Cisco ISR G2 Series Configuration Manual page 9

K S
EY ERVER
Identify the location of the key servers. Provide the key server name and whether the server has a primary or
secondary role.
IPSec has two sets of policies to be configured, the ISAKMP policy and the IPSec Policy, also referred to as the
transform set.
Configuration for Primary key server is shown below.
Key Server Configuration – ISAKMP Policy
Hostname
!### Define the ISAKMP Policy ###
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
!### Define pre-shared keys for each GM and other KS if any ###
crypto isakmp key NEMO address 0.0.0.0 0.0.0.0 no-xauth
Key Server Configuration – IPsec Policy
!### Define the IPSec Policy ###
crypto ipsec transform-set NEMO esp-aes esp-sha-hmac
!
crypto ipsec profile NEMO
set security-association lifetime seconds 28800
set transform-set NEMO
Key Server Configuration – GDOI
!### GDOI Configuration ###
crypto gdoi group NEMO
identity number 1
server local
rekey retransmit 10 number 2
rekey authentication mypubkey rsa NEMO
rekey transport unicast
sa ipsec 1
profile NEMO
match address ipv4 NEMO-GETVPN
replay counter window-size 64
address ipv4
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.
_________________________________________________________
keyserver-name
<KS1 address> or <KS2 address>
Page 9 of 16