Command Reference Guide
SROS Command Line Interface Reference Guide Global Configuration Mode Command Set
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 223
crypto ike
Use the crypto ike command to define the system-level local ID for IKE negotiations and to enter the IKE
Client or IKE Policy command sets.
Variations of this command include the following:
crypto ike client configuration pool <poolname>
crypto ike local-id address
crypto ike policy <policy priority>
Syntax Description
client configuration Creates a local pool named the
<poolname>
of your choice and enters the IKE
pool
<poolname>
Client. Clients that connect via an IKE policy that specifies this pool-name will be
assigned values from this pool. See the section for more information.
local-id address Sets the local ID during IKE negotiation to be the IP address of the interface from
which the traffic exits. This setting can be overridden on a per-policy basis using
the local-id command in the IKE Policy (see
local-id [address | asn1-dn | fqdn |
user-fqdn] <ipaddress or name>
on page 380 for more information).
policy
<policy priority>
Creates an IKE policy with the
<policy priority>
of your choice and enters the IKE
Policy. See
IKE Policy Command Set on page 373 for more information.
Default Values
There are no default settings for this command.
Command Modes
(config)# Global Configuration Mode
Usage Examples
The following example creates an IKE policy with a policy priority setting of 1 and enters the IKE Policy for
that policy:
(config)#crypto ike policy 1
(config-ike)#
Technology Review
The following example configures an Secure Router OS product for VPN using IKE aggressive mode with
pre-shared keys. The Secure Router OS product can be set to initiate IKE negotiation in main mode or
aggressive mode. The product can be set to respond to IKE negotiation in main mode, aggressive mode,
or any mode. In this example, the device is configured to initiate in aggressive mode and to respond to any
mode.