EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1285 background imageLoading...
Page #1285 background image
63-5
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 63 Configuring IKE, Load Balancing, and NAC
Creating IKE Policies
• A limit for how long the adaptive security appliance uses an encryption key before replacing it.
If you do not configure any IKE policies, the adaptive security appliance uses the default policy, which
is always set to the lowest priority, and which contains the e default value for each parameter. If you do
not specify a value for a specific parameter, the default value takes effect.
When IKE negotiation begins, the peer that initiates the negotiation sends all of its policies to the remote
peer, and the remote peer searches for a match with its own policies, in priority order.
A match between IKE policies exists if they have the same encryption, hash, authentication, and
Diffie-Hellman values, and an SA lifetime less than or equal to the lifetime in the policy sent. If the
lifetimes are not identical, the shorter lifetime—from the remote peer policy—applies. If no match
exists, IKE refuses negotiation and the IKE SA is not established.
Fields
• Policies—Displays parameter settings for each configured IKE policy.
–
Priority #—Shows the priority of the policy.
–
Encryption—Shows the encryption method.
–
Hash—Shows the has algorithm.
–
D-H Group—Shows the Diffie-Hellman group.
–
Authentication—Shows the authentication method.
–
Lifetime (secs)—Shows the SA lifetime in seconds.
• Add/Edit/Delete—Click to add, edit, or delete an IKE policy.
Modes
The following table shows the modes in which this feature is available:
Add/Edit IKE Policy
Fields
Priority #—Type a number to set a priority for the IKE policy. The range is 1 to 65,543, with 1 the highest
priority.
Encryption—Choose an encryption method. This is a symmetric encryption method that protects data
transmitted between two IPsec peers.The choices follow:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
des 56-bit DES-CBC. Less secure but faster than the alternatives. The default.
3des 168-bit Triple DES.
aes 128-bit AES.
aes-192 192-bit AES.
aes-256 256-bit AES.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals