Internet Key Exchange (IKE)
Add or Edit IKE Policy
Note
Priority
Encryption
Note
Cisco Router and Security Device Manager Version 2.2 User's Guide
14-48
Add or edit an IKE policy in this window.
Not all routers support all encryption types. Unsupported types will not
•
appear in the screen.
Not all IOS images support all the encryption types that SDM supports. Types
•
unsupported by the IOS image will not appear in the screen.
If hardware encryption is turned on, only those encryption types supported by
•
both hardware encryption and the IOS image will appear in the screen.
An integer value that specifies the priority of this policy relative to the other
configured IKE policies. Assign the lowest numbers to the IKE policies that you
prefer that the router use. The router will offer those policies first during
negotiations.
The type of encryption that should be used to communicate this IKE policy. SDM
supports a variety of encryption types, listed in order of security. The more secure
an encryption type, the more processing time it requires.
If your router does not support an encryption type, the type will not appear in the
list.
SDM supports the following types of encryption:
Data Encryption Standard (DES)—This form of encryption supports 56-bit
•
encryption.
Triple Data Encryption Standard (3DES)—This is a stronger form of
•
encryption than DES, supporting 168-bit encryption.
AES-128—Advanced Encryption Standard (AES) encryption with a 128-bit
•
key. AES provides greater security than DES and is computationally more
efficient than triple DES.
Chapter 14
Internet Key Exchange
OL-4015-08