Table of Contents
Advertisement
Internet Key Exchange (IKE)
If you want to:
Create an IKE policy.
Cisco SDM provides a default IKE policy, but there is no
guarantee that the peer has the same policy. You should
configure other IKE policies so that the router is able to
offer an IKE policy that the peer can accept.
Create a pre-shared key.
If IKE is used, the peers at each end must exchange a
pre-shared key to authenticate each other.
Create an IKE profile.
IKE Policies
Priority
Encryption
Cisco Router and Security Device Manager 2.5 User's Guide
18-2
IKE negotiations must be protected; therefore, each IKE negotiation begins by
each peer agreeing on a common (shared) IKE policy. This policy states which
security parameters will be used to protect subsequent IKE negotiations. This
window shows the IKE policies configured on the router, and allows you to add,
edit, or remove an IKE policy from the router's configuration. If no IKE policies
have been configured on the router, this window shows the default IKE policy.
After the two peers agree on a policy, the security parameters of the policy are
identified by a security association established at each peer. These security
associations apply to all subsequent IKE traffic during the negotiation.
The IKE policies in this list are available to all VPN connections.
An integer value that specifies the priority of this policy relative to the other
configured IKE policies. Assign the lowest numbers to the IKE policies that you
prefer that the router use. The router will offer those policies first during
negotiations.
The type of encryption that should be used to communicate this IKE policy.
Chapter 18
Do this:
Click the IKE Policy node on the VPN tree.
See
IKE Policies
for more information.
Click the Pre-Shared Key node on the VPN
tree. See
IKE Pre-shared Keys
information.
Click the IKE Profile node on the VPN
tree. See
IKE Profiles
Internet Key Exchange
for more
for more information.
OL-4015-12
Advertisement
Table of Contents
Troubleshooting
