---

---

UNCLASSIFIED Advanced Security Services  Version 1.0g  UNCLASSIFIED 165   Remote#   Remote# config t Enter configuration commands, one per line. End with CNTL/Z. Remote(config)# crypto isakmp policy 1 ! The policy number may be an integer between 1 and 65,536, with   ! the priority given to lower numbers Remote(crypto-isakmp)# encryption 3des ! If the user’s version of the IOS only supports DES, and   ! community of interest data separation is needed, then use the   ! following command to select DES for encryption   ! Remote(crypto-isakmp)# encryption des   Remote(crypto-isakmp)# hash sha Remote(crypto-isakmp)# authentication pre-share Remote(crypto-isakmp)# group 2 Remote(crypto-isakmp)# lifetime 86400 Remote(crypto-isakmp)# exit Remote(config)# exit Remote# Using the show crypto isakmp policy command in privileged EXEC mode (on either Remote or North) should now display the following information: North# show crypto isakmp policy Protection suite of priority 1   encryption algorithm:  3DES – Triple Data Encryption Standard (168 bit keys)   hash algorithm:   Secure Hash Standard   authentication method: Pre-Shared Key   Diffie-Hellman group:  #2 (1024 bit)   lifetime:       86400 seconds, no volume limit   Default protection suite   encryption algorithm:  DES - Data Encryption Standard (56 bit keys)   hash algorithm:   Secure Hash Standard   authentication method: Rivest-Shamir-Adleman Signature   Diffie-Hellman group:  #1 (768 bit)   lifetime:      86400 seconds, no volume limit North# Establishing the IPSec Protection Parameters  Using the pre-shared key and the security policy, IKE will determine preliminary information needed to create IPSec tunnels. We now need to give the tunnel its desired characteristics. This parameter set can be built using the following three steps: 1.     Creating the appropriate access lists