Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 124

How to Implement IKE Security Protocol Configurations for IPSec Networks
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto isakmp policy priority
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp
policy 5
Step 3
encryption {192-aes AES - Advanced Encryption
Standard (192-bit keys) | 256-aes AES -
Advanced Encryption Standard (256-bit keys) |
3des 3DES - Three-key triple DES | aes AES -
Advanced Encryption Standard (128 bit keys) |
des DES - Data Encryption Standard (56 bit
keys)}
Example:
RP/0/RP0/CPU0:router(config-isakmp)# encryption
aes
Step 4
hash {sha | md5}
Example:
RP/0/RP0/CPU0:router(config-isakmp)# hash md5
Step 5
authentication {pre-share | rsa-sig | rsa-encr}
Example:
RP/0/RP0/CPU0:router(config-isakmp)#
authentication rsa-sig
Step 6
group {1 | 2 | 5}
Example:
RP/0/RP0/CPU0:router(config-isakmp)# group 5
Step 7
lifetime seconds
Example:
RP/0/RP0/CPU0:router(config-isakmp)# lifetime
50000
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-118
Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Identifies the policy to create.
Each policy is uniquely identified by the priority number
you assign, which can be from 1-10000. This command
places the router in ISAKMP policy configuration mode.
Specifies the encryption algorithm.
Specifies the hash algorithm.
• SHA—Secure-hash-algorithm
• MD5—Message-digest-5
Note SHA and MD5 can be used to calculate hashed
message authentication coding (HMAC).
Specifies the authentication method for this policy as either
a pre-shared key, an RSA-encryption, or an RSA signature.
Specifies the Diffie-Hellman group identifier.
Specifies the lifetime of the security association. The range,
in seconds, is from 60 to 86400.
OL-20382-01