HostedDB - Dedicated UNIX Servers
index_182
Router Security Configuration Guide UNCLASSIFIED 182 UNCLASSIFIED Version 1.0g Click on the security method preference order options and edit them to ensure that at least one of them contains the cryptographic settings for protecting the actual data that was configured in the Cisco.  In fact, if you want to delete all but the one offer that is used, that would not be bad.  For our example, we are using ESP with both 3DES and SHA, and are not using the AH protocol.  The lifetime (until keys are renegotiated) is not important, so any settings for that are acceptable.  We want to select “Negotiate security” here. Choose “Accept unsecured communication, but always respond using IPSec”.  We do not want to select the final two options, “Allow unsecured communications with non IPSec aware computer” and “Session key Perfect Forward Secrecy”.  The reason we don't want to allow unsecured communications is that this IPSec configuration only applies to communication with the router, communication to other places is not affected and so not IPSec protected.  For just this connection, we want to use security, so we require it.  Perfect Forward Secrecy is a way to do a second key exchange, which is mostly used when the initial key exchange is shared.  This is not the case here.  When all these settings are correct, click “OK”.  Highlight the “Require Security” button, and click “Next”.  The only remaining thing to do is to click "Finish."  The next time you connect to the Cisco router, IPSec will be activated automatically, and the traffic will be IPSec protected. After following all these steps, you have created an IP Security Policy, and that new policy will appear in the management console window.  Make sure that the policy is actually in effect, typically you must explicitly assign a policy after creating it.  Look at the third column, “Assigned”, of the policy listing in the management console window.  If the column contains the word “No”, then right-click on it, and select “assign” from the popup menu.  The value in the third column should change to “Yes” and the policy will be imposed.