Cisco Systems OL-6426-02 Benutzerhandbuch

An example showing the results of these configuration tasks is shown in the section “

.”

The procedures in this chapter assume that you have already configured basic router features as well as 
PPPoE or PPPoA with NAT, DCHP and VLANs. If you have not performed these configurations tasks, 
see 

 

 and 

 as appropriate for your router.

Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global 
configuration mode:

crypto isakmp policy priority 

Router(config)# crypto isakmp policy 1

Router(config-isakmp)# 

Creates an IKE policy that is used during IKE 
negotiation. The priority is a number from 1 to 
10000, with 1 being the highest.

Also enters the Internet Security Association Key 
and Management Protocol (ISAKMP) policy 
configuration mode.

encryption {des | 3des | aes | aes 192 | aes 256}

Router(config-isakmp)# encryption 3des

Router(config-isakmp)# 

Specifies the encryption algorithm used in the IKE 
policy. 

The example specifies 168-bit data encryption 
standard (DES).

hash {md5 | sha}

Router(config-isakmp)# hash md5

Router(config-isakmp)# 

Specifies the hash algorithm used in the IKE 
policy. 

The example specifies the Message Digest 5 
(MD5) algorithm. The default is Secure Hash 
standard (SHA-1).

authentication {rsa-sig | rsa-encr | pre-share} 

Router(config-isakmp)# authentication 

Router(config-isakmp)# 

Specifies the authentication method used in the 
IKE policy. 

The example specifies a pre-shared key.

group {1 | 2 | 5}

Router(config-isakmp)# group 2

Router(config-isakmp)# 

Specifies the Diffie-Hellman group to be used in 
an IKE policy.