Filter
Top Products
34-5
Cisco ASDM User Guide
OL-16647-01
Chapter 34 IKE
IKE Policies
–
Priority #—Shows the priority of the policy.
–
Encryption—Shows the encryption method.
–
Hash—Shows the has algorithm.
–
D-H Group—Shows the Diffie-Hellman group.
–
Authentication—Shows the authentication method.
–
Lifetime (secs)—Shows the SA lifetime in seconds.
• Add/Edit/Delete—Click to add, edit, or delete an IKE policy.
Modes
The following table shows the modes in which this feature is available:
Add/Edit IKE Policy
Fields
Priority #—Type a number to set a priority for the IKE policy. The range is 1 to 65,543, with 1 the
highest priority.
Encryption—Select an encryption method. This is a symmetric encryption method that protects data
transmitted between two IPsec peers.The choices follow:
Hash—Select the hash algorithm that ensures data integrity. It ensures that a packet comes from whom
you think it comes from, and that it has not been modified in transit.
Authentication—Select the authentication method the security appliance uses to establish the identity
of each IPsec peer. Pre-shared keys do not scale well with a growing network but are easier to set up in
a small network. The choices follow:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
des 56-bit DES-CBC. Less secure but faster than the alternatives. The default.
3des 168-bit Triple DES.
aes 128-bit AES.
aes-192 192-bit AES.
aes-256 256-bit AES.
sha SHA-1 The default is SHA-1. MD5 has a smaller digest and is considered to
be slightly faster than SHA-1. A successful (but extremely difficult)
attack against MD5 has occurred; however, the HMAC variant IKE
uses prevents this attack.
md5 MD5
pre-share Pre-shared keys.