Installation guide

ManualsBrandsCisco ManualsComputer equipmentIGX 8400 Series

100

3-20

Cisco IGX 8400 Series Installation Guide, Release 9.3.3 and Later Releases

OL-1165-06

Chapter 3 Installing the IGX

Installing a URM

Configuring Internet Key Exchange Security Protocol

To configure the Internet Key Exchange Security Protocol, complete this procedure:

Configuring IPSec Network Security

To configure IPSec network security, complete this procedure:

Command Purpose

Step 1

Router(config)# crypto isakmp policy priority Creates an Internet Key Exchange (IKE) policy with

a unique priority number. You can configure multiple

policies on each peer, but at least one of these

policies must contain exactly the same encryption,

authentication, and other parameters as one of the

policies on the remote peer.

Note This command enters the ISAKMP policy

configuration mode.

Step 2

Router(config-isakmp)# authentication

rsa-sig/rsa-encr/pre-share

Specifies the authentication method to be used in an

IKE policy.

Note The VPN encryption products described in

this document do not currently support RSA

authentication.

Step 3

Router(config-isakmp)# exit Exits the ISAKMP policy configuration mode and

returns to global configuration mode.

Step 4

Router(config)# crypto isakmp key keystring address

peer-address/peer-hostname

Configures the authentication key that will be shared

by each peer.

Note This must be configured at both peers that

will share a key.

Command Purpose

Step 1

Router(config)# crypto ipsec security-association

lifetime seconds seconds/ kilobytes kilobytes

Specifies the time a security association will live before

expiring. The default lifetimes are 3600 seconds (one

hour) and 4,608,000 kilobytes (10 megabytes per second

for one hour).

Step 2

Router(config)# crypto ipsec transform-set

transform-set-name transform1 [transform2

[transform3]]

Enters the transform-set configuration mode.

A transform set represents a specific combination of

security protocols and algorithms. During the IPSec

security association negotiation, the peers search for a

transform set that is the same at both peers. When such a

transform set is found, it is selected and applied to the

protected traffic as part of both peers’ IPSec security

associations.

Step 3

Router(cfg-crypto-trans)# exit Exits the transform-set configuration mode and returns to

global configuration mode.