User Manual - Configuration Guide (Volume 3)
Versatile Routing Platform Chapter 5
Configuration of IKE
5-3
z Determine the intensity of authentication algorithm, encryption algorithm and
Diffie-Hellman algorithm (i.e., the calculation resources c onsumed and the security
capability provided). Different algorithms are of different intensities, and the hi gher
the algorithm intensity is, the more difficult it is to dec ode the protected data, but the
more the consumed resources are. The longer key usually has higher algor ithm
intensity.
z Determine the security protection intensity needed in IKE exchange (i ncluding
hashing algorithm, encryption algorithm, ID authentication algorithm and D H
algorithm).
z Determine the authentication algorithm, encryption algorithm, hashing alg orithm
and Diffie-Hellman group.
z Determine the pre-shared key of both parties.
1) Create IKE policy
The user can create multiple IKE policies, but must allocate a unique priority value for
each created policy. Both parties in negotiation must have at least one matched policy
for successfully negotiation, that is to say, a policy and the one in the rem ote ter m inal
must have the same encryption, hashing, authentication and Diffie-Hellman
parameters (the lifetime parameters may be a little different). If it is f ound there are
multiple matching policies after negotiation, the one with higher priority will be m atched
first.
Please perform the following tasks in global configuration mode.
Table SC-5-1 Create IKE policy
Operation Command
Create IKE policy and enter IKE policy configuration mode crypto ike policy priority
Delete IKE policy no crypto ike policy priority
No IKE security policy is created by default.
5.2.3 Select Encryption Algorithm
There is only one encryption algorithm: 56-bit DES-Cipher Bloc k Chaining (DES-CBC).
Before being encrypted, each plain text block will perform exc lusive-OR operation with
an encryption block, thus the same plain text block will never map the sam e encryption
and the security is enhanced.
Please perform the following tasks in IKE policy configuration m ode.
Table SC-5-2 Select encryption algorithm
Operation Command
Select encryption algorithm encryption des-cbc
Set the encryption algorithm to the default value no encryption
By default, DES-CBC encryption algorithm (i.e. parameter des-cbc) is adopted.
5.2.4 Select Authentication Algorithm
There is only one authentication algorithm: pre-share key
Please perform the following tasks in IKE policy configuration m ode.