Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel

Configure the IKE Policy

BETA DRAFT - CISCO CONFIDENTIAL

An example showing the results of these configuration tasks is shown in the section “Configuration Example.”

Note The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT, DCHP and VLANs. If you have not performed these configurations tasks, see Chapter 1, “Basic Router Configuration,” Chapter 3, “Configuring PPP over Ethernet with NAT,” Chapter 4, “Configuring PPP over ATM with NAT,” and Chapter 5, “Configuring a LAN with DHCP and VLANs” as appropriate for your router.

Configure the IKE Policy

Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global configuration mode:

 

Command or Action

Purpose

Step 1

 

 

crypto isakmp policy priority

Creates an IKE policy that is used during IKE

 

 

negotiation. The priority is a number from 1 to

 

Example:

10000, with 1 being the highest.

 

Router(config)# crypto isakmp policy 1

Also enters the Internet Security Association Key

 

Router(config-isakmp)#

and Management Protocol (ISAKMP) policy

 

 

 

 

configuration mode.

Step 2

 

 

encryption {des 3des aes aes 192 aes 256}

Specifies the encryption algorithm used in the IKE

 

 

policy.

 

Example:

The example specifies 168-bit data encryption

 

 

 

Router(config-isakmp)# encryption 3des

standard (DES).

 

Router(config-isakmp)#

 

Step 3

 

 

hash {md5 sha}

Specifies the hash algorithm used in the IKE

 

 

policy.

 

Example:

The example specifies the Message Digest 5

 

 

 

Router(config-isakmp)# hash md5

(MD5) algorithm. The default is Secure Hash

 

Router(config-isakmp)#

standard (SHA-1).

 

 

Step 4

 

 

authentication {rsa-sig rsa-encr pre-share}

Specifies the authentication method used in the

 

 

IKE policy.

 

Example:

The example specifies a pre-shared key.

 

 

 

Router(config-isakmp)# authentication

 

 

pre-share

 

 

Router(config-isakmp)#

 

Step 5

 

 

group {1 2 5}

Specifies the Diffie-Hellman group to be used in

 

 

an IKE policy.

 

Example:

 

 

Router(config-isakmp)# group 2

 

 

Router(config-isakmp)#

 

 

 

 

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

 

OL-6426-02

6-3

 

 

 

Page 75
Image 75
Cisco Systems OL-6426-02 manual Configure the IKE Policy