Specifications
Chapter 5. Configuring Software Options 139
IKE Commands
The Internet Key Exchange (IKE) process consists of two phases. In phase 1, a moderately secure connection is
established between the two security endpoints. This connection is used to exchange key and connection
information for the final SA, which is used to exchange user data.
You can use the following command to clear all IKE configuration information from the router.
ike flush
The other IKE commands relate to the four categories of information required to set up IKE in the router.
1. The IKE Peer commands establish the identity of the local and remote peers.
2. The IKE Proposal commands define the proposals exchanged during the Phase 1 exchange.
3. The IKE IPSec Proposal commands specify the parameters for the final SA.
4. The IKE IPSec Policy commands specify the filtering parameters for the final SA.
IKE Peer Commands
The IKE peer commands establish the identity of the local and remote peers.
ike peers add <PeerName> Defines the name of a new IKE peer.
ike peers delete <PeerName> Deletes an existing IKE peer.
ike peers list Lists the IKE peers.
The following commands define the peer connection.
ike peers set mode <MAIN | AGGRESSIVE> <PeerName>
Sets the peer connection to either main or aggressive mode. Main mode is used when the IP addresses of
both ends are known. Aggressive mode is used when the address of one end can change, as with a typical
modem or DSL connection.
For a main mode connection, set only the IP address and the secret:
ike peers set address <IPaddress> <PeerName>
Sets the IP address of the other endpoint. In a main mode configuration, the other endpoint is constant.
ike peers set secret <secret> <PeerName>
Sets the shared secret for the peer. The secret must be identical for both ends. It can be up to 256
characters long; do not use spaces or non-printable characters.
For an aggressive mode connection, you must set the IP address and secret and several more options.
ike peers set address <IPaddress> <PeerName>