Configuring Isakmp Using Cli; Security Parameters For Data Traffic Using Transform Set - Motorola WS5100 Series Migration Giude

11-6 WS5100 Series Switch Migration Guide

11.3.2.4 Configuring ISAKMP using CLI

To configure a ISAKMP policy, follow the CLI commands mentioned below:
1. Create an IKE Policy.
WS5100(config)# crypto isakmp policy 10
2. Assign an encryption type to the IKE policy.
WS5100(config-crypto-isakmp)# encryption 3des
3. Assign an hash type to the IKE policy
WS5100(config-crypto-isakmp)# hash md5
4. Assign an authentication type to the IKE policy
WS5100(config-crypto-isakmp)# authentication pre-share
5. Define the lifetime for the IKE policy
WS5100(config-crypto-isakmp)# lifetime 600
To create more than one IKE policy with different priority, follow the CLI commands mentioned below:
1. Create another IKE policy
WS5100(config)# crypto isakmp policy 20
2. Assign different encryption type to the new IKE policy
WS5100(config-crypto-isakmp)# encryption 3des
3. Assign different hash type to the new IKE policy
WS5100(config-crypto-isakmp)# hash sha
4. Assign different authentication type to the new IKE policy
WS5100(config-crypto-isakmp)# authentication rsa-sig
5. Define different lifetime to the new IKE policy
WS5100(config-crypto-isakmp)# lifetime 1200
NOTE: If the IKE policies have different IKE Lifetime between two peers, then minimum of
them will be selected during IKE negotiation.

11.3.3 Security Parameters for Data Traffic using Transform Set

A transform set specifies the combination of security algorithm, encryption and authentication to be used for
protecting data traffic. To create a transform set select any one option from each of the following security
protocol:
• AH Transform — ah-md5-hmac, ah-sha-hmac.
• ESP Encryption Transform — esp-3des, esp-des, esp-aes (-128), esp-aes 192, esp -aes 256