1-12
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring IPsec and ISAKMP
Configuring ISAKMP
Note If you do not specify a value for a given policy parameter, the default value applies.
Step 1 Enter IKEv1 policy configuration mode:
hostname(config)# crypto ikev1 policy 1
hostname(config-ikev1-policy)#
Step 2 Specify the encryption algorithm. The default is Triple DES. This example sets encryption to DES.
encryption [aes | aes-192 | aes-256 | des | 3des]
For example:
hostname(config-ikev1-policy)# encryption des
Step 3 Specify the hash algorithm. The default is SHA-1. This example configures MD5.
hash [md5 | sha]
For example:
hostname(config-ikev1-policy)# hash md5
Step 4 Specify the authentication method. The default is preshared keys. This example configures RSA
signatures.
authentication [pre-share | crack | rsa-sig]
For example:
hostname(config-ikev1-policy)# authentication rsa-sig
Step 5 Specify the Diffie-Hellman group identifier. The default is Group 2. This example configures Group 5.
group [1 | 2 | 5]
For example:
hostname(config-ikev1-policy)# group 5
Step 6 Specify the SA lifetime. This examples sets a lifetime of 4 hours (14400 seconds). The default is 86400
seconds (24 hours).
lifetime seconds
For example:
hostname(config-ikev1-policy)# lifetime 14400
Enabling IKE on the Outside Interface
You must enable IKE on the interface that terminates the VPN tunnel. Typically this is the outside, or
public interface. To enable IKEv1 or IKEv2, use the crypto ikev1 | ikev2 enable interface-name
command from global configuration mode in either single or multiple context mode.
For example:
hostname(config)# crypto ikev1 enable outside
To Next Page
Loading...
Need help?
General
