1-13
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring L2TP over IPsec
Configuring L2TP over IPsec
Command Purpose
Step 1
Detailed CLI Configuration Steps, page 1-10 Follow the Detailed CLI Configuration
Steps procedure through step Step 18. Add
the additional steps in this table to configure
the IKE policy for Windows 7 native VPN
clients.
Step 1
show run crypto isakmp
Example:
hostname(config)# show run crypto isakmp
Displays the attributes and the number of
any existing IKE policies.
Step 2
crypto isakmp policy number
Example:
hostname(config)# crypto isakmp policy number
hostname(config-isakmp-policy)#
Allows you to configure an IKE policy. The
number argument specifies the number of
the IKE policy you are configuring. This
number was listed in the output of the
show
run crypto isakmp
command.
Step 3
authentication
Example:
hostname(config-isakmp-policy)# authentication pre-share
Sets the authentication method the ASA
uses to establish the identity of each IPsec
peer to use preshared keys.
Step 4
encryption type
Example:
hostname(config-isakmp-policy)# encryption
{3des|aes|aes-256}
Choose a symmetric encryption method that
protects data transmitted between two IPsec
peers. For Windows 7 choose either 3des,
aes, for 128-bit AES, or aes-256.
Step 5
hash
Example:
hostname(config-isakmp-policy)# hash sha
Choose the hash algorithm that ensures data
integrity. For Windows 7, specify sha for the
SHA-1 algorithm.
Step 6
group
Example:
hostname(config-isakmp-policy)# group 5
Choose the Diffie-Hellman group identifier.
For Windows 7, specify 5 for the 1536-bit
Diffie-Hellman group.
Step 7
lifetime
Example:
hostname(config-isakmp-policy)# lifetime 86400
Specify the SA lifetime in seconds. For
Windows 7, specify 86400 seconds to
represent 24 hours.
To Next Page
Loading...
Need help?
General
