27-5
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 27 Configuring IPSec and ISAKMP
Configuring ISAKMP
Note New ASA configurations do not have a default ISAKMP policy.
Configuring ISAKMP Policies
To configure ISAKMP policies, in global configuration mode, use the crypto isakmp policy command
with its various arguments. The syntax for ISAKMP policy commands is as follows:
crypto isakmp policy priority attribute_name [attribute_value | integer]
You must include the priority in each of the ISAKMP commands. The priority number uniquely
identifies the policy, and determines the priority of the policy in ISAKMP negotiations.
To enable and configure ISAKMP, complete the following steps, using the examples as a guide:
Note If you do not specify a value for a given policy parameter, the default value applies.
Step 1 Specify the encryption algorithm. The default is Triple DES. This example sets encryption to DES.
crypto isakmp policy priority encryption [aes | aes-192 | aes-256 | des | 3des]
For example:
hostname(config)# crypto isakmp policy 2 encryption des
Step 2 Specify the hash algorithm. The default is SHA-1. This example configures MD5.
crypto isakmp policy priority hash [md5 | sha]
For example:
hostname(config)# crypto isakmp policy 2 hash md5
Step 3 Specify the authentication method. The default is preshared keys. This example configures RSA
signatures.
crypto isakmp policy priority authentication [pre-share | crack | rsa-sig]
For example:
hostname(config)# crypto isakmp policy 2 authentication rsa-sig
Step 4 Specify the Diffie-Hellman group identifier. The default is Group 2. This example configures Group 5.
crypto isakmp policy priority group [1 | 2 | 5 | 7]
For example:
hostname(config)# crypto isakmp policy 2 group 5
Step 5 Specify the SA lifetime. This examples sets a lifetime of 4 hours (14400 seconds). The default is 86400
seconds (24 hours).
crypto isakmp policy priority lifetime seconds
For example:
hostname(config)# crypto isakmp policy 2 lifetime 14400
To Next Page
Loading...
Need help?
General