authentication

crypto-ikev1/ikev2-peer commands

Configures IKEv1/IKEv2 peer‘s authentication mode and the pre-shared key

Supported in the following platforms:

Syntax

authentication [psk|rsa]
authentication psk [0 <WORD>|2 <WORD>|<WORD>] {local|remote}
authentication rsa

Parameters

authentication psk [0 <WORD>|2 <WORD>|<WORD>] {local|remote}
psk [0 <WORD>| 2 <WORD>| <WORD>] {local|remote} Configures the authentication mode as PSK. The PSK is a string, 8 - 12 characters long. It is shared by both ends of the VPN tunnel connection. If using IKEv2, both a local and remote string must be specified for handshake validation at both ends (local and remote) of the VPN connection.
  • 0 <WORD> – Configures a clear text key
  • 2 <WORD> – Configures an encrypted key
  • <WORD> – Configures the pre-shared key

The following keywords are available only in the IKEv2 peer configuration mode:

  • local – Optional. Uses the specified key for local peer authentication only
  • remote – Optional. Uses the specified key for remote peer authentication only
    Note: In case the peer type is not specified, this string is used for authenticating both local and remote peers.
authentication rsa
rsa Configures the authentication mode as RSA This is the default setting (for both IKEv1 and IKEv2).

RSA is the first known public-key cryptography algorithm designed signing and encryption. If configuring the IKEv2 peer, the ‘rsa‘ option allows you to enable authentication at both ends of the VPN connection (local and remote).

Example

nx9500-6C8809(config-profile-default-ap8533-ikev1-peer-peer1)#authentication rsa 

nx9500-6C8809(config-profile-default-ap8533-ikev2-peer-peer1)#authentication psk 0 key@123456

nx9500-6C8809(config-profile-default-ap8533-ikev2-peer-peer1)#show context
 crypto ikev2 peer peer1
  authentication psk 0 key@123456 local
  authentication psk 0 key@123456 remote
nx9500-6C8809(config-profile-default-ap8533-ikev2-peer-peer1)#