Parameters
IKE SA encryption
algorithm
IKE SA lifetime
IPSec SA proposals
transform setname
AH authentication
algorithm
ESP encryption algorithm
ESP authentication
algorithm (optional, unless
you select ESP null)
IPSec SA lifetime type
IPSec SA lifetime in
kilobytes (optional)
IPSec SA lifetime in
seconds (optional)
ACL listname
local VPN network(s)
remote VPN network(s)
hosts in the VPN
networks denied access
to the tunnel (optional)
Options
• DES
• 3DES
• AES 128-bit
• AES 192-bit
• AES 256-bit
60 to 86,400 seconds
• AH
• ESP
• AH and ESP
alphanumeric string
• MD5
• SHA-1
• DES
• 3DES
• AES 128-bit
• AES 192-bit
• AES 256-bit
• None (null)
• MD5
• SHA-1
• kilobytes
• seconds
2560 to 536,870,912 kilobytes
120 to 86,400 seconds
alphanumeric string
—
—
host address (<A.B.C.D>)
range of host addresses
(<A.B.C.D> <wildcard bits>)
Obtain Setting From
match peer
match peer
match peer
—
match peer
match peer
match peer
match peer
match peer
match peer
—
local network address(es)
and subnet mask(s)
remote network address(es)
and subnet mask(s)
organizational policy
Virtual Private Networks
Quick Start
Your Setting
10-89