Table of Contents
Advertisement
Internet Key Exchange (IKE)
If you want to:
Create an IKE policy.
SDM provides a default IKE policy, but there is no
guarantee that the peer has the same policy. You should
configure other IKE policies so that the router is able to
offer an IKE policy that the peer can accept.
Create a pre-shared key.
If IKE is used, the peers at each end must exchange a
pre-shared key to authenticate each other.
IKE Policies
Priority
Encryption
Cisco Router and Security Device Manager Version 2.2 User's Guide
14-46
IKE negotiations must be protected; therefore, each IKE negotiation begins by
each peer agreeing on a common (shared) IKE policy. This policy states which
security parameters will be used to protect subsequent IKE negotiations. This
window shows the IKE policies configured on the router, and allows you to add,
edit, or remove an IKE policy from the router's configuration. If no IKE policies
have been configured on the router, this window shows the default IKE policy.
After the two peers agree on a policy, the security parameters of the policy are
identified by a security association established at each peer. These security
associations apply to all subsequent IKE traffic during the negotiation.
The IKE policies in this list are available to all VPN connections.
An integer value that specifies the priority of this policy relative to the other
configured IKE policies. Assign the lowest numbers to the IKE policies that you
prefer that the router use. The router will offer those policies first during
negotiations.
The type of encryption that should be used to communicate this IKE policy.
Chapter 14
Do this:
Click the IKE Policy node on the VPN tree.
Click the Pre-Shared Key node on the VPN
tree.
Internet Key Exchange
OL-4015-08
Advertisement
Table of Contents
Troubleshooting
