Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Defining the Server IP Address

    You can define the specified local IP address as the server address. The router monitors UDP port 500 for incoming login requests (that is, IKE SA negotiations) from users.

    Note: This address is typically made public to all users trying to connect to a VPN on this router.

    This command enables you to optionally set a global preshared key for the specified server address. When using global preshared keys, keep the following in mind:

    • Global preshared keys enable a group of users to share a single authentication key, simplifying the administrative job of setting up keys for multiple users.
    • Specific keys for individual users have higher priority than global keys. If both individual and global keys are configured, the individual that also has a specific key must use that key or authentication fails.
    • More than one profile can specify the same local endpoint and virtual router. Because the last value set overrides the other, we recommend that you avoid this type of configuration.

    To specify the given local IP address as a server address:

    • From IPsec Tunnel Profile Configuration mode, specify the local IP address.
      host1(config-ipsec-tunnel-profile)#local ip address 192.2.52.12

      Use the no version to stop the router from monitoring UDP port 500 for user requests and remove any preshared key associations with the local IP address.

    Published: 2014-08-12