Question regarding AN_58.
The Cisco section shows only a single entry under:
crypto ikev2 kering kyr1
identity key-id transport
Since there is no “ikev2 remote-authentication pre-shared-key xxxxx” or “ikev2 local-authentication pre-shared-key yyyyyy” statements, does that mean that digidigi is the key for both ends in the digi config in section 3.6?
The answer is yes.
If you want differnt keys for the remote then you do something like this:
crypto ikev2 keyring bob
identity key-id frank
pre-shared-key remote thisisfrankspsk
crypto ikev2 profile bobprofile
match identity remote key-id frank
identity local key-id MYCCrouter
authentication remote pre-share
authentication local pre-share key thisisMYrouterkey
keyring local bob
dpd 10 2 periodic
And away you go.