Chapter11 Site-to-Site VPN
Create Site to Site VPN
11-10
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
D-H Group
The Diffie-Hellman Group—Diffie-Hellman is a public-key cryptography
protocol that allows two routers to establish a shared secret over an unsecure
communications channel. Cisco SDM supports the following groups:
group1—D-H Group 1. 768-bit D-H Group.
group2—D-H Group 2. 1024-bit D-H Group. This group provides more
security than group 1, but requires more processing time.
group5—D-H Group 5.1536-bit D-H Group. This group provides more
security than group 2, but requires more processing time.
Authentication
The authentication method to be used. The following values are supported:
PRE_SHARE—Authentication will be performed using pre-shared keys.
RSA_SIG—Authentication will be performed using digital certificates.
Note You must choose the authentication type that you specified when you identified
the interfaces that the VPN connection is using.
Type
Either Cisco SDM Default or User Defined. If no User Defined policies have been
created on the router, this window will show the default IKE policy.
To add or edit an IKE policy:
If you want to add an IKE policy that is not included in this list, click Add and
create the policy in the window displayed. Edit an existing policy by selecting it
and clicking Edit. Cisco SDM Default policies are read only, and cannot be
edited.
To accept the policy list:
To accept the IKE policy list and continue, click Next.