To configure pre-shared keys, perform these tasks at each peer that uses
pre-shared keys in an IKE policy
:
- First, set the ISAKMP identity of each peer. The identity of each peer
should be set to either its host name or by its IP address. By default, the
peer identity is set to its IP address.
- Next, specify the shared keys at each peer. Note that a given pre-shared
key is shared between two peers. A given peer could be specified to use the
same key to share with multiple remote peers. A more secure approach is to
specify different keys to share between different pairs of peers.
To specify pre-shared keys at a peer, use the commands shown in Figure
in
global configuration mode.