Step 3Configure Isakmp Identity

router(config) #

crypto isakmp identity {address | hostname}

Defines whether ISAKMP identity is done by IP address or hostname.

Use consistently across ISAKMP peers.

© 2004 Cisco Systems, Inc. All rights re

IPSec peers authenticate each other during ISAKMP negotiations by using the preshared key and the ISAKMP identity. The identity can either be the IP address or the host name of the router. Cisco IOS software uses the IP address identity method by default. A command indicating the address mode does not appear in the router configuration.

If you choose to use the host name identity method, you must specify the method with the crypto isakmp identity global configuration command. Use the no form of this command to reset the ISAKMP identity to the default value (address). The command syntax and parameter definitions are as follows:

crypto isakmp identity {address | hostname}

crypto isakmp identity (address | hostname) Command

crypto isakmp identity Command

Description

address

Sets the ISAKMP identity to the IP address of the interface that is used to communicate to the remote peer during ISAKMP negotiations.

The keyword is typically used when there is only one interface that will be used by the peer for ISAKMP negotiations, and the IP address is known.

hostname

Sets the ISAKMP identity to the host name concatenated with the domain name (for example, myhost.domain.com).

The keyword should be used if there is more than one interface on the peer that might be used for ISAKMP negotiations, or if the interface IP address is unknown (such as with dynamically-assigned IP addresses).

If you use the host name identity method, you may need to specify the host name for the remote peer if a DNS server is not available for name resolution. An example of this follows:

RouterA(config)# ip host RouterB.domain.com 172.30.2.2

0 0

Post a comment