Configure the IKE Authentication Method

Use the following procedure to configure the IKE authentication method. The default is pre-shared key.

About this task

As part of the IKE protocol, one security gateway must authenticate another security gateway to make sure that IKE SAs are established with the intended party. The switch supports two authentication methods:

Digital certificates

Configure peer identity name for IKE phase 1 and revocation check method.
Pre-shared keys

Configure the same secret on both security gateways before the gateways can authenticate each other.

Procedure

Enter Global Configuration mode:

enable

configure terminal
Configure the IKE authentication method using one of the following:
- To use a digital certificate:
  
  ike policy WORD<1–32> auth-method digital-certificate [peer-name WORD <1-64> | revocation-check-method <crl|none|ocsp>]
- To use a pre-shared key:
  
  ike policy WORD<1–32> auth-method pre-shared-key
  
  ike policy WORD<1–32> pre-shared-key WORD<0-32>

Variable Definitions

The following table defines parameters for the ike policy WORD<1–32> auth-method command.


Variable	Value
pre-shared-key	Specifies the authentication method as pre-shared key.
digital-certificate peer-name `WORD <1-64>`	Specifies peer identity name for IKE phase 1.
digital-certificate revocation-check-method`<crl\|none\|ocsp>`	Specifies the revocation check method. To set this option to the default value, use the default operator with the command: default ike policy WORD<1–32> revocation-check-method

The following table defines parameters for the ike policy WORD<1–32> pre-shared-key command.


Variable	Value
pre-shared-key `WORD<0–32>`	Specifies the pre-shared key. For Federal Information Processing Standards (FIPS) compliance, the minimum length is 14 characters.