crypto-ikev1/ikev2-policy commands
Configures ISAKMP proposals and their parameters
isakmp-proposal <WORD> encryption [3des|aes|aes-192|aes-256] group [14|2|5] hash [aes-xcbc-mac|md5|sha|sha256]
isakmp-proposal <WORD> encryption [3des|aes|aes-192|aes-256] group [14|2|5] hash [aes-xcbc-mac|md5|sha|sha256]
| <WORD> | Assigns the target peer (tunnel destination) a 32 character maximum name to distinguish it from others with a similar configuration. |
| encryption [3des|aes|aes-192| aes-256] | Configures the
encryption method used by the tunneled peers to securely inter-operate
|
| group [14|2|5] | Specifies the DH
(Diffie-Hellman) group identifier used by VPN peers to
derive a shared secret password without having to transmit. DH groups
determine the strength of the key used in key exchanges. The higher the
group number, the stronger and more secure the key. Options include 2, 5 and
14.
|
| hash [maes-xcbc-mac| md5|sha|sha256] | Specifies the
hash algorithm used to authenticate data transmitted over the IKE SA. The
hash algorithm specified here is used by VPN peers to exchange credential
information.
|
nx9500-6C8809(config-profile-default-ap8533-ikev1-policy-ikev1-testpolicy)#isakmp-proposal testproposal encryption aes group 2 hash sha nx9500-6C8809(config-profile-default-ap8533-ikev1-policy-ikev1-testpolicy)#show context crypto ikev1 policy testpolicy dpd-keepalive 11 dpd-retries 10 isakmp-proposal default encryption aes-256 group 2 hash sha isakmp-proposal testpraposal encryption aes group 2 hash sha nx9500-6C8809(config-profile-default-ap8533-ikev1-policy-ikev1-testpolicy)#