7-3
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
Configure a VPN
Configure the IKE Policy
Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global
configuration mode:
Command or Action Purpose
Step 1
crypto isakmp policy priority
Example:
Router(config)# crypto isakmp policy 1
Router(config-isakmp)#
Creates an IKE policy that is used during IKE
negotiation. The priority is a number from 1 to
10000, with 1 being the highest.
Also enters Internet Security Association and Key
Management Protocol (ISAKMP) policy
configuration mode.
Step 2
encryption {des | 3des | aes | aes 192 | aes 256}
Example:
Router(config-isakmp)# encryption 3des
Router(config-isakmp)#
Specifies the encryption algorithm used in the IKE
policy.
The example uses 168-bit Data Encryption
Standard (DES).
Step 3
hash {md5 | sha}
Example:
Router(config-isakmp)# hash md5
Router(config-isakmp)#
Specifies the hash algorithm used in the IKE
policy.
The example specifies the Message Digest 5
(MD5) algorithm. The default is Secure Hash
standard (SHA-1).
Step 4
authentication {rsa-sig | rsa-encr | pre-share}
Example:
Router(config-isakmp)# authentication
pre-share
Router(config-isakmp)#
Specifies the authentication method used in the
IKE policy.
The example uses a pre-shared key.
Step 5
group {1 | 2 | 5}
Example:
Router(config-isakmp)# group 2
Router(config-isakmp)#
Specifies the Diffie-Hellman group to be used in
the IKE policy.
Step 6
lifetime seconds
Example:
Router(config-isakmp)# lifetime 480
Router(config-isakmp)#
Specifies the lifetime, 60–86400 seconds, for an
IKE security association (SA).
Step 7
exit
Example:
Router(config-isakmp)# exit
Router(config)#
Exits IKE policy configuration mode, and enters
global configuration mode.
To Next Page
Loading...
