Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation

Configure a VPN

BETA DRAFT - CISCO CONFIDENTIAL

Configure a VPN

Perform the following tasks to configure a VPN over an IPSec tunnel:

Configure the IKE Policy

Configure Group Policy Information

Enable Policy Lookup

Configure IPSec Transforms and Protocols

Configure the IPSec Crypto Method and Parameters

Apply the Crypto Map to the Physical Interface

Configure the IKE Policy

Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global configuration mode:

 

Command or Action

Purpose

Step 1

 

 

crypto isakmp policy priority

Creates an IKE policy that is used during IKE

 

 

negotiation. The priority is a number from 1 to

 

Example:

10000, with 1 being the highest.

 

Router(config)# crypto isakmp policy 1

Also enters Internet Security Association Key and

 

Router(config-isakmp)#

Management Protocol (ISAKMP) policy

 

 

 

 

configuration mode.

Step 2

 

 

encryption {des 3des aes aes 192 aes 256}

Specifies the encryption algorithm used in the IKE

 

 

policy.

 

Example:

The example uses 168-bit Data Encryption

 

 

 

Router(config-isakmp)# encryption 3des

Standard (DES).

 

Router(config-isakmp)#

 

Step 3

 

 

hash {md5 sha}

Specifies the hash algorithm used in the IKE

 

 

policy.

 

Example:

The example specifies the Message Digest 5

 

 

 

Router(config-isakmp)# hash md5

(MD5) algorithm. The default is Secure Hash

 

Router(config-isakmp)#

standard (SHA-1).

 

 

Step 4

 

 

authentication {rsa-sig rsa-encr pre-share}

Specifies the authentication method used in the

 

 

IKE policy.

 

Example:

The example uses a pre-shared key.

 

 

 

Router(config-isakmp)# authentication

 

 

pre-share

 

 

Router(config-isakmp)#

 

 

 

 

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

 

OL-6426-02

7-3

 

 

 

Page 87
Image 87
Cisco Systems OL-6426-02 manual Configure a VPN, Configure the IKE Policy, Also enters Internet Security Association Key