Configure an IKE Phase 1 Profile

About this task

Use the following procedure to configure an IKE Phase 1 profile.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create an IKE phase 1 profile:

    ike profile WORD<1–32>

  3. Configure the IKE phase 1 profile hash algorithm:

    ike profile WORD<1–32> hash-algo <md5|sha|sha256|any>

  4. Configure the IKE phase 1 profile encryption algorithm:

    ike profile WORD<1–32> encrypt-algo <desCbc|3DesCbc|aesCbc|any>

  5. Configure the IKE phase 1 profile Diffie-Hellman group:

    ike profile WORD<1–32> dh-group <modp768|modp1024|modp2048|any>

  6. Configure the IKE phase 1 encryption key length:

    ike profile WORD<1–32> encrypt-key-len <128|192|256>

  7. Configure the IKE phase 1 lifetime, in seconds:

    ike profile WORD<1–32> lifetime-sec <0-4294967295>

  8. Optional: Delete the IKE Phase 1 profile:

    no ike profile WORD<1–32>

Variable Definitions

The following table defines parameters for the ike profile commands.

Variable

Value

profile WORD<1–32>

Specifies the IKE profile name.

hash-algo <md5|sha|sha256|any>

Specifies the type of hash algorithm. The default value is sha256.

encrypt-algo<desCbc|3DesCbc|aesCbc|any>

Specifies the type of encryption algorithm. The default value is aesCbc.

dh-group <modp768|modp1024|modp2048|any>

Specifies the Diffie-Hellman (DH) group. DH groups categorize the key used in the key exchange process, by its strength. The key from a higher group number is more secure. The default value is modp2048.

encrypt-key-len <128|192|256>

Specifies the length of the encryption key. The default is 256.

lifetime-sec <0-4294967295>

Specifies the lifetime value in seconds. The lifetime ensures that the peers renegotiate the SAs just before the expiry of the lifetime value, to ensure that Security Associations are not compromised. The default value is 86400 seconds.