Step 4Configure Preshared Keys

Çtico-oom tHWlH

ittJUi

router(config) #

crypto isakmp key keystring address peer-address router(config) # crypto isakmp key keystring hostname hostname

RouterA(config)# crypto isakmp key ciscol234 address 172.30.2.2

* Assigns a keystring and the peer address.

* The peer IP address or hostname can be used.

© 2004 Cisco Systems, Inc. All rights reserved. bcran v2.1—5-8

Configure a preshared authentication key with the crypto isakmp key global configuration command. You must configure this key whenever you specify preshared keys in an ISAKMP policy. Use the no form of this command to delete a preshared authentication key. The command syntax parameter definitions are as follows:

crypto isakmp key keystring address peer-address crypto isakmp key keystring hostname peer-hostname crypto isakmp key Command Arguments

cyrpto isakmp key keystring Command

Description

keystring

Specify the preshared key. Use any combination of alphanumeric characters up to 128 bytes. This preshared key must be identical at both peers.

peer-address

Specify the IP address of the remote peer.

hostname

Specify the host name of the remote peer. This is the peer host name concatenated with its domain name (for example, myhost.domain.com).

Note A given preshared key is shared between two peers. At a given peer, you can specify the same key to share with multiple remote peers; however, a more secure approach is to specify different keys to share between different pairs of peers.

router(config) #

crypto isakmp key keystring address peer-address router(config) # crypto isakmp key keystring hostname hostname

The following configuration example shows ISAKMP and preshared keys for routerA and routerB. Note that the keystring of cisco1234 matches. The address identity method is specified. The ISAKMP policies are compatible. Default values do not have to be configured.

RouterA(config)# crypto 172 .30.2.2

RouterA(config)# crypto RouterA(config-isakmp)# RouterA(config-isakmp)# RouterA(config-isakmp)#

RouterB(config)# crypto 172.30.1.2

RouterB(config)# crypto RouterB(config-isakmp)# RouterB(config-isakmp)# RouterB(config-isakmp)#

isakmp key ciscol234 address isakmp policy llO hash md5

authentication pre-share exit isakmp key ciscol234 address isakmp policy llO hash md5

authentication pre-share exit

0 0

Post a comment