isakmp policy Parameters
Parameter Description
aes Specifies AES with a 128-bit key to be the encryption algorithm used by the IKE
policy.
aes-192 Specifies AES with a 192-bit key to be the encryption algorithm used by the IKE
policy.
aes-256 Specifies AES with a 256-bit key to be the encryption algorithm used by the IKE
policy.
des Specifies DES with a 56-bit key to be the encryption algorithm used by the IKE
policy.
3des Specifies 3DES to be the encryption algorithm used by the IKE policy.
encryption Keyword indicating that the next parameter specifies the encryption algorithm for
the IKE policy
group Keyword indicating that the next parameter is a Diffie-Hellman group. You can
specify 1, 2, or 5 (1 is the default).
hash Keyword indicating that the next parameter specifies the hash algorithm to be used
by the IKE policy.
isakmp policy Parameters (Continued)
Parameter Description
lifetime Keyword indicating that the next parameter specifies the lifetime for the IKE policy.
md5 Specifies that the MD5 hash algorithm will be used by the IKE policy.
pre-share Specifies that the IKE policy will use preshared keys for initial authentication.
priority An integer (1 to 65,534) uniquely identifying the IKE policy and assigning it a
priority (1 is the highest priority, and 65,534 is the lowest priority).
rsa-sig Specifies that the IKE policy will use RSA signatures for initial authentication.
sha Specifies that the SHA-1 hash algorithm will be used by the IKE policy. This is the
default hash algorithm.
For instance, suppose that you want to configure an ISAKMP policy based on the following
criteria:
■ Preshare key initial authentication
■ AES encryption algorithm (128-bit)
■ SHA hash algorithm
■ Diffie-Hellman group 5
The commands to define this ISAKMP policy are as follows:
Pix(config)# isakmp enable outside
Pix(config)# isakmp policy 30 authentication pre-share
Pix(config)# isakmp policy 30 encryption aes
Pix(config)# isakmp policy 30 hash sha
Pix(config)# isakmp policy 30 group 5