Specifications
Table Of Contents
- Contents
- Preface
- Getting Started
- Basic Router Configuration
- Interface Port Labels
- Viewing the Default Configuration
- Information Needed for Configuration
- Configuring Basic Parameters
- Configuring Static Routes
- Configuring Dynamic Routes
- Configuring Enhanced IGRP
- Basic Router Configuration
- Configuring Your Router for Ethernet and DSL Access
- Sample Network Deployments
- Configuring PPP over Ethernet with NAT
- Configuring PPP over ATM with NAT
- Configuring a LAN with DHCP and VLANs
- Configuring a VPN Using Easy VPN and an IPSec Tunnel
- Configure the IKE Policy
- Configure Group Policy Information
- Apply Mode Configuration to the Crypto Map
- Enable Policy Lookup
- Configure IPSec Transforms and Protocols
- Configure the IPSec Crypto Method and Parameters
- Apply the Crypto Map to the Physical Interface
- Create an Easy VPN Remote Configuration
- Verifying Your Easy VPN Configuration
- Configuration Example
- Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
- Configuring a Simple Firewall
- Configuring a Wireless LAN Connection
- Sample Configuration
- Configuring Additional Features and Troubleshooting
- Additional Configuration Options
- Configuring Security Features
- Configuring Dial Backup and Remote Management
- Troubleshooting
- Reference Information
- Cisco IOS Software Basic Skills
- Concepts
- ROM Monitor
- Common Port Assignments
6-3
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel
Configure the IKE Policy
An example showing the results of these configuration tasks is shown in the section “Configuration
Example.”
Note The procedures in this chapter assume that you have already configured basic router features as well as
PPPoE or PPPoA with NAT, DCHP and VLANs. If you have not performed these configurations tasks,
see
Chapter 1, “Basic Router Configuration,” Chapter 3, “Configuring PPP over Ethernet with NAT,”
Chapter 4, “Configuring PPP over ATM with NAT,” and Chapter 5, “Configuring a LAN with DHCP
and VLANs” as appropriate for your router.
Configure the IKE Policy
Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global
configuration mode:
Command or Action Purpose
Step 1
crypto isakmp policy priority
Example:
Router(config)# crypto isakmp policy 1
Router(config-isakmp)#
Creates an IKE policy that is used during IKE
negotiation. The priority is a number from 1 to
10000, with 1 being the highest.
Also enters the Internet Security Association Key
and Management Protocol (ISAKMP) policy
configuration mode.
Step 2
encryption {des | 3des | aes | aes 192 | aes 256}
Example:
Router(config-isakmp)# encryption 3des
Router(config-isakmp)#
Specifies the encryption algorithm used in the IKE
policy.
The example specifies 168-bit data encryption
standard (DES).
Step 3
hash {md5 | sha}
Example:
Router(config-isakmp)# hash md5
Router(config-isakmp)#
Specifies the hash algorithm used in the IKE
policy.
The example specifies the Message Digest 5
(MD5) algorithm. The default is Secure Hash
standard (SHA-1).
Step 4
authentication {rsa-sig | rsa-encr | pre-share}
Example:
Router(config-isakmp)# authentication
pre-share
Router(config-isakmp)#
Specifies the authentication method used in the
IKE policy.
The example specifies a pre-shared key.
Step 5
group {1 | 2 | 5}
Example:
Router(config-isakmp)# group 2
Router(config-isakmp)#
Specifies the Diffie-Hellman group to be used in
an IKE policy.