Command:  

crypto isakmp policy

 

Mode:

Router(config)#


Syntax:

crypto isakmp policy priority

 

no crypto isakmp policy

 

Syntax Description:

priority

Uniquely identifies the IKE policy and assigns a priority to the policy. Use an integer from 1 to 10,000, with 1 being the highest priority and 10,000 the lowest.

 

Command Description:

To define an Internet Key Exchange policy, use the crypto isakmp policyglobal configuration command. IKE policies define a set of parameters to be used during the IKE negotiation. To delete an IKE policy, use the noform of this command.


Example:

The following example configures two policies for the peer:

crypto isakmp policy15

 hash md5

 authentication rsa-sig

 group 2

 lifetime 5000

crypto isakmp policy20

 authentication pre-share

 lifetime 10000

The above configuration results in the following policies:

Router# show crypto isakmp policy

Protection suite priority 15

encryption algorithm: DES - Data Encryption Standard (56 bit keys)

hash algorithm: Message Digest 5

authentication method: Rivest-Shamir-Adleman Signature

Diffie-Hellman Group: #2 (1024 bit)

lifetime: 5000 seconds, no volume limit

Protection suite priority 20

encryption algorithm: DES - Data Encryption Standard (56 bit keys)

hash algorithm: Secure Hash Standard

authentication method: preshared Key

Diffie-Hellman Group: #1 (768 bit)

lifetime: 10000 seconds, no volume limit

Default protection suite

encryption algorithm: DES - Data Encryption Standard (56 bit keys)

hash algorithm: Secure Hash Standard

authentication method: Rivest-Shamir-Adleman Signature

Diffie-Hellman Group: #1 (768 bit)

lifetime: 86400 seconds, no volume limit

 


Misconceptions:

None


Related commands:

 

show crypto isakmp policy


© Cisco Systems, Inc. 2001, 2002
World Wide Education





Converted from CHM to HTML with chm2web Pro 2.85 (unicode)