Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
How to Implement IKE Security Protocol Configurations for IPSec Networks
SC-118
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto isakmp policy priority
Example:
RP/0/RP0/CPU0:router(config)# crypto isakmp
policy 5
Identifies the policy to create.
Each policy is uniquely identified by the priority number
you assign, which can be from 1-10000. This command
places the router in ISAKMP policy configuration mode.
Step 3
encryption {192-aes AES - Advanced Encryption
Standard (192-bit keys) | 256-aes AES -
Advanced Encryption Standard (256-bit keys) |
3des 3DES - Three-key triple DES | aes AES -
Advanced Encryption Standard (128 bit keys) |
des DES - Data Encryption Standard (56 bit
keys)}
Example:
RP/0/RP0/CPU0:router(config-isakmp)# encryption
aes
Specifies the encryption algorithm.
Step 4
hash {sha | md5}
Example:
RP/0/RP0/CPU0:router(config-isakmp)# hash md5
Specifies the hash algorithm.
• SHA—Secure-hash-algorithm
• MD5—Message-digest-5
Note SHA and MD5 can be used to calculate hashed
message authentication coding (HMAC).
Step 5
authentication {pre-share | rsa-sig | rsa-encr}
Example:
RP/0/RP0/CPU0:router(config-isakmp)#
authentication rsa-sig
Specifies the authentication method for this policy as either
a pre-shared key, an RSA-encryption, or an RSA signature.
Step 6
group {1 | 2 | 5}
Example:
RP/0/RP0/CPU0:router(config-isakmp)# group 5
Specifies the Diffie-Hellman group identifier.
Step 7
lifetime seconds
Example:
RP/0/RP0/CPU0:router(config-isakmp)# lifetime
50000
Specifies the lifetime of the security association. The range,
in seconds, is from 60 to 86400.
To Next Page
Loading...
Need help?
General
