Create the IKE Policy

The IKE policy defines several aspects of the communication between the ISAKMP peers. Both peers must have matching values in an IKE policy to negotiate successfully the IKS SA. The IKE SA must be established to begin negotiation of the IPsec SA and create the encrypted connection. The IKE policy defined the following items:

• Authentication method

• Encryption algorithm

• Hash algorithm

Configuring the IKE policy requires a single command followed by several subcommands:

Miami#configure terminal Miami(config)#crypto isakmp policy 100 Miami(config-isakmp)#authentication pre-share

Miami(config-isakmp)#encryption aes 256 Miami(config-isakmp)#hash sha

Miami(config-isakmp)#group 5 Miami(config-isakmp)#lifetime 86400

0 0

Post a comment