Step 1Enable IKE

Router A crypto isakmp enable

Router A crypto isakmp enable

Globally enables or disables IKE at your router. IKE is enabled by default.

IKE is enabled globally for all interfaces at the router.

Use the no form of the command to disable IKE.

An ACL can be used to block IKE on a particular interface.

The first step in configuring IKE is to enable or disable ISAKMP, thereby enabling or disabling IKE. ISAKMP, and consequently IKE, is globally enabled and disabled with the crypto isakmp enable command. ISAKMP is enabled by default. Use the no form of the command to disable ISAKMP.

Although ISAKMP does not have to be enabled for individual interfaces, it is enabled globally for all interfaces at the router. You may choose to block ISAKMP access on interfaces that are not used for IPSec to prevent possible denial of service attacks by using an ACL statement that blocks UDP port 500 on the interfaces.

0 0

Post a comment