Tip

This is the documentation for the 19.02 version. Looking for the documentation of the latest version? Have a look here.

IKE IdentityΒΆ

In IKE, each party must be sure that it is communicating with the correct peer. One aspect of this validation is the identity. Each router will tell the other its own local identity and then validate it against the stored remote identity. If they do not match, the peer is rejected.

tnsr(config-ipsec-crypto-ike)# identity local
tnsr(config-ike-identity)# type address
tnsr(config-ike-identity)# value 203.0.113.2
tnsr(config-ike-identity)# exit

When configuring the identity, both the local and remote are required by IKE. First, specify the local identity with identity local. This switches TNSR to IKE identity mode. In this mode, the identity type and a valid corresponding value for that type.must be set.

TNSR supports several identity types, to see a full list, enter type ? from IKE identity mode.

The identity type and value must both be supplied to the administrator of the other router so they can properly identify this endpoint.

tnsr(config-ipsec-crypto-ike)# identity remote
tnsr(config-ike-identity)# type address
tnsr(config-ike-identity)# value 203.0.113.25
tnsr(config-ike-identity)# exit

The remote identity is configured in the same manner as the local identity, but using the type and value supplied by the administrator of the remote endpoint.