Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Defining User Reauthentication Protocol Values

    You can specify the extended user authentication protocol for use during the extended user authentication protocol exchange. You can use the re-authenticate keyword to enable the reauthentication option (a subsequent authentication procedure). When this option is enabled, rekeying of IKE SAs uses the initial authentication protocol to reauthenticate the user. When this option is disabled, authentication is only performed at the first IKE SA establishment. Subsequent IKE SAs rekey operations inherit the initial authentication and do not reauthenticate users. You can use the skip-peer-config keyword to disable the router from configuring peer IP characteristics.

    Note: For maximum security, enable reauthentication.

    To specify the extended user authentication protocol for use during the extended user authentication protocol exchange:

    • From IPsec Tunnel Profile Configuration mode, specify the extended user authentication.
      host1(config-ipsec-tunnel-profile)#extended-authentication chap

      Use the no version to reset the extended authentication to the default protocol, pap.

    Published: 2014-08-12