Cisco FirePOWER ASA 5500 series Configuration Manual page 685
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 36
Configuring LAN-to-LAN IPSec VPNs
An authentication method, to ensure the identity of the peers.
•
An encryption method, to protect the data and ensure privacy.
•
A Hashed Message Authentication Codes method to ensure the identity of the sender and to ensure
•
that the message has not been modified in transit.
A Diffie-Hellman group to establish the strength of the encryption-key-determination algorithm.
•
The security appliance uses this algorithm to derive the encryption and hash keys.
A time limit for how long the security appliance uses an encryption key before replacing it.
•
See
on page 27-3
about the IKE policy keywords and their values.
To configure ISAKMP policies, in global configuration mode use the isakmp policy command with its
various arguments. The syntax for ISAKMP policy commands is as follows:
isakmp policy priority attribute_name [attribute_value | integer].
Perform the following steps and use the command syntax in the following examples as a guide.
Set the authentication method. The following example configures a preshared key. The priority is 1 in
Step 1
this and all following steps.
hostname(config)# isakmp policy 1 authentication pre-share
hostname(config)#
Step 2
Set the encryption method. The following example configures 3DES.
hostname(config)# isakmp policy 1 encryption 3des
hostname(config)#
Set the HMAC method. The following example configures SHA-1.
Step 3
hostname(config)# isakmp policy 1 hash sha
hostname(config)#
Set the Diffie-Hellman group. The following example configures Group 2.
Step 4
hostname(config)# isakmp policy 1 group 2
hostname(config)#
Set the encryption key lifetime. The following example configures 43,200 seconds (12 hours).
Step 5
hostname(config)# isakmp policy 1 lifetime 43200
hostname(config)#
Enable ISAKMP on the interface named outside.
Step 6
hostname(config)# isakmp enable outside
hostname(config)#
To save your changes, enter the write memory command.
Step 7
hostname(config)# write memory
hostname(config)#
OL-10088-01
Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface
in the "Configuring IPSec and ISAKMP" chapter of this guide for detailed information
Cisco Security Appliance Command Line Configuration Guide
36-3
Advertisement
Table of Contents
Troubleshooting
