Create Ike Polices; Configure Pre-Shared Keys; Configure Certificate - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

If you do not want IKE to be used with your IPSec implementation, you can disable it at all IPSec peers.

NOTE: IKE must be enabled or disabled at all IPSec peers; you cannot have a mix of IKE-

enabled and IKE-disabled peers within your IPSec network you must manually specify all

the IPSec security associations in the crypto maps at all peers

To configure IKE, perform the following tasks:

• Create IKE Policies

• Configure Pre-Shared Keys (Optional, depending on IKE parameters)

• Configure CA Certificate (Optional, depending on IKE parameters)

11.3.2.1 Create IKE Polices

An IKE policy must be established on both the peers including the pre-shared key. Multiple IKE policies can

be specified with priority. If any of these parameters matches one particular IKE policy, then IKE SA gets

established.

You must create IKE policies at each peer. An IKE policy defines a combination of security parameters to be

used during the IKE negotiation.

Parameter

Encryption algorithm

Hash algorithm

Authentication method

Diffie-Hellman group

identifier

Security association's

lifetime

11.3.2.2 Configure Pre-Shared Keys

To configure pre-shared keys, specify the shared keys at each peer.

A given pre-shared key is shared between two peers. At a given peer you could specify the same key to share

with multiple remote peers; however, a more secure approach is to specify different keys to share between

different pairs of peers.

11.3.2.3 Configure Certificate

To configure certificate, we need to specify the trustpoint that references the CA and the server certificate.

Refer to

Configuring the Certificate Manager using CLI

Accepted Values

56-bit DES-CBC

3DES-CBC

128-bit AES

192-bit AES

256 bits AES

SHA-1 (HMAC variant)

MD5 (HMAC variant)

pre-shared keys

ca-certificate

768-bit Diffie-Hellman or

1024-bit Diffie-Hellman

can specify any number of

seconds

for further details.

Keyword

Des

3Des

Aes

Aes 192

Aes 256

Sha

md5

pre-share

rsa-sig

11-5

VPN

Default Value

3DES

SHA-1

pre-shared

768-bit Diffie-

Hellman

86400 seconds (one

day)

Table of Contents

Create Ike Polices; Configure Pre-Shared Keys; Configure Certificate - Motorola WS5100 Series Migration Giude

11.3.2.1 Create IKE Polices

11.3.2.2 Configure Pre-Shared Keys

11.3.2.3 Configure Certificate

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents