Enterasys Networks XSR CLI Benutzerhandbuch
IKE Security Protocol Commands
14-94 Configuring the VPN
The following is sample output from the command when the CA supports an RA. In this example,
CA and RA certificates were requested earlier by the
CA and RA certificates were requested earlier by the
crypto ca authenticate
command.
XSR>show crypto ca certificates
CA Certificate
Status: Available
Certificate Serial Number: 3051DF7123BEE31B8341DFE4B3A338E5F
Key Usage: Not Set
Status: Available
Certificate Serial Number: 3051DF7123BEE31B8341DFE4B3A338E5F
Key Usage: Not Set
RA Signature Certificate
Status: Available
Certificate Serial Number: 34BCF8A0
Key Usage: Signature
Status: Available
Certificate Serial Number: 34BCF8A0
Key Usage: Signature
RA KeyEncipher Certificate
Status: Available
Certificate Serial Number: 34BCF89F
Key Usage: Encryption
Status: Available
Certificate Serial Number: 34BCF89F
Key Usage: Encryption
IKE Security Protocol Commands
The following commands configure the Internet Key Exchange (IKE) Security Protocol on the XSR.
clear crypto isakmp
This command clears one or all active Internet Key Exchange connections.
Syntax
clear crypto isakmp [connection-id]
Mode
Privileged EXEC:
XSR#
Example
The following output shows an IKE connection between two peers connected by interfaces
172.21.114.123 and 172.21.114.67:
172.21.114.123 and 172.21.114.67:
XSR#show crypto isakmp sa
Connection-ID
Connection-ID
State
Source
Destination
Lifetime
1
QM_IDLE
172.21.114.67
172.21.114.123
2000
8
QM_IDLE
155.0.0.1
155.0.0.2
4000
The following example clears IKE connection 8:
XSR#clear crypto isakmp 8
connection-id
Sets which connection to clear. If this argument is not used, all existing
links will be cleared.
links will be cleared.