SROS Command Line Interface Reference Guide

Global Configuration Mode Command Set

 

 

crypto ike

Use the crypto ike command to define the system-level local ID for IKE negotiations and to enter the IKE Client or IKE Policy command sets.

Variations of this command include the following:

crypto ike client configuration pool <poolname> crypto ike local-id address

crypto ike policy <policy priority>

Syntax Description

client configuration

Creates a local pool named the <poolname> of your choice and enters the IKE

pool <poolname>

Client. Clients that connect via an IKE policy that specifies this pool-name will be

 

assigned values from this pool. See the section for more information.

local-id address

Sets the local ID during IKE negotiation to be the IP address of the interface from

 

which the traffic exits. This setting can be overridden on a per-policy basis using

 

the local-idcommand in the IKE Policy (see local-id [address asn1-dn fqdn

 

user-fqdn] <ipaddress or name> on page 380 for more information).

policy <policy priority>

Creates an IKE policy with the <policy priority> of your choice and enters the IKE

 

Policy. See IKE Policy Command Set on page 373 for more information.

Default Values

There are no default settings for this command.

Command Modes

(config)#

Global Configuration Mode

Usage Examples

The following example creates an IKE policy with a policy priority setting of 1 and enters the IKE Policy for that policy:

(config)#crypto ike policy 1 (config-ike)#

Technology Review

The following example configures an Secure Router OS product for VPN using IKE aggressive mode with pre-shared keys. The Secure Router OS product can be set to initiate IKE negotiation in main mode or aggressive mode. The product can be set to respond to IKE negotiation in main mode, aggressive mode, or any mode. In this example, the device is configured to initiate in aggressive mode and to respond to any mode.

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

223

Page 223
Image 223
HP 7000 dl Router manual Crypto ike, Local-id address, Config#crypto ike policy 1 config-ike#