EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1753 background imageLoading...
Page #1753 background image
1-9
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Remote Access IPsec VPNs
Configuring Remote Access IPsec VPNs
Command Purpose
Step 1
crypto ikev1 policy priority
authentication {crack | pre-share |
rsa-sig}
Example:
hostname(config)# crypto ikev1 policy 1
authentication pre-share
hostname(config)#
Specifies the authentication method and the set of parameters to
use during IKEv1 negotiation.
Priority uniquely identifies the Internet Key Exchange (IKE)
policy and assigns a priority to the policy. Use an integer from 1
to 65,534, with 1 being the highest priority and 65,534 the lowest.
In this example and the steps that follow, we set the priority to 1.
Step 2
crypto ikev1 policy priority encryption
{aes | aes-192 | aes-256 | des | 3des}
Example:
hostname(config)# crypto ikev1 policy 1
encryption 3des
hostname(config)#
Specifies the encryption method to use within an IKE policy.
Step 3
crypto ikev1 policy priority hash {md5 |
sha}
Example:
hostname(config)# crypto ikev1 policy 1
hash sha
hostname(config)#
Specifies the hash algorithm for an IKE policy (also called the
HMAC variant).
Step 4
crypto ikev1 policy priority group
{1 | 2 | 5}
Example:
hostname(config)# crypto ikev1 policy 1
group 2
hostname(config)#
Specifies the Diffie-Hellman group for the IKE policy—the
crypto protocol that allows the IPsec client and the ASA to
establish a shared secret key.
Step 5
crypto ikev1 policy priority lifetime
{seconds}
Example:
hostname(config)# crypto ikev1 policy 1
lifetime 43200
hostname(config)#
Specifies the encryption key lifetime—the number of seconds
each security association should exist before expiring.
The range for a finite lifetime is 120 to 2147483647 seconds.
Use 0 seconds for an infinite lifetime.
Step 6
crypto ikev1 enable interface-name
Example:
hostname(config)# crypto ikev1 enable
outside
hostname(config)#
Enables ISAKMP on the interface named outside.
Step 7
write memory
Example:
hostname(config-if)# write memory
Building configuration...
Cryptochecksum: 0f80bf71 1623a231 63f27ccf
8700ca6d
11679 bytes copied in 3.390 secs (3893
bytes/sec)
[OK]
hostname(config-if)#
Saves the changes to the configuration.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals