1-10
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring IPsec and ISAKMP
Configuring ISAKMP
sha256 SHA 2, 256-bit digest Specifies the Secure Hash Algorithm SHA 2 with the
256-bit digest.
sha384 SHA 2, 384-bit digest Specifies the Secure Hash Algorithm SHA 2 with the
384-bit digest.
sha512 SHA 2, 512-bit digest Specifies the Secure Hash Algorithm SHA 2 with the
512-bit digest.
null When AES-GCM is specified as the encryption algorithm,
an administrator can choose null as the IKEv2 integrity
algorithm.
encryption des
3des (default)
56-bit DES-CBC
168-bit Triple DES
Specifies the symmetric encryption algorithm that protects
data transmitted between two IPsec peers. The default is
168-bit Triple DES.
aes
aes-192
aes-256
The Advanced Encryption Standard supports key lengths of
128, 192, 256 bits.
aes-gcm
aes-gcm-192
aes-gcm-256
null
AES-GCM algorithm
options to use for IKEv2
encryption
The Advanced Encryption Standard supports key lengths of
128, 192, 256 bits.
policy_index Accesses the IKEv2 policy sub-mode.
prf sha (default) SHA-1 (HMAC variant) Specifies the pseudo random function (PRF)—the
algorithm used to generate keying material.
md5 MD5 (HMAC variant) The default is SHA-1. MD5 has a smaller digest and is
considered to be slightly faster than SHA-1. A successful
(but extremely difficult) attack against MD5 has occurred;
however, the HMAC variant IKE uses prevents this attack.
sha256 SHA 2, 256-bit digest Specifies the Secure Hash Algorithm SHA 2 with the
256-bit digest.
sha384 SHA 2, 384-bit digest Specifies the Secure Hash Algorithm SHA 2 with the
384-bit digest.
sha512 SHA 2, 512-bit digest Specifies the Secure Hash Algorithm SHA 2 with the
512-bit digest.
priority Extends the policy mode to support the additional IPsec V3
features and makes the AES-GCM and ECDH settings part
of the Suite B support.
Table 1-2 IKEv2 Policy Keywords for CLI Commands (continued)
Command Keyword Meaning Description
To Next Page
Loading...
Need help?
General
