Remote Secret List Configuration Mode Commands

Mode

The Remote Secret List Configuration Mode manages the list of for storing remote secrets based on ID type.

Exec > Global Configuration > Remote Secret List Configuration

> crypto remote-secret-list listname

[local_context]host_name(config-remote-server-list)# 

do show

Executes all show commands while in Configuration mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

do show 

Usage Guidelines

Use this command to run all Exec mode show commands while in Configuration mode. It is not necessary to exit the Config mode to run a show command.

The pipe character | is only available if the command is valid in the Exec mode.


Caution


There are some Exec mode show commands which are too resource intensive to run from Config mode. These include: do show support collection , do show support details , do show support record and do show support summary . If there is a restriction on a specific show command, the following error message is displayed:

Failure: Cannot execute 'do	show support' command from Config mode.

end

Exits the current configuration mode and returns to the Exec mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

end 

Usage Guidelines

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product

All

Privilege

Security Administrator, Administrator

Syntax

exit 

Usage Guidelines

Use this command to return to the parent configuration mode.

remote-id

Configures the remote pre-shared key based on the ID type.

Product

WSG

Privilege

Security Administrator

Mode

Exec > Global Configuration > Remote Secret List Configuration

> crypto remote-secret-list listname

[local_context]host_name(config-remote-server-list)# 

Syntax

remote-id id-type { der-asn1-dn | fqdn | ip-addr | key-id | rfc822-addr } id id_value secret [ encrypted ]  key key_value 
no remote-id id-type { der-asn1-dn | fqdn | ip-addr | key-id | rfc822-addr } id id_value  

no

Removes the specified ID from the remote secret list.

id-type { der-asn1-dn | fqdn | ip-addr | key-id | rfc822-addr }

Configures the NAI IDr type parameter. If no id-type is specified, then rfc822-addr is assumed.
  • der-asn1-dn : configures NAI Type DER_ASN1_DN (Distinguished Encoding Rules, ASN.1 encoding, Distinguished Name)
  • fqdn : configures NAI Type ID_FQDN (Internet Fully Qualified Domain Name).
  • ip-addr : configures NAI Type ID_IP_ADDR (IP Address).
  • key-id : configures NAI Type ID_KEY_ID (opaque octet string).
  • rfc822-addr : configures NAI Type ID_RFC822_ADDR (RFC 822 email address).

secret [ encrypted ] key key_value

Specifies the use of an encrypted or plain text secret key. key_value is an alphanumeric string of 1 through 255 bytes or a hexadecimal string of 16 to 444 bytes.

Usage Guidelines

Use this command to enter up to 1000 entries in the remote secret list. Each entry is designated by ID type and ID value. Repeat the command sequence to add entries to the list.

Example

The following command enters an ip address in the remote secret list:
remote-id id-type ip-addr id 10.1.1.1