What for is this command?

dosic · ‎11-01-2008

Hi, guys.

I'm working with Easy VPN. It is ok.

But I can not understand what for should I use this command on the IOS EZVPN Server:

'crypto isakmp client configuration address-pool local' ???

What is the difference from 'ip local .. ' command?

In the docs I've found this:

To configure the IP address local pool to reference IKE on your router, use the crypto isakmp client configuration address-pool local global configuration command. http://www.cisco.com/en/US/docs/ios/12_0/12_0x/feature/guide/modconf.html#wp17187

But still have no ideas.

Can you share yours?

Regards

vmoopeung · ‎11-06-2008

This â€œ'crypto isakmp client configuration address-pool local' is configured as IP address pool do reference to IKE by default.

Internet Key Exchange (IKE) Mode Configuration, as defined by the Internet Engineering Task Force (IETF), allows a gateway to download an IP address (and other network level configuration) to the client as part of an IKE negotiation. Using this exchange, the gateway gives IP addresses to the IKE client to be used as an "inner" IP address encapsulated under IPSec. This provides a known IP address for the client which can be matched against Internet Protocol Security (IPSec) policy.

This feature implements IKE Mode Configuration into existing Cisco IOS IPSec software images. Using IKE Mode Configuration, you can configure a Cisco access server to download an IP address to a client as part of an IKE transaction.

To know more about the IKE mode configuration refer the below URL:

http://www.cisco.com/en/US/docs/ios/12_0/12_0x/feature/guide/modconf.html#wp5926

I think you are mentioning about â€œIp local pool â€œ command. This command is used to Configure a local pool of IP addresses to be used when a remote peer connects to a point-to-point interface.