Hi All:

Question regarding AN_58.
The Cisco section shows only a single entry under:
crypto ikev2 kering kyr1
peer transport
identity key-id transport
pre-shared-key digidigi

Since there is no “ikev2 remote-authentication pre-shared-key xxxxx” or “ikev2 local-authentication pre-shared-key yyyyyy” statements, does that mean that digidigi is the key for both ends in the digi config in section 3.6?


The answer is yes.
If you want differnt keys for the remote then you do something like this:
crypto ikev2 keyring bob
peer frank
identity key-id frank
pre-shared-key remote thisisfrankspsk

crypto ikev2 profile bobprofile
match identity remote key-id frank
identity local key-id MYCCrouter
authentication remote pre-share
authentication local pre-share key thisisMYrouterkey
keyring local bob
lifetime 14400
dpd 10 2 periodic

And away you go.