Tip
This is the documentation for the 19.02 version. Looking for the documentation of the latest version? Have a look here.
- orphan:
IKE AuthenticationΒΆ
After verifying the identity, TNSR will attempt to authenticate the peer using
the secret from its configuration in one or two round passes. In most
common configurations there is only a single authentication round, however in
IKEv2 a tunnel may have two rounds of unique authentication.
tnsr(config-ipsec-crypto-ike)# authentication local
tnsr(config-ike-auth)# round 1
tnsr(config-ike-auth-round)# type psk
tnsr(config-ike-auth-round)# psk mysupersecretkey
tnsr(config-ike-auth-round)# exit
tnsr(config-ike-auth)# exit
The authentication local command defines the parameters used to authenticate
outbound traffic. Once entered, that command switches to IKE Authentication
mode (ike-auth).
This example only has one single round of authentication, a pre-shared key of
mysupersecretkey. Thus, the type is set to psk and then the psk
is set to the secret value.
Warning
Do not transmit the pre-shared key over an insecure channel such as plain text e-mail!
Note
Currently the only authentication type supported by TNSR is Pre-Shared Key.
tnsr(config-ipsec-crypto-ike)# authentication remote
tnsr(config-ike-auth)# round 1
tnsr(config-ike-auth-round)# type psk
tnsr(config-ike-auth-round)# psk mysupersecretkey
tnsr(config-ike-auth-round)# exit
tnsr(config-ike-auth)# exit
The remote authentication setup is typically identical to the local, configuration, as it is in this example. This set of parameters is used to authenticate inbound traffic from the peer.