Filter
Top Products
68-7
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 68 Configuring IKE, Load Balancing, and NAC
Creating IKE Policies
Hash—Choose the hash algorithm that ensures data integrity. It ensures that a packet comes from whom
you think it comes from, and that it has not been modified in transit.
Authentication—Choose the authentication method the ASA uses to establish the identity of each IPsec
peer. Preshared keys do not scale well with a growing network but are easier to set up in a small network.
The choices follow:
D-H Group—Choose the Diffie-Hellman group identifier, which the two IPsec peers use to derive a
shared secret without transmitting it to each other.
Lifetime (secs)—Either check Unlimited or enter an integer for the SA lifetime. The default is 86,400
seconds or 24 hours. With longer lifetimes, the ASA sets up future IPsec security associations more
quickly. Encryption strength is great enough to ensure security without using very fast rekey times, on
the order of every few minutes. We recommend that you accept the default.
Time Measure—Choose a time measure. The ASA accepts the following values:.
Modes
The following table shows the modes in which this feature is available:
sha SHA-1 The default is SHA-1. MD5 has a smaller digest and is considered to
be slightly faster than SHA-1. A successful (but extremely difficult)
attack against MD5 has occurred; however, the HMAC variant IKE
uses prevents this attack.
md5 MD5
pre-share Preshared keys.
rsa-sig A digital certificate with keys generated by the RSA signatures algorithm.
crack IKE Challenge/Response for Authenticated Cryptographic Keys protocol for mobile
IPsec-enabled clients which use authentication techniques other than certificates.
1 Group 1 (768-bit) The default, Group 2 (1024-bit Diffie-Hellman) requires less
CPU time to execute but is less secure than Group 2 or 5.
2 Group 2 (1024-bit)
5 Group 5 (1536-bit)
120 - 86,400 seconds
2 - 1440 minutes
1 - 24 hours
1 day
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——