Filter
Top Products
4-3
Integrated Services Adapter and Integrated Services Module Installation and Configuration
OL-3575-01 B0
Chapter 4 Configuring the ISA and ISM
Configuring IKE
Use the ppp encrypt mppe{auto | 40 | 128} [passive | required] [stateful] command in interface
configuration mode to enable MPPE on the virtual template.
Configuring IKE
IKE is enabled by default. IKE does not have to be enabled for individual interfaces but is enabled
globally for all interfaces at the router. You must create IKE policies at each peer. An IKE policy defines
a combination of security parameters to be used during the IKE negotiation.
You can create multiple IKE policies, each with a different combination of parameter values. If you do
not configure any IKE policies, the router uses the default policy, which is always set to the lowest
priority, and which contains each parameter’s default value.
For each policy that you create, you assign a unique priority (1 through 10,000, with 1 being the highest
priority). You can configure multiple policies on each peer—but at least one of these policies must
contain exactly the same encryption, hash, authentication, and Diffie-Hellman parameter values as one
of the policies on the remote peer.
If you do not specify a value for a parameter, the default value is assigned. For information on default
values, refer to the “IP Security and Encryption” chapter of the Security Command Reference
publication.
Note The default policy and the default values for configured policies do not show up in the configuration
when you issue a show running-config EXEC command. Instead, to see the default policy and any
default values within configured policies, use the show crypto isakmp policy EXEC command.
To configure a policy, use the following commands, starting in global configuration mode:
For detailed information on creating IKE policies, refer to the “Configuring Internet Key Exchange
Security Protocol” chapter in the Security Configuration Guide publication. This chapter contains
information on the following topics:
• Why Do You Need to Create These Policies?
• What Parameters Do You Define in a Policy?
• How Do IKE Peers Agree upon a Matching Policy?
• Which Value Should You Select for Each Parameter?
• Creating Policies
• Additional Configuration Required for IKE Policies
Step Command Purpose
1. crypto isakmp policy priority Identify the policy to create, and enter
config-isakmp command mode.
1. encryption {des | 3des} Specify the encryption algorithm.
1. group {1 | 2} Specify the Diffie-Hellman group identifier.