Filter
Top Products
4-4
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
OL-9129-02
Chapter 4 Configuring the VSA
Configuration Tasks
For detailed information on creating IKE policies, refer to the “Configuring Internet Key Exchange
Security Protocol” chapter in the Security Configuration Guide publication.
Disabling VSA (Optional)
The VSA is enabled by default.
To disable the VSA, use the following commands, starting in global configuration mode:
This completes the procedure for disabling and preparing to enable VSA after the next system reboot.
Configuring a Transform Set
See the Advanced Encryption Standard (AES) feature module for more information on configuring a
transform set.
This section includes the following topics:
• Defining a Transform Set
• IPSec Protocols: AH and ESP
Step 5
Router(config-isakmp)# hash {sha | md5}
(Optional) Specifies the hash algorithm within an IKE policy.
• sha—Specifies SHA-1 (HMAC variant) as the hash
algorithm.
• md5—Specifies MD5 (HMAC variant) as the hash
algorithm.
Note If this command is not enabled, the default value (sha)
will be used.
Step 6
Router(config-isakmp)# group {1 | 2 | 5}
(Optional) Specifies the Diffie-Hellman (DH) group identifier
within an IKE policy.
1—Specifies the 768-bit DH group.
2—Specifies the 1024-bit DH group.
5—Specifies the 1536-bit DH group.
Note If this command is not enabled, the default value (768-bit)
will be used.
Command Purpose
Command Purpose
Step 7
no crypto engine [slot | accelerator] 0
Note The VSA can only be inserted in slot 0.
Disables VSA.
Step 8
crypto engine [slot | accelerator] 0
VSA will be enabled after the next
system reboot.