Table of Contents
Advertisement
Chapter 7
Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation
Configure the IKE Policy
Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global
configuration mode:
Command or Action
Step 1
crypto isakmp policy priority
Example:
Router(config)# crypto isakmp policy 1
Router(config-isakmp)#
Step 2
encryption {des | 3des | aes | aes 192 | aes 256}
Example:
Router(config-isakmp)# encryption 3des
Router(config-isakmp)#
Step 3
hash {md5 | sha}
Example:
Router(config-isakmp)# hash md5
Router(config-isakmp)#
Step 4
authentication {rsa-sig | rsa-encr | pre-share}
Example:
Router(config-isakmp)# authentication
pre-share
Router(config-isakmp)#
Step 5
group {1 | 2 | 5}
Example:
Router(config-isakmp)# group 2
Router(config-isakmp)#
Step 6
lifetime seconds
Example:
Router(config-isakmp)# lifetime 480
Router(config-isakmp)#
Step 7
exit
Example:
Router(config-isakmp)# exit
Router(config)#
OL-14210-01
Purpose
Creates an IKE policy that is used during IKE
negotiation. The priority is a number from 1 to
10000, with 1 being the highest.
Also enters Internet Security Association and Key
Management Protocol (ISAKMP) policy
configuration mode.
Specifies the encryption algorithm used in the
IKE policy.
The example uses 168-bit Data Encryption
Standard (DES).
Specifies the hash algorithm used in the IKE
policy.
The example specifies the Message Digest 5
(MD5) algorithm. The default is Secure Hash
standard (SHA-1).
Specifies the authentication method used in the
IKE policy.
The example uses a pre-shared key.
Specifies the Diffie-Hellman group to be used in
the IKE policy.
Specifies the lifetime, 60–86400 seconds, for an
IKE security association (SA).
Exits IKE policy configuration mode, and enters
global configuration mode.
Cisco Secure Router 520 Series Software Configuration Guide
Configure a VPN
7-3
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
