hit counter script

Cisco IOS XR Configuration Manual page 73

System security configuration guide
Hide thumbs Also See for IOS XR:
Table of Contents

Advertisement

Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Command or Action
Step 7
match identity {group group-name | address address
[ mask ] vrf [ fvrf ] | host hostname | host domain
domain-name | user username | user domain
domain-name }
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# match
identity group vpngroup
RP/0/RP0/CPU0:router(config-isa-prof-match)#
Step 8
set interface tunnel-ipsec intf-index
Example:
RP/0/RP0/CPU0:router(config-isa-prof-match)# set
interface tunnel-ipsec 50
How to Implement IKE for Locally Sourced and Destined Traffic
Purpose
Matches the identity from a peer in an ISAKMP
profile.
Use the group keyword to specify a Unity group
that matches identification (ID) type
ID_KEY_ID. If RSA signatures are used, the
group-name argument matches the
organizational unit (OU) field of the
distinguished name (DN).
Use the address keyword to match the address
argument with the ID type ID_IPV4_ADDR.
Use the mask argument to specify a range of
addresses.
Use the vrf keyword to specify the front door
VPN routing and forwarding (VRF) of the peer.
Use the fvrf argument to match the address in
the front door virtual router forwarding (FVRF)
Virtual Private Network (VPN) space.
Use the host keyword to specify an identity that
matches the type ID_FQDN, whose fully
qualified domain name (FQDN) ends with the
domain name.
Use the host domain keyword to specify an
identity that matches type ID_FQDN. The
domain name is the same as the domain-name
argument.
Use the user keyword to specify an identity that
matches the FQDN.
Use the user domain keyword to specify an
identity that matches the type
ID_USER_FQDN. When the user domain
keyword is present, all users having identities of
the type ID_USER_FQDN and ending with
domain-name are matched.
Predefines the interface instance when IKE
negotiates for IPSec service associations (SAs) for
the traffic that is locally sourced or terminated and
the local endpoint is the IKE responder.
Use the intf-index argument to set the range
from 0 to 4294967295.
Cisco IOS XR System Security Configuration Guide
SC-61

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Ios xr 3.5

Table of Contents