TechTutorials - Free Computer Tutorials  







IPv6 Training (Cisco): Using the (IKE) policy “authentication” Command 
 


Added: 03/13/2009, Hits: 3,346, Rating: 0, Comments: 0, Votes: 0
Add To Favorites | Comment on this article
This article is for all you Cisco security buffs out there.

The “authentication” for Internet Key Exchange (IKE) policy command; is a Cisco IOS “ISAKMP Policy Configuration” mode command that is used to specify the authentication method used within an Internet Key Exchange (IKE) policy.

Below is the proper syntax and an example of the “authentication (IKE) policy" command:

Syntax:

authentication {rsa-sig | rsa-encr | pre-share}

Example:

Router>enable
Router#configure terminal
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#exit

Router(config)#


In the above example; An ISAKMP policy is being created (configured) with a priority of 1 (one); and the authentication method that is to be used for the ISAKMP policy is “pre-share”.

Now, let’s say a network administrator (like you) previously sets an authentication method for an ISAKMP policy, but, now decides to “reset” the authentication method to the default value; to reset a authentication method back to default, use the “no authentication” like you see in the example below.

Example:

Router>enable
Router#configure terminal
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#no authentication
Router(config-isakmp)#exit
Router(config)#


The “authentication” (IKE) policy command Keywords explained:

rsa-sig – This keyword is used to specify the use of RSA signatures as the authentication method. But, currently this type of authentication method is not being supported in IPv6.

rsa-encr – This keyword is used to specify the use of RSA encrypted nonces as the authentication method. But, currently this type of authentication method is also not being supported in IPv6.

pre-share – This keyword is used to specify the use of preshared keys as the authentication method, and this type of authentication method is being supported in IPv6. But, remember when using this keyword, you must also separately configure the preshared keys; by using crypto isakmp identity and crypto isakmp key commands.

I hope this article was very informative and helped you quickly understand the usage and keywords of the “authentication” (IKE) policy command. If you need to learn more about the command; I suggest you visit my website, were you’ll find the latest information regarding Cisco IPv6 Design and Implementation Techniques.

To your success,
Charles Ross
CCNP #CSCO10444244
www.ciscoipv6ittechtips.com





Comments (0)

Be the first to comment on this article


Related Items








7 Seconds Resources, Inc.




IT Showcase