Authentication – Enterasys Networks X-Pedition XSR CLI User Manual

ISAKMP Protocol Policy Mode Commands

14-96 Configuring the VPN

Next Mode

ISAKMP protocol proposal configuration: 

XSR(config-isakmp)#

Example

The following example configures two policies for the peer:

XSR(config)#crypto isakmp proposal 57
XSR(config-isakmp)#hash md5
XSR(config-isakmp)#authentication rsa-sig
XSR(config-isakmp)#group2
XSR(config-isakmp)#lifetime 5000
XSR(config)#crypto isakmp policy 99
XSR(config-isakmp)#authentication pre-share
XSR(config-isakmp)#lifetime 10000

The above configuration results in the following policies:

XSR# show crypto isakmp proposal
Name

Authentication

Encrypt

Integrity

Group

Lifetime

57

RSASignature

DES

HMAC-MD5

Modp1024

5000

99

PreSharedKeys

DES

HMAC-SHA

Modp768

10000

DEFAULT

RSASignature

DES

HMAC-SHA

Modp768

86400

authentication

This command specifies the authentication method used within an IKE proposal (policy).

Syntax

authentication {rsa-sig | pre-share}

Syntax of the “no” Form

The no form of this command resets authentication to the default:

no authentication

Default

rsa‐sig

Mode

ISAKMP protocol policy configuration: 

XSR(config-isakmp)#

Example

This example specifies RSA signatures authentication  for  IKE proposal ACMEproposal:

XSR(config)#crypto isakmp proposal ACMEproposal
XSR(config-isakmp)#authentication rsa-sig

rsa-sig

RSA signatures public key authentication method.

pre-share

Pre‐shared keys authentication method.