index_165
UNCLASSIFIED
Advanced Security Services
Version 1.0g
UNCLASSIFIED
165
Remote#
Remote# config t
Enter configuration commands, one per line. End with CNTL/Z.
Remote(config)# crypto isakmp policy 1
! The policy number may be an integer between 1 and 65,536, with
! the priority given to lower numbers
Remote(crypto-isakmp)# encryption 3des
! If the users version of the IOS only supports DES, and
! community of interest data separation is needed, then use the
! following command to select DES for encryption
! Remote(crypto-isakmp)# encryption des
Remote(crypto-isakmp)# hash sha
Remote(crypto-isakmp)# authentication pre-share
Remote(crypto-isakmp)# group 2
Remote(crypto-isakmp)# lifetime 86400
Remote(crypto-isakmp)# exit
Remote(config)# exit
Remote#
Using the show crypto isakmp policy command in privileged EXEC mode (on
either Remote or North) should now display the following information:
North# show crypto isakmp policy
Protection suite of priority 1
encryption algorithm: 3DES Triple Data Encryption Standard (168
bit keys)
hash algorithm:
Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime:
86400 seconds, no volume limit
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit
keys)
hash algorithm:
Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime:
86400 seconds, no volume limit
North#
Establishing the IPSec Protection Parameters
Using the pre-shared key and the security policy, IKE will determine preliminary
information needed to create IPSec tunnels. We now need to give the tunnel its
desired characteristics. This parameter set can be built using the following three
steps:
1. Creating the appropriate access lists