Chapter 4 Configuring the ISA and ISM

Configuring IKE

Use the ppp encrypt mppe{auto 40 128} [passive required] [stateful] command in interface configuration mode to enable MPPE on the virtual template.

Configuring IKE

IKE is enabled by default. IKE does not have to be enabled for individual interfaces but is enabled globally for all interfaces at the router. You must create IKE policies at each peer. An IKE policy defines a combination of security parameters to be used during the IKE negotiation.

You can create multiple IKE policies, each with a different combination of parameter values. If you do not configure any IKE policies, the router uses the default policy, which is always set to the lowest priority, and which contains each parameter’s default value.

For each policy that you create, you assign a unique priority (1 through 10,000, with 1 being the highest priority). You can configure multiple policies on each peer—but at least one of these policies must contain exactly the same encryption, hash, authentication, and Diffie-Hellman parameter values as one of the policies on the remote peer.

If you do not specify a value for a parameter, the default value is assigned. For information on default values, refer to the “IP Security and Encryption” chapter of the Security Command Reference publication.

Note The default policy and the default values for configured policies do not show up in the configuration when you issue a show running-config EXEC command. Instead, to see the default policy and any default values within configured policies, use the show crypto isakmp policy EXEC command.

To configure a policy, use the following commands, starting in global configuration mode:

Step

Command

Purpose

 

 

 

1.

crypto isakmp policy priority

Identify the policy to create, and enter

 

 

config-isakmp command mode.

 

 

 

1.

encryption {des 3des}

Specify the encryption algorithm.

 

 

 

1.

group {1 2}

Specify the Diffie-Hellman group identifier.

 

 

 

For detailed information on creating IKE policies, refer to the “Configuring Internet Key Exchange Security Protocol” chapter in the Security Configuration Guide publication. This chapter contains information on the following topics:

Why Do You Need to Create These Policies?

What Parameters Do You Define in a Policy?

How Do IKE Peers Agree upon a Matching Policy?

Which Value Should You Select for Each Parameter?

Creating Policies

Additional Configuration Required for IKE Policies

Integrated Services Adapter and Integrated Services Module Installation and Configuration

 

OL-3575-01 B0

4-3

 

 

 

Page 38 Page 40
Page 39
Image 39
Cisco Systems SM-ISM, SA-ISA manual Configuring IKE, Identify the policy to create, and enter, Config-isakmp command mode
Page 38 Page 40
Top Page Image Contents