Configuring isakmp policies for ikev1 connections, Configuring isakmp policies for ikev2 connections – Cisco ASA 5505 User Manual

Page 1580

Advertising

background image

73-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 73 Configuring LAN-to-LAN IPsec VPNs

Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface

•

Configuring ISAKMP Policies for IKEv2 Connections, page 73-4

Configuring ISAKMP Policies for IKEv1 Connections

To configure ISAKMP policies for IKEv1 connections, use the crypto ikev1 policy command to enter
IKEv1 policy configuration mode where you can configure the IKEv1 parameters:

crypto ikev1 policy priority

Perform the following steps and use the command syntax in the following examples as a guide.

Step 1

Enter IPsec IKEv1 policy configuration mode. For example:

hostname(config)# crypto ikev1 policy 1

hostname(config-ikev1-policy)#

Step 2

Set the authentication method. The following example configures a preshared key:

hostname(config-ikev1-policy)# authentication pre-share

hostname(config-ikev1-policy)#

Step 3

Set the encryption method. The following example configures 3DES:

hostname(config-ikev1-policy)# encryption 3des

hostname(config-ikev1-policy)#

Step 4

Set the HMAC method. The following example configures SHA-1:

hostname(config-ikev1-policy)# hash sha

hostname(config-ikev1-policy)#

Step 5

Set the Diffie-Hellman group. The following example configures Group 2:

hostname(config-ikev1-policy)# group 2

hostname(config-ikev1-policy)#

Step 6

Set the encryption key lifetime. The following example configures 43,200 seconds (12 hours):

hostname(config-ikev1-policy)# lifetime 43200

hostname(config-ikev1-policy)#

Step 7

Enable IKEv1 on the interface named outside:

hostname(config)# crypto ikev1 enable outside

hostname(config)#

Step 8

To save your changes, enter the write memory command:

hostname(config)# write memory

hostname(config)#

Configuring ISAKMP Policies for IKEv2 Connections

To configure ISAKMP policies for IKEv2 connections, use the crypto ikev2 policy command to enter
IKEv2 policy configuration mode where you can configure the IKEv2 parameters:

crypto ikev2 policy priority

Advertising

This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands

Popular manuals