EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1753 background imageLoading...
Page #1753 background image
1-9
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Remote Access IPsec VPNs
Configuring Remote Access IPsec VPNs
Command Purpose
Step 1
crypto ikev1 policy priority
authentication {crack | pre-share |
rsa-sig}
Example:
hostname(config)# crypto ikev1 policy 1
authentication pre-share
hostname(config)#
Specifies the authentication method and the set of parameters to
use during IKEv1 negotiation.
Priority uniquely identifies the Internet Key Exchange (IKE)
policy and assigns a priority to the policy. Use an integer from 1
to 65,534, with 1 being the highest priority and 65,534 the lowest.
In this example and the steps that follow, we set the priority to 1.
Step 2
crypto ikev1 policy priority encryption
{aes | aes-192 | aes-256 | des | 3des}
Example:
hostname(config)# crypto ikev1 policy 1
encryption 3des
hostname(config)#
Specifies the encryption method to use within an IKE policy.
Step 3
crypto ikev1 policy priority hash {md5 |
sha}
Example:
hostname(config)# crypto ikev1 policy 1
hash sha
hostname(config)#
Specifies the hash algorithm for an IKE policy (also called the
HMAC variant).
Step 4
crypto ikev1 policy priority group
{1 | 2 | 5}
Example:
hostname(config)# crypto ikev1 policy 1
group 2
hostname(config)#
Specifies the Diffie-Hellman group for the IKE policy—the
crypto protocol that allows the IPsec client and the ASA to
establish a shared secret key.
Step 5
crypto ikev1 policy priority lifetime
{seconds}
Example:
hostname(config)# crypto ikev1 policy 1
lifetime 43200
hostname(config)#
Specifies the encryption key lifetime—the number of seconds
each security association should exist before expiring.
The range for a finite lifetime is 120 to 2147483647 seconds.
Use 0 seconds for an infinite lifetime.
Step 6
crypto ikev1 enable interface-name
Example:
hostname(config)# crypto ikev1 enable
outside
hostname(config)#
Enables ISAKMP on the interface named outside.
Step 7
write memory
Example:
hostname(config-if)# write memory
Building configuration...
Cryptochecksum: 0f80bf71 1623a231 63f27ccf
8700ca6d
11679 bytes copied in 3.390 secs (3893
bytes/sec)
[OK]
hostname(config-if)#
Saves the changes to the configuration.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals