73-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter73 Configuring LAN-to-LAN IPsec VPNs
Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface
Configuring ISAKMP Policies for IKEv2 Connections, page73-4
Configuring ISAKMP Policies for IKEv1 Connections
To configure ISAKMP policies for IKEv1 connections, use the crypto ikev1 policy command to enter
IKEv1 policy configuration mode where you can configure the IKEv1 parameters:
crypto ikev1 policy priority
Perform the following steps and use the command syntax in the following examples as a guide.
Step1 Enter IPsec IKEv1 policy configuration mode. For example:
hostname(config)# crypto ikev1 policy 1
hostname(config-ikev1-policy)#
Step2 Set the authentication method. The following example configures a preshared key:
hostname(config-ikev1-policy)# authentication pre-share
hostname(config-ikev1-policy)#
Step3 Set the encryption method. The following example configures 3DES:
hostname(config-ikev1-policy)# encryption 3des
hostname(config-ikev1-policy)#
Step4 Set the HMAC method. The following example configures SHA-1:
hostname(config-ikev1-policy)# hash sha
hostname(config-ikev1-policy)#
Step5 Set the Diffie-Hellman group. The following example configures Group 2:
hostname(config-ikev1-policy)# group 2
hostname(config-ikev1-policy)#
Step6 Set the encryption key lifetime. The following example configures 43,200 seconds (12 hours):
hostname(config-ikev1-policy)# lifetime 43200
hostname(config-ikev1-policy)#
Step7 Enable IKEv1 on the interface named outside:
hostname(config)# crypto ikev1 enable outside
hostname(config)#
Step8 To save your changes, enter the write memory command:
hostname(config)# write memory
hostname(config)#
Configuring ISAKMP Policies for IKEv2 Connections
To configure ISAKMP policies for IKEv2 connections, use the crypto ikev2 policy command to enter
IKEv2 policy configuration mode where you can configure the IKEv2 parameters:
crypto ikev2 policy priority