Filter
Top Products
4-3
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
OL-9129-02
Chapter 4 Configuring the VSA
Configuration Tasks
To configure an IKE policy, use the following commands beginning in global configuration mode:
Command Purpose
Step 1
Router(config)# crypto isakmp policy
priority
Defines an IKE policy and enters Internet Security Association
Key Management Protocol (ISAKMP) policy configuration
(config-isakmp) mode.
Step 2
Router(config-isakmp)# encryption {des |
3des | aes | aes 128 | aes 192 | aes 256}
Specifies the encryption algorithm within an IKE policy.
• des—Specifies 56-bit DES as the encryption algorithm.
• 3des—Specifies 168-bit DES as the encryption algorithm.
• aes—Specifies 128-bit AES as the encryption algorithm.
• aes 128—Specifies 128-bit AES as the encryption algorithm.
• aes 192—Specifies 192-bit AES as the encryption algorithm.
• aes 256—Specifies 256-bit AES as the encryption algorithm.
Step 3
Router(config-isakmp)# authentication
{rsa-sig | rsa-encr | pre-share}
(Optional) Specifies the authentication method within an IKE
policy.
• rsa-sig—Specifies Rivest, Shamir, and Adelman (RSA)
signatures as the authentication method.
• rsa-encr—Specifies RSA encrypted nonces as the
authentication method.
• pre-share—Specifies preshared keys as the authentication
method.
Note If this command is not enabled, the default value (rsa-sig)
will be used.
Step 4
Router(config-isakmp)# lifetime
seconds
(Optional) Specifies the lifetime of an IKE security association
(SA).
seconds—Number of seconds that each SA should exist before
expiring. Use an integer from 60 to 86,400 seconds.
Note If this command is not enabled, the default value (86,400
seconds [one day]) will be used.