Cisco Systems OL-6426-02 Benutzerhandbuch
B E TA D R A F T - C I S C O C O N F I D E N T I A L
6-3
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel
Configure the IKE Policy
An example showing the results of these configuration tasks is shown in the section “
.”
Note
The procedures in this chapter assume that you have already configured basic router features as well as
PPPoE or PPPoA with NAT, DCHP and VLANs. If you have not performed these configurations tasks,
see
PPPoE or PPPoA with NAT, DCHP and VLANs. If you have not performed these configurations tasks,
see
and
as appropriate for your router.
Configure the IKE Policy
Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global
configuration mode:
configuration mode:
Command or Action
Purpose
Step 1
crypto isakmp policy priority
Example:
Router(config)# crypto isakmp policy 1
Router(config-isakmp)#
Creates an IKE policy that is used during IKE
negotiation. The priority is a number from 1 to
10000, with 1 being the highest.
negotiation. The priority is a number from 1 to
10000, with 1 being the highest.
Also enters the Internet Security Association Key
and Management Protocol (ISAKMP) policy
configuration mode.
and Management Protocol (ISAKMP) policy
configuration mode.
Step 2
encryption {des | 3des | aes | aes 192 | aes 256}
Example:
Router(config-isakmp)# encryption 3des
Router(config-isakmp)#
Specifies the encryption algorithm used in the IKE
policy.
policy.
The example specifies 168-bit data encryption
standard (DES).
standard (DES).
Step 3
hash {md5 | sha}
Example:
Router(config-isakmp)# hash md5
Router(config-isakmp)#
Specifies the hash algorithm used in the IKE
policy.
policy.
The example specifies the Message Digest 5
(MD5) algorithm. The default is Secure Hash
standard (SHA-1).
(MD5) algorithm. The default is Secure Hash
standard (SHA-1).
Step 4
authentication {rsa-sig | rsa-encr | pre-share}
Example:
Router(config-isakmp)# authentication
pre-share
Router(config-isakmp)#
Specifies the authentication method used in the
IKE policy.
IKE policy.
The example specifies a pre-shared key.
Step 5
group {1 | 2 | 5}
Example:
Router(config-isakmp)# group 2
Router(config-isakmp)#
Specifies the Diffie-Hellman group to be used in
an IKE policy.
an IKE policy.