Product specifications
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-56 Efficient Networks
®
The session initiator creates a cookie and sends it to the responder, with a zero
placeholder in the responder cookie area. The responder then creates a cookie and
fills in the zeros. All packets will contain these two cookies until the Phase 1 SA
expires. IKE Peer commands next establish the identity of local and remote peers.
Then IKE Proposal commands specify how packets will be encrypted and/or
authenticated for the initial exchange.
Phase 2 IKE:
IKE IPSec Proposal commands specify how packets will be encrypted/authenticated
for the final SA. Then IKE IPSec Policy commands specify which packets will be
encrypted/authenticated for the final SA.
IKE Commands
The Internet Key Exchange (IKE) process consists of two phases. In phase 1, a
moderately secure connection is established between the two security endpoints.
This connection is used to exchange key and connection information for the final
security association (SA), which is used to exchange user data.
Use the following command to clear all IKE configuration information from the router.
-> ike flush
The other IKE commands relate to the four categories of information required to set
up IKE in the router.
1. IKE Proposal Commands establish the identity of the local and remote peers.
2. IKE Proposal Commands define the proposals exchanged during the Phase
1 exchange.
3. IKE IPSec Proposal Commands specify the parameters for the final SA.
4. IKE IPSec Policy Commands specify the filtering parameters for the final SA.
IKE Peer Commands
The IKE peer commands establish the identity of the local and remote peers.
-> ike peers add <peername>
Defines the name of a new IKE peer.
-> ike peers delete <peername>
Deletes an existing IKE peer.
-> ike peers list
Lists the IKE peers.