Create an IKE Policy Using RSA Signatures

The IKE policy defines several aspects of the communication between the ISAKMP peers. Both peers must have matching values in an IKE policy to negotiate successfully the IKS SA. The IKE SA must be established to begin negotiation of the IPsec SA and create the encrypted connection. The IKE policy defines the following items:

• Authentication method

• Encryption algorithm

• Hash algorithm

Configuring the IKE policy requires a single command followed by several subcommands:

Miami#configure terminal Miami(config)#crypto isakmp policy 100 Miami(config-isakmp)#authentication rsa-sig

Miami(config-isakmp)#encryption aes 256 Miami(config-isakmp)#hash sha Miami(config-isakmp)#group 5 Miami(config-isakmp)#lifetime 86400

0 0

Post a comment