Chapter
Configuring Security Features
Configure the IKE Policy
To configure the Internet Key Exchange (IKE) policy, follow these steps, beginning in global
configuration mode.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Command or Action
Step 1
crypto isakmp policy priority
Example:
Router(config)# crypto isakmp policy 1
Router(config-isakmp)#
Step 2
encryption {des | 3des | aes | aes 192 | aes 256}
Example:
Router(config-isakmp)# encryption 3des
Router(config-isakmp)#
Step 3
hash {md5 | sha}
Example:
Router(config-isakmp)# hash md5
Router(config-isakmp)#
Step 4
authentication {rsa-sig | rsa-encr | pre-share}
Example:
Router(config-isakmp)# authentication
pre-share
Router(config-isakmp)#
Step 5
group {1 | 2 | 5}
Example:
Router(config-isakmp)# group 2
Router(config-isakmp)#
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
crypto isakmp policy priority
encryption {des | 3des | aes | aes 192 | aes 256}
hash {md5 | sha}
authentication {rsa-sig | rsa-encr | pre-share}
group {1 | 2 | 5}
lifetime seconds
exit
Purpose
Creates an IKE policy that is used during IKE
negotiation. The priority is a number from 1 to
10000, with 1 being the highest.
1
Also enters the ISAKMP
mode.
Specifies the encryption algorithm used in the IKE
policy.
The example specifies 168-bit DES
Specifies the hash algorithm used in the IKE
policy.
The example specifies the MD5
4
default is SHA-1
.
Specifies the authentication method used in the
IKE policy.
The example specifies a pre-shared key.
Specifies the Diffie-Hellman group to be used in
an IKE policy.
Configuring VPN
policy configuration
2
.
3
algorithm. The
135