1-8
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring IPsec and ISAKMP
Configuring ISAKMP
Context Mode Guidelines
Supported in single or multiple context mode.
Firewall Mode Guidelines
Supported in routed firewall mode only. Does not support transparent firewall mode.
Failover Guidelines
IPsec VPN sessions are replicated in Active/Standby failover configurations only. Active/Active failover
configurations are not supported.
IPv6 Guidelines
Does not support IPv6.
Configuring ISAKMP
This section describes the Internet Security Association and Key Management Protocol (ISAKMP) and
the Internet Key Exchange (IKE) protocol.
This section includes the following topics:
• Configuring IKEv1 and IKEv2 Policies, page 1-8
• Enabling IKE on the Outside Interface, page 1-12
• Disabling IKEv1 Aggressive Mode, page 1-13
• Determining an ID Method for IKEv1 and IKEv2 ISAKMP Peers, page 1-13
• Enabling IPsec over NAT-T, page 1-14
• Enabling IPsec with IKEv1 over TCP, page 1-15
• Waiting for Active Sessions to Terminate Before Rebooting, page 1-16
• Alerting Peers Before Disconnecting, page 1-16
Configuring IKEv1 and IKEv2 Policies
To create an IKE policy, enter the crypto ikev1 | ikev2 policy command from global configuration mode
in either single or multiple context mode. The prompt displays IKE policy configuration mode. For
example:
hostname(config)# crypto ikev1 policy 1
hostname(config-ikev1-policy)#
After creating the policy, you can specify the settings for the policy.
Table 1-1 and Table 1-2 provide information about the IKEv1 and IKEv2 policy keywords and their
values.
To Next Page
Loading...
Need help?
General
