IPv6 (Cisco) Training - Using the "(IKE) Policy "authentication" Command

This article is for all you Cisco security buffs out there.

The "authentication" for Internet Key Exchange (IKE) policy command; is a Cisco IOS "ISAKMP Policy Configuration" mode command; that is used to specify the authentication method used within an Internet Key Exchange (IKE) policy. 

Below are the proper syntax and an example of the "authentication (IKE) policy" command: 

Syntax:   authentication {rsa-sig | rsa-encr | pre-share}

Example:

Router>enable
Router#configure terminal
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#exit
Router(config)#
 
In the above example; An ISAKMP policy is being created (configured) with a priority of 1 (one); and the authentication method that is to be used for the ISAKMP policy is "pre-share". 
 
Now, let's say a network administrator (like you) previously sets an authentication method for an ISAKMP policy, but, now decides to "reset" the authentication method to the default value; to reset a authentication method to default, use the "no authentication" like you see in the example below.
 
Example:
 
Router>enable
Router#configure terminal
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#no authentication
Router(config-isakmp)#exit
Router(config)#
 
The "authentication" (IKE) policy command Keywords explained:
 
rsa-sig - This keyword is used to specify the use of RSA signatures as the authentication method. But, currently this type of authentication method is not being supported in IPv6.
rsa-encr - This keyword is used to specify the use of  RSA encrypted nonces as the authentication method. But, currently this type of authentication method is also not being supported in IPv6.

pre-share - This keyword is used to specify the use of preshared keys as the authentication method, and this type of authentication method is being supported in IPv6. But, remember when using this keyword, you must also separately configure the preshared keys; by using crypto isakmp identity and crypto isakmp key commands.

I hope this article was very informative and helped you quickly understand the usage and keywords of the "authentication" (IKE) policy command. If you need to learn more about the command; I suggest you visit my website, were you'll find the latest information regarding Cisco IPv6 Design and Implementation Techniques.

To your success,  

USB Storage android market

Labels: , , , , Posted by tun at 9:53 AM  

Agregar a marcadores favoritos:
  • Agregar a Technorati
  • Agregar a Del.icio.us
  • Agregar a DiggIt!
  • Agregar a Yahoo!
  • Agregar a Google
  • Agregar a Meneame
  • Agregar a Furl
  • Agregar a Reddit
  • Agregar a Magnolia
  • Agregar a Blinklist
  • Agregar a Blogmarks
  • Agregar a otro servicio

Danos tu comentario

Post a Comment

Subscribe to: Post Comments (Atom)

Home |Design by Blogger