Configuring ISAKMP policies

Last Updated : Feb 21, 2024 |

About this task

An ISAKMP policy defines the IKE phase 1 parameters.

Note:

You can configure up to 40 ISAKMP policies.

Important:

Define at least one ISAKMP policy.

Procedure

  1. Enter crypto isakmp policy, followed by an index number from 1 to 20, to enter the context of an ISAKMP policy list and to create the list if it does not exist.

    For example:

    Gxxx-001# crypto isakmp policy 1
Gxxx-001(config-isakmp:1)#
  2. You can use the following commands to set the parameters of the ISAKMP policy:

    • Use the description command to assign a description to the ISAKMP policy.

    • Use the authentication pre-share command to set the authentication of ISAKMP policy to pre-shared secret.

    • Use the encryption command to set the encryption algorithm for the ISAKMP policy. Possible values are aes (default), aes-192 and aes-256.

    • Use the hash command to set the hash (authentication) algorithm for the ISAKMP policy. Possible values are md5 and sha (default).

    • Use the group command to set the Diffie-Hellman group for the ISAKMP policy. The only value allowed is 14.

    • Use the lifetime command to set the lifetime of the ISAKMP SA, in seconds. The range of values is 60 to 86,400 seconds (default is 86,400). For example:

      Gxxx-001(config-isakmp:1)# description lincroft ike
Done!
Gxxx-001(config-isakmp:1)# authentication pre-share
Done!
Gxxx-001(config-isakmp:1)# encryption aes
Done!
Gxxx-001(config-isakmp:1)# hash md5
Done!
Gxxx-001(config-isakmp:1)# group 14
Done!
Gxxx-001(config-isakmp:1)# lifetime 60000
Done!
  3. Exit the ISAKMP policy context with the exit command.

    For example:

    Gxxx-001(config-isakmp:1)# exit
Gxxx-001#