Version 7.2 755 Mediant MSBR
Reference Guide 76 Security
76.3.1.2 crypto isakmp policy
This command, when used in global configuration mode, defines an Internet Key Exchange
(IKE) policy. IKE policies define a set of parameters to be used during the IKE negotiation.
To delete an IKE policy, use the no form of this command.
This command invokes the Internet Security Association Key Management Protocol
(ISAKMP) policy configuration (config-isakmp) command mode. While in the ISAKMP
policy configuration command mode, some of the commands for which you can specify
parameters, are as follows:
encryption
hash
authentication
group
lifetime
To exit config-isakmp command mode, type ‘exit'.
You can configure multiple IKE policies on each peer participating in IPSec. When the IKE
negotiation begins, it tries to find a common policy configured on both peers.
Syntax
crypto isakmp policy <id>
no crypto isakmp policy <id>
Command Description
id Uniquely identifies the IKE policy
This command puts you into the config-isakmp command mode.
(config-isakmp)# authentication <pre-share>
(config-isakmp)# encryption <enc-alg>
(config-isakmp)# hash <auth-alg>
(config-isakmp)# lifetime <second>
(config-isakmp)# group {1|2|3}
Command Description
pre-share Specifies the authentication method.
enc-alg Specifies the encryption algorithm within an IKE policy.
Accepted transform values are described in the "algorithms
table".
auth-alg Specifies the hash algorithm within an IKE policy.
Accepted transform values are described in the "algorithms
table".
second Specifies the lifetime of an IKE SA.
To Next Page
Loading...
Need help?
General
