Configure the IKE Authentication Method

Use the following procedure to configure the IKE authentication method. The default is pre-shared key.

About this task

As part of the IKE protocol, one security gateway must authenticate another security gateway to make sure that IKE SAs are established with the intended party. The switch supports two authentication methods:
  • Digital certificates

    Configure peer identity name for IKE phase 1 and revocation check method.

  • Pre-shared keys

    Configure the same secret on both security gateways before the gateways can authenticate each other.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Configure the IKE authentication method using one of the following:
    • To use a digital certificate:

      ike policy WORD<1–32> auth-method digital-certificate [peer-name WORD <1-64> | revocation-check-method <crl|none|ocsp>]

    • To use a pre-shared key:

      ike policy WORD<1–32> auth-method pre-shared-key

      ike policy WORD<1–32> pre-shared-key WORD<0-32>

Variable Definitions

The following table defines parameters for the ike policy WORD<1–32> auth-method command.

Variable

Value

pre-shared-key

Specifies the authentication method as pre-shared key.

digital-certificate peer-name WORD <1-64>

Specifies peer identity name for IKE phase 1.

digital-certificate revocation-check-method<crl|none|ocsp>

Specifies the revocation check method. To set this option to the default value, use the default operator with the command: default ike policy WORD<1–32> revocation-check-method

The following table defines parameters for the ike policy WORD<1–32> pre-shared-key command.

Variable

Value

pre-shared-key WORD<0–32>

Specifies the pre-shared key. For Federal Information Processing Standards (FIPS) compliance, the minimum length is 14 characters.