Configuring an ISAKMP Policy
To configure an ISAKMP policy, first create the policy, and then give the
parameters. These parameters might include such things as type of encryption,
type of hash, type of authentication, SA lifetime, and Diffie-Hellman
group. The following example shows an ISAKMP policy configuration,
along with the options available with each parameter. Options will vary
based on Cisco IOS version:
IPSEC_RTR(config)#crypto isakmp policy ?
<1-10000> Priority of protection suite
IPSEC_RTR(config)#crypto isakmp policy 1
!
IPSEC_RTR(config-isakmp)#encryption ?
3des Three key triple DES
aes AES - Advanced Encryption Standard.
des DES - Data Encryption Standard (56 bit keys).
IPSEC_RTR(config-isakmp)#encryption 3des
!
IPSEC_RTR(config-isakmp)#hash ?
md5 Message Digest 5
sha Secure Hash Standard
IPSEC_RTR(config-isakmp)#hash sha
!
IPSEC_RTR(config-isakmp)#authentication ?
pre-share Pre-Shared Key
rsa-encr Rivest-Shamir-Adleman Encryption
rsa-sig Rivest-Shamir-Adleman Signature
IPSEC_RTR(config-isakmp)#authentication pre-share
!
IPSEC_RTR(config-isakmp)#group ?
1 Diffie-Hellman group 1
2 Diffie-Hellman group 2
5 Diffie-Hellman group 5
IPSEC_RTR(config-isakmp)#group 2
IPSEC_RTR(config-isakmp)#lifetime ?
<60-86400> lifetime in seconds
IPSEC_RTR(config-isakmp)#lifetime 300