Configuring an Isakmp Policy

To configure an ISAKMP policy, first create the policy, and then give the parameters. These parameters might include such things as type of encryption, type of hash, type of authentication, SA lifetime, and Diffie-Hellman group. The following example shows an ISAKMP policy configuration, along with the options available with each parameter. Options will vary based on Cisco IOS version:

IPSEC_RTR(config)#crypto isakmp policy ? <1-10000> Priority of protection suite IPSEC_RTR(config)#crypto isakmp policy 1

IPSEC_RTR(config-isakmp)#encryption ? 3des Three key triple DES

aes AES - Advanced Encryption Standard. °

des DES - Data Encryption Standard (56 bit keys). °

IPSEC_RTR(config-isakmp)#encryption 3des P

IPSEC_RTR(config-isakmp)#hash ? °

md5 Message Digest 5 JS

sha Secure Hash Standard

IPSEC_RTR(config-isakmp)#hash sha !

IPSEC_RTR(config-isakmp)#authentication ? pre-share Pre-Shared Key rsa-encr Rivest-Shamir-Adleman Encryption rsa-sig Rivest-Shamir-Adleman Signature

IPSEC_RTR(config-isakmp)#authentication pre-share !

IPSEC_RTR(config-isakmp)#group ?

1 Diffie-Hellman group 1

2 Diffie-Hellman group 2 5 Diffie-Hellman group 5

IPSEC_RTR(config-isakmp)#group 2

IPSEC_RTR(config-isakmp)#lifetime ? <60-86400> lifetime in seconds IPSEC_RTR(config-isakmp)#lifetime 300

0 0

Post a comment