ISAKMP Protocol Policy Mode Commands
XSR CLI Reference Guide 14-95
ISAKMP Protocol Policy Mode Commands
crypto isakmp proposal
ThiscommanddefinesanIKEproposal(policy)‐asetofparametersusedduringIKEnegotiation.
ItinvokesISAKMPprotocolpolicyconfigurationmodewherethefollowingsub‐commandsare
availabletospecifyparametersintheproposal:
•
authentication ‐AuthenticationmethodusedbyanIKEproposal.Refertopage14‐96for
thecommanddefinition.
•
encryption ‐EncodingmethodusedbyanIKEproposal.Refertopage14‐97forthe
commanddefinition.
•
group ‐Diffie‐HellmangrouptypeusedbyanIKEproposal.Refertopage14‐97forthe
commanddefinition.
•
hash ‐HashalgorithmusedbyanIKEproposal.Refertopage14‐98forthecommand
definition.
•
lifetime ‐SAintervalusedbyanIKEproposal.Refertopage14‐99forthecommand
definition.
ManyIKEproposals(policies)canbeconfiguredoneachpeerparticipatinginIPSec.WhenIKE
negotiationbegins,ittriestofindacommonproposal(policy)onbothpeers;thecommon
proposalcontainsexactlythesame
encryption,hash,authentication,andDiffie‐Hellmanvalues.
Thelifetimevaluedoesnotnecessarilyhavetobethesame.
Syntax
crypto isakmp proposal name
Syntax of the “no” Form
TodeleteanIKEproposal(policy),usethenoformofthiscommand:
no crypto isakmp proposal name
Defaults
TheDEFAULTproposalcontainsthesedefaultvalues:
• Authentication:RSAsignatures
• Encryption:TripleDES
•Group:2
•Hash:SHA‐1
• Lifetime:28,840seconds(8hours)
Mode
Globalconfiguration:XSR(config)#
name
Proposalnametobedefined.