Add Or Edit Ipsec Profile And Add Dynamic Crypto Map - Cisco ROUTER-SDM-CD User Manual

IPSec Profiles
Time Based IPSec SA Lifetime
Traffic Volume Based IPSec SA Lifetime
IPSec SA Idle Time
Perfect Forwarding Secrecy

Add or Edit IPSec Profile and Add Dynamic Crypto Map

Cisco Router and Security Device Manager 2.5 User's Guide
17-14
Click Time Based IPSec SA Lifetime if you want a new SA to be established
after a set period of time has elapsed. Enter the time period in the HH:MM:SS
fields to the right.
Click Traffic Volume Based IPSec SA Lifetime if you want a new SA to be
established after a specified amount of traffic has passed through the IPSec tunnel.
Enter the number of kilobytes that should pass through the tunnel before an
existing SA is taken down and a new one is established.
Click IPSec SA Idle Time if you want a new SA to be established after the peer
has been idle for a specified amount of time. Enter the idle time period in the
HH:MM:SS fields to the right.
Click Perfect Forwarding Secrecy if IPSec should ask for perfect forward
secrecy (PFS) when requesting new security associations for this virtual template
interface, or should require PFS in requests received from the peer. You can
specify the following values:
group1—The 768-bit Diffie-Hellman prime modulus group is used to encrypt
•
the PFS request.
group2—The 1024-bit Diffie-Hellman prime modulus group is used to
•
encrypt the PFS request.
group5—The 1536-bit Diffie-Hellman prime modulus group is used to
•
encrypt the PFS request.
Use this window to add or to edit an IPSec profile, or to add a dynamic crypto
map.
Chapter 17 IP Security
OL-4015-12