ISAKMP Protocol Policy Mode Commands
XSR CLI Reference Guide 14-95

ISAKMP Protocol Policy Mode Commands

crypto isakmp proposal

ThiscommanddefinesanIKEproposal(policy)‐asetofparametersusedduringIKEnegotiation.
ItinvokesISAKMPprotocolpolicyconfigurationmodewherethefollowingsubcommandsare
availabletospecifyparametersintheproposal:
authentication ‐AuthenticationmethodusedbyanIKEproposal.Refertopage1496for
thecommanddefinition.
encryption ‐EncodingmethodusedbyanIKEproposal.Refertopage1497forthe
commanddefinition.
group ‐DiffieHellmangrouptypeusedbyanIKEproposal.Refertopage1497forthe
commanddefinition.
hash ‐HashalgorithmusedbyanIKEproposal.Refertopage1498forthecommand
definition.
lifetime ‐SAintervalusedbyanIKEproposal.Refertopage1499forthecommand
definition.
ManyIKEproposals(policies)canbeconfiguredoneachpeerparticipatinginIPSec.WhenIKE
negotiationbegins,ittriestofindacommonproposal(policy)onbothpeers;thecommon
proposalcontainsexactlythesameencryption,hash,authentication,andDiffieHellmanvalues.
Thelifetimevaluedoesnotnecessarilyhavetobethesame.
Syntax
crypto isakmp proposal name
Syntax of the “no” Form
TodeleteanIKEproposal(policy),usethenoformofthiscommand:
no crypto isakmp proposal name
Defaults
TheDEFAULTproposalcontainsthesedefaultvalues:
• Authentication:RSAsignatures
• Encryption:TripleDES
•Group:2
•Hash:SHA1
• Lifetime:28,840seconds(8hours)
Mode
Globalconfiguration:XSR(config)#
name Proposalnametobedefined.