HostedDB - Dedicated UNIX Servers
index_163
UNCLASSIFIED Advanced Security Services  Version 1.0g  UNCLASSIFIED 163   Consult the Cisco IOS 12.0 Security Configuration Guide [2] for details on the other IKE options.   (Note: the router used for part of this example is named “Remote”, and that name appears in all the prompts.  Do not use a remote administration connection to enter sensitive IPSec parameters – use a local console connection.) To use pre-shared keys for making authentication decisions in IKE, each router must possess the same secret key. These keys should be obtained out-of-band by each of the routers’ administrators. Once the keys are securely held, the network administrators for the North and Remote routers (possibly the same person) should enter the key into their routers. For this example, the secret key is “01234abcde”.  We strongly recommend using difficult-to-guess combinations of characters, numbers, and punctuation symbols to build operational pre-shared keys.  To enter the keys, use the  crypto isakmp command in global configuration mode, as shown below.    The syntax for the crypto isakmp command is: crypto isakmp key key-value address destination-ip-address.   North# config t Enter configuration commands, one per line. End with CNTL/Z. North(config)# crypto isakmp key 01234abcde address 7.12.1.20 North(config)# exit North#   and Remote# config t Enter configuration commands, one per line. End with CNTL/Z. Remote(config)# crypto isakmp key 01234abcde address 14.2.0.20 Remote(config)# exit Remote# When entering new configuration information into the router it is always a good idea, after entering the new information, to check and see if the router has received the intended configuration information. One way to verify that the pre-shared keys were properly entered is to display the router’s running-configuration and look for the pre- shared key entered above. This can be done using the show running-config command in privileged EXEC mode. Establishing an IKE Security Policy Each router contains a list of IKE security polices. In order for two routers to be interoperable, there must be at least one policy in common between them. These policies capture information needed by the IKE protocol to help build a secure IPSec tunnel between the two routers. Each necessary parameter for the policy is listed