Tip
This is the documentation for the 19.02 version. Looking for the documentation of the latest version? Have a look here.
- orphan:
IKE IdentityΒΆ
In IKE, each party must be sure that it is communicating with the correct
peer. One aspect of this validation is the identity. Each router will tell
the other its own local identity and then validate it against the stored remote
identity. If they do not match, the peer is rejected.
tnsr(config-ipsec-crypto-ike)# identity local
tnsr(config-ike-identity)# type address
tnsr(config-ike-identity)# value 203.0.113.2
tnsr(config-ike-identity)# exit
When configuring the identity, both the local and remote are required by IKE.
First, specify the local identity with identity local. This switches TNSR to
IKE identity mode. In this mode, the identity type and a valid corresponding
value for that type.must be set.
TNSR supports several identity types, to see a full list, enter type ? from
IKE identity mode.
The identity type and value must both be supplied to the administrator of the other router so they can properly identify this endpoint.
tnsr(config-ipsec-crypto-ike)# identity remote
tnsr(config-ike-identity)# type address
tnsr(config-ike-identity)# value 203.0.113.25
tnsr(config-ike-identity)# exit
The remote identity is configured in the same manner as the local identity,
but using the type and value supplied by the administrator of the remote
endpoint.