Isakmp protocol policy mode commands, Isakmp protocol policy mode commands -95 – Enterasys Networks X-Pedition XSR CLI User Manual
Page 549
ISAKMP Protocol Policy Mode Commands
XSR CLI Reference Guide 14-95
ISAKMP Protocol Policy Mode Commands
crypto isakmp proposal
This command defines an IKE proposal (policy) ‐ a set of parameters used during IKE negotiation.
It invokes ISAKMP protocol policy configuration mode where the following sub‐commands are
available to specify parameters in the proposal:
•
authentication
‐ Authentication method used by an IKE proposal. Refer to
the command definition.
•
encryption
‐ Encoding method used by an IKE proposal. Refer to
command definition.
•
group
‐ Diffie‐Hellman group type used by an IKE proposal. Refer to
command definition.
•
hash
‐ Hash algorithm used by an IKE proposal. Refer to
definition.
•
lifetime
‐ SA interval used by an IKE proposal. Refer to
for the command
definition.
Many IKE proposals (policies) can be configured on each peer participating in IPSec. When IKE
negotiation begins, it tries to find a common proposal (policy) on both peers; the common
proposal contains exactly the same encryption, hash, authentication, and Diffie‐Hellman values.
The lifetime value does not necessarily have to be the same.
Syntax
crypto isakmp proposal name
Syntax of the “no” Form
To delete an IKE proposal (policy), use the no form of this command:
no crypto isakmp proposal name
Defaults
The DEFAULT proposal contains these default values:
•
Authentication: RSA signatures
•
Encryption: Triple DES
•
Group: 2
•
Hash: SHA‐1
•
Lifetime: 28,840 seconds (8 hours)
Mode
Global configuration:
XSR(config)#
name
Proposal name to be defined.