crypto-ikev1/ikev2-peer commands

Configures IKEv1/IKEv2 peer‘s authentication mode and the pre-shared key

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


authentication [psk|rsa]
authentication psk [0 <WORD>|2 <WORD>|<WORD>] {local|remote}
authentication rsa


authentication psk [0 <WORD>|2 <WORD>|<WORD>] {local|remote}
psk [0 <WORD>| 2 <WORD>| <WORD>] {local|remote} Configures the authentication mode as PSK. The PSK is a string, 8 - 12 characters long. It is shared by both ends of the VPN tunnel connection. If using IKEv2, both a local and remote string must be specified for handshake validation at both ends (local and remote) of the VPN connection.
  • 0 <WORD> – Configures a clear text key
  • 2 <WORD> – Configures an encrypted key
  • <WORD> – Configures the pre-shared key

The following keywords are available only in the IKEv2 peer configuration mode:

  • local – Optional. Uses the specified key for local peer authentication only
  • remote – Optional. Uses the specified key for remote peer authentication only
    Note: In case the peer type is not specified, this string is used for authenticating both local and remote peers.
authentication rsa
rsa Configures the authentication mode as RSA This is the default setting (for both IKEv1 and IKEv2).

RSA is the first known public-key cryptography algorithm designed signing and encryption. If configuring the IKEv2 peer, the ‘rsa‘ option allows you to enable authentication at both ends of the VPN connection (local and remote).


nx9500-6C8809(config-profile-default-rfs4000-ikev1-peer-peer1)#authentication rsa

psk 0 key@123456

nx9500-6C8809(config-profile-default-rfs4000-ikev2-peer-peer1)#show context
 crypto ikev2 peer peer1
  authentication psk 0 key@123456 local
  authentication psk 0 key@123456 remote