA server. The preshared keys are stored in the AAA server as Internet<br />

Engineering Task Force (IETF) RADIUS tunnel attributes and are retrieved when a user tries to “speak”<br />

to the hub router. The hub router retrieves the preshared key from the AAA server and the spokes (the<br />

users) initiate aggressive mode to the hub by using the preshared key that is specified in the ISAKMP<br />

peer policy as a RADIUS tunnel attribute.<br />

SEC-517

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!