Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

ISAKMP Protocol Policy Mode Commands

XSR CLI Reference Guide 14-95

ISAKMP Protocol Policy Mode Commands

crypto isakmp proposal

ThiscommanddefinesanIKEproposal(policy)‐asetofparametersusedduringIKEnegotiation.

ItinvokesISAKMPprotocolpolicyconfigurationmodewherethefollowingsub‐commandsare

availabletospecifyparametersintheproposal:

•

authentication ‐AuthenticationmethodusedbyanIKEproposal.Refertopage14‐96for

thecommanddefinition.

•

encryption ‐EncodingmethodusedbyanIKEproposal.Refertopage14‐97forthe

commanddefinition.

•

group ‐Diffie‐HellmangrouptypeusedbyanIKEproposal.Refertopage14‐97forthe

commanddefinition.

•

hash ‐HashalgorithmusedbyanIKEproposal.Refertopage14‐98forthecommand

definition.

•

lifetime ‐SAintervalusedbyanIKEproposal.Refertopage14‐99forthecommand

definition.

ManyIKEproposals(policies)canbeconfiguredoneachpeerparticipatinginIPSec.WhenIKE

negotiationbegins,ittriestofindacommonproposal(policy)onbothpeers;thecommon

proposalcontainsexactlythesame

encryption,hash,authentication,andDiffie‐Hellmanvalues.

Thelifetimevaluedoesnotnecessarilyhavetobethesame.

Syntax

crypto isakmp proposal name

Syntax of the “no” Form

TodeleteanIKEproposal(policy),usethenoformofthiscommand:

no crypto isakmp proposal name

Defaults

TheDEFAULTproposalcontainsthesedefaultvalues:

• Authentication:RSAsignatures

• Encryption:TripleDES

•Group:2

•Hash:SHA‐1

• Lifetime:28,840seconds(8hours)

Mode

Globalconfiguration:XSR(config)#

name

Proposalnametobedefined.

previous next