Cisco 520-T1 Software Guide - Page 67
Con the IKE Policy, Example
UPC - 882658299889
View all Cisco 520-T1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 67 highlights
Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Configure the IKE Policy Note The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT, DCHP and VLANs. If you have not performed these configurations tasks, see Chapter 1, "Basic Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT," Chapter 4, "Configuring PPP over ATM with NAT," and Chapter 5, "Configuring a LAN with DHCP and VLANs" as appropriate for your router. Note The examples shown in this chapter refer only to the endpoint configuration on the Cisco Secure Router 520 Series router. Any VPN connection requires both endpoints be configured properly to function. See the software configuration documentation as needed to configure VPN for other router models. Configure the IKE Policy Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global configuration mode: Step 1 Step 2 Command or Action crypto isakmp policy priority Example: Router(config)# crypto isakmp policy 1 Router(config-isakmp)# encryption {des | 3des | aes | aes 192 | aes 256} Example: Router(config-isakmp)# encryption 3des Router(config-isakmp)# Purpose Creates an IKE policy that is used during IKE negotiation. The priority is a number from 1 to 10000, with 1 being the highest. Also enters the Internet Security Association Key and Management Protocol (ISAKMP) policy configuration mode. Specifies the encryption algorithm used in the IKE policy. The example specifies 168-bit data encryption standard (DES). Step 3 Step 4 hash {md5 | sha} Example: Router(config-isakmp)# hash md5 Router(config-isakmp)# Specifies the hash algorithm used in the IKE policy. The example specifies the Message Digest 5 (MD5) algorithm. The default is Secure Hash standard (SHA-1). authentication {rsa-sig | rsa-encr | pre-share} Example: Router(config-isakmp)# authentication pre-share Router(config-isakmp)# Specifies the authentication method used in the IKE policy. The example specifies a pre-shared key. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 6-3