Filter
Top Products
73-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 73 Configuring LAN-to-LAN IPsec VPNs
Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface
• Configuring ISAKMP Policies for IKEv2 Connections, page 73-4
Configuring ISAKMP Policies for IKEv1 Connections
To configure ISAKMP policies for IKEv1 connections, use the crypto ikev1 policy command to enter
IKEv1 policy configuration mode where you can configure the IKEv1 parameters:
crypto ikev1 policy priority
Perform the following steps and use the command syntax in the following examples as a guide.
Step 1 Enter IPsec IKEv1 policy configuration mode. For example:
hostname(config)# crypto ikev1 policy 1
hostname(config-ikev1-policy)#
Step 2 Set the authentication method. The following example configures a preshared key:
hostname(config-ikev1-policy)# authentication pre-share
hostname(config-ikev1-policy)#
Step 3 Set the encryption method. The following example configures 3DES:
hostname(config-ikev1-policy)# encryption 3des
hostname(config-ikev1-policy)#
Step 4 Set the HMAC method. The following example configures SHA-1:
hostname(config-ikev1-policy)# hash sha
hostname(config-ikev1-policy)#
Step 5 Set the Diffie-Hellman group. The following example configures Group 2:
hostname(config-ikev1-policy)# group 2
hostname(config-ikev1-policy)#
Step 6 Set the encryption key lifetime. The following example configures 43,200 seconds (12 hours):
hostname(config-ikev1-policy)# lifetime 43200
hostname(config-ikev1-policy)#
Step 7 Enable IKEv1 on the interface named outside:
hostname(config)# crypto ikev1 enable outside
hostname(config)#
Step 8 To save your changes, enter the write memory command:
hostname(config)# write memory
hostname(config)#
Configuring ISAKMP Policies for IKEv2 Connections
To configure ISAKMP policies for IKEv2 connections, use the crypto ikev2 policy command to enter
IKEv2 policy configuration mode where you can configure the IKEv2 parameters:
crypto ikev2 policy priority