Specifications

ManualsBrandsCisco ManualsComputer equipmentCatalyst 4224

231

232

233

234

235

236

237

238

239

240

Chapter 11 Configuring Encryption Services

Configuring the Encryption Service Adapter

11-4

Catalyst 4224 Access Gateway Switch Software Configuration Guide

OL-2031-02

To configure an IKE Security Protocol, follow this procedure:

For information on how to create a private or public key and to download a

certificate, visit the following website:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu

r_c/scprt4/scdipsec.htm

Task Command

Step 1

Create an IKE policy

with a unique priority

number and enter Internet Security Association

and Key Management Protocol (ISAKMP

) policy

configuration mode.

Note You can configure multiple policies on

each peer

. At least one of these

policies must contain exactly the same

encryption, authentication, and other

parameters as one of the policies on the

remote peer.

1. You must create IKE policies at each peer. An IKE policy defines a combination of security parameters to be used

during the IKE negotiation. IKE negotiations must be protected, so each IKE negotiation begins by each peer

agreeing on a common (shared) IKE policy. This policy states which security parameters will be used to protect

subsequent IKE negotiations. After the two peers agree upon a policy, the security parameters of the policy are

identified by a security association established at each peer, and these security associations apply to all subsequent

IKE traffic during the negotiation.

2. A protocol framework that defines payload formats, the mechanics of implementing a key exchange protocol, and

the negotiation of a security association.

3. In the context of this document, a peer refers to a Catalyst 4224 or other device that participates in IPSec and IKE.

Gateway(config)# crypto isakmp

policy priority

Step 2

Specify the authentication method to be used in an

IKE policy.

Gateway(config-isakmp)#

authentication

{rsa-sig|rsa-encr|pre-share}

Step 3

Return to global configuration mode.

Gateway(config-isakmp)# exit

Step 4

Configure the authentication key for each peer that

shares a key.

Gateway(config)# crypto isakmp key

keystring address

peer_address|peer_hostname