Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Command or Action
Step 7
match identity {group group-name | address address
[ mask ] vrf [ fvrf ] | host hostname | host domain
domain-name | user username | user domain
domain-name }
Example:
RP/0/RP0/CPU0:router(config-isa-prof)# match
identity group vpngroup
RP/0/RP0/CPU0:router(config-isa-prof-match)#
How to Implement IKE for Cisco IPSec VPN SPAs on Cisco IOS XR Software
Purpose
Matches the identity from a peer in an ISAKMP
profile.
Use the group keyword to specify a Unity group
•
that matches identification (ID) type
ID_KEY_ID. If RSA signatures are used, the
group-name argument matches the
organizational unit (OU) field of the
distinguished name (DN).
Use the address keyword to match the address
•
argument with the ID type ID_IPV4_ADDR.
Use the mask argument to specify a range of
•
addresses.
Use the vrf keyword to specify the front door
•
VPN routing and forwarding (VRF) of the peer.
Use the fvrf argument to match the address in
•
the front door virtual router forwarding (FVRF)
Virtual Private Network (VPN) space.
Use the host keyword to specify an identity that
•
matches the type ID_FQDN, whose fully
qualified domain name (FQDN) ends with the
domain name.
Use the host domain keyword to specify an
•
identity that matches type ID_FQDN. The
domain name is the same as the domain-name
argument.
Use the user keyword to specify an identity that
•
matches the FQDN.
Use the user domain keyword to specify an
•
identity that matches the type
ID_USER_FQDN. When the user domain
keyword is present, all users having identities of
the type ID_USER_FQDN and ending with
domain-name are matched.
Cisco IOS XR System Security Configuration Guide
SC-67