Command:

authentication (IKE policy)


Mode:

router(config-isakmp)#


Syntax:

authentication {rsa-sig | rsa-encr | pre-share}

no authentication

 

Syntax Description:

rsa-sig Specifies RSA signatures as the authentication method.
rsa-encr Specifies RSA encrypted nonces as the authentication method.
pre-share Specifies preshared keys as the authentication method.

 

Command Description:

To specify the authentication method within an Internet Key Exchange policy, use the authentication ISAKMP policy configuration command. IKE policies define a set of parameters to be used during IKE negotiation. To reset the authentication method to the default value, use the no form of this command.

Use this command to specify the authentication method to be used in an IKE policy.

If you specify RSA signatures, you must configure your peer routers to obtain certificates from a certification authority (CA).

If you specify RSA encrypted nonces, you must ensure that each peer has the other peer's RSA public keys.

If you specify preshared keys, you must also separately configure these preshared keys.


Example:

The following example configures an IKE policy with preshared keys as the authentication method (all other parameters are set to the defaults):

crypto isakmp policy 15
authentication pre-share
exit


Misconceptions:

None.


Related Commands:

crypto isakmp policy

show crypto isakmp policy

hash (IKE policy)

crypto key generate rsa (IKE)

crypto isakmp key


© Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)