Table of Contents
Advertisement
Create Site to Site VPN
D-H Group
Authentication
Note
Type
To add or edit an IKE policy:
To accept the policy list:
Cisco Router and Security Device Manager 2.5 User's Guide
11-10
The Diffie-Hellman Group—Diffie-Hellman is a public-key cryptography
protocol that allows two routers to establish a shared secret over an unsecure
communications channel. Cisco SDM supports the following groups:
group1—D-H Group 1. 768-bit D-H Group.
•
group2—D-H Group 2. 1024-bit D-H Group. This group provides more
•
security than group 1, but requires more processing time.
•
group5—D-H Group 5.1536-bit D-H Group. This group provides more
security than group 2, but requires more processing time.
The authentication method to be used. The following values are supported:
PRE_SHARE—Authentication will be performed using pre-shared keys.
•
RSA_SIG—Authentication will be performed using digital certificates.
•
You must choose the authentication type that you specified when you identified
the interfaces that the VPN connection is using.
Either Cisco SDM Default or User Defined. If no User Defined policies have been
created on the router, this window will show the default IKE policy.
If you want to add an IKE policy that is not included in this list, click Add and
create the policy in the window displayed. Edit an existing policy by selecting it
and clicking Edit. Cisco SDM Default policies are read only, and cannot be
edited.
To accept the IKE policy list and continue, click Next.
Chapter 11
Site-to-Site VPN
OL-4015-12
Advertisement
Table of Contents
Troubleshooting
