Configuring an IKE keychain

About IKE keychain

Perform this task when you configure the IKE to use the pre-shared key for authentication.

Follow these guidelines when you configure an IKE keychain:

Procedure

  1. Enter system view.

    system-view

  2. Create an IKE keychain and enter its view.

    ike keychain keychain-name [ vpn-instance vpn-instance-name ]

  3. Configure a pre-shared key.

    In non-FIPS mode:

    pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name } key { cipher | simple } string

    In FIPS mode:

    pre-shared-key { address { ipv4-address [ mask | mask-length ] | ipv6 ipv6-address [ prefix-length ] } | hostname host-name } key [ cipher string ]

    By default, no pre-shared key is configured.

  4. (Optional.) Specify a local interface or IP address to which the IKE keychain can be applied.

    match local address { interface-type interface-number | { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }

    By default, an IKE keychain can be applied to any local interface or IP address.

  5. (Optional.) Specify a priority for the IKE keychain.

    priority priority

    The default priority is 100.