Filter
Top Products
34-6
Cisco ASDM User Guide
OL-16647-01
Chapter 34 IKE
IKE Policies
D-H Group—Select the Diffie-Hellman group identifier, which the two IPsec peers use to derive a
shared secret without transmitting it to each other.
Lifetime (secs)—Either select Unlimited or type an integer for the SA lifetime. The default is 86,400
seconds or 24 hours. With longer lifetimes, the security appliance sets up future IPsec security
associations more quickly. Encryption strength is great enough to ensure security without using very fast
rekey times, on the order of every few minutes. We recommend that you accept the default.
Time Measure—Select a time measure. The security appliance accepts the following values:.
Modes
The following table shows the modes in which this feature is available:
Assignment Policy
IP addresses make internetwork connections possible. They are like telephone numbers: both the sender
and receiver must have an assigned number to connect. But with VPNs, there are actually two sets of
addresses: the first set connects client and server on the public network; and once that connection is
made, the second set connects client and server through the VPN tunnel.
In security appliance address management, we are dealing with the second set of IP addresses: those
private IP addresses that connect a client with a resource on the private network, through the tunnel, and
let the client function as if it were directly connected to the private network. Furthermore, we are dealing
rsa-sig A digital certificate with keys generated by the RSA signatures algorithm.
crack IKE Challenge/Response for Authenticated Cryptographic Keys protocol for mobile
IPsec-enabled clients which use authentication techniques other than certificates.
1 Group 1 (768-bit) The default, Group 2 (1024-bit Diffie-Hellman) requires less
CPU time to execute but is less secure than Group 2 or 5.
2 Group 2 (1024-bit
5 Group 5 (1536-bit)
7 Group 7 (Elliptical
curve field size is
163 bits.)
Group 7 is for use with the Movian VPN client, but with any
peer that supports Group 7 (ECC).
120 - 86,400 seconds
2 - 1440 minutes
1 - 24 hours
1 day
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——