Implementing Internet Key Exchange Security Protocol on Cisco IOS XR Software
Configuration Examples for Implementing IKE Security Protocol
SC-144
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Configuration Examples for Implementing IKE Security Protocol
This section provides the following configuration examples:
• Creating IKE Policies: Example, page 144
• Configuring a service-ipsec Interface with a Dynamic Profile: Example, page 145
• Limiting an IKE Peer to a Particular Policy Set Based on Local IP Address: Example, page 145
• Configuring Cisco Easy VPN with a Local AAA-Method Server: Example, page 146
• Configuring Cisco Easy VPN with a Remote AAA-Method Server: Example, page 147
• Configuring a Local ISAKMP Profile for Preshared Keys in ISAKMP Keyrings: Example, page 148
• Configuring VRF-Aware: Example, page 148
Creating IKE Policies: Example
This example shows how to create two IKE policies with policy 15 as the highest priority, policy 20 as
the next priority, and the existing default priority as the lowest priority.
crypto isakmp policy 15
encryption 3des
hash md5
authentication rsa-sig
group 2
lifetime 5000
crypto isakmp policy 20
authentication pre-share
lifetime 10000
In the example, the encryption des of policy 20 would not appear in the written configuration because
this is the default value for the encryption algorithm parameter.
If the show crypto isakmp policy command is issued with this configuration, the output is as follows:
Protection suite priority 15
encryption algorithm:3DES - Data Encryption Standard (168 bit keys)
hash algorithm:Message Digest 5
authentication method:Rivest-Shamir-Adelman Signature
Diffie-Hellman group:#2 (1024 bit)
lifetime:5000 seconds, no volume limit
Protection suite priority 20
encryption algorithm:DES - Data Encryption Standard (56 bit keys)
hash algorithm:Secure Hash Standard
authentication method:preshared Key
Diffie-Hellman group:#1 (768 bit)
lifetime:10000 seconds, no volume limit
Default protection suite
encryption algorithm:DES - Data Encryption Standard (56 bit keys)
hash algorithm:Secure Hash Standard
authentication method:Rivest-Shamir-Adelman Signature
Diffie-Hellman group:#1 (768 bit)
lifetime:86400 seconds, no volume limit
Note Although the output shows “no volume limit” for the lifetimes, you can configure only a time lifetime
(such as 86,400 seconds); volume-limit lifetimes are not configurable.
To Next Page
Loading...
Need help?
General
