Chapter18 Internet Key Excha nge
Internet Key Exchange (IKE)
18-2
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
IKE Policies
IKE negotiations must be protected; therefore, each IKE negotiation begins by
each peer agreeing on a common (shared) IKE policy. This policy states which
security parameters will be used to protect subsequent IKE negotiations. This
window shows the IKE policies configured on the router, and allows you to add,
edit, or remove an IKE policy from the router’s configuration. If no IKE polic ies
have been configured on the router, this window shows the default IKE policy.
After the two peers agree on a policy, the security parameters of the policy are
identified by a security association established at each peer. These security
associations apply to all subsequent IKE traffic during the negotiation.
The IKE policies in this list are available to all VPN connections.
Priority
An integer value that specifies the priority of this policy relative to the other
configured IKE policies. Assign the lowest numbers to the IKE policies that you
prefer that the router use. The router will offer those po licies first during
negotiations.
Encryption
The type of encryption that should be used to communicate this IKE policy.
Create an IKE policy.
Cisco SDM provides a default IKE policy, but there is no
guarantee that the peer has the same policy. You should
configure other IKE policies so that the router is able to
offer an IKE policy that the peer can accept.
Click the IKE Policy node on the VPN tree.
See IKE Policies for more information.
Create a pre-shared key.
If IKE is used, the peers at each end must exchange a
pre-shared key to authenticate each other.
Click the Pre-Shared Key node on the VPN
tree. See IKE Pre-shared Keys for more
information.
Create an IKE profile. Click the IKE Profile node on the VPN
tree. See IKE Profiles for more information.
If you want to: Do this: