|
|
Tunnel authentication between the VPN 5002 or 5008 concentrator and a tunnel peer, such as the VPN 5000 Client or another concentrator, uses the Internet Key Exchange (IKE) protocol.
The IKE Policy section controls how the concentrator and the tunnel peer initially identify and authenticate each other so that tunnel sessions can be established. These security parameters are global to the concentrator and are not associated with a particular interface.
This initial negotiation is referred to as Phase 1 IKE negotiation. Phase 2 IKE negotiation controls how the concentrator and client handle individual tunnel sessions. To set Phase 2 IKE negotiation parameters, see "Configuring VPN Groups," or "Configuring VPN LAN-to-LAN Tunnels."
Follow these steps to configure tunnel authentication:
| Command | Purpose | |
|---|---|---|
Step 1 | configure IKE Policy | Allows you to configure the IKE Policy section. |
Step 2 | Protection = {MD5_DES_G1 | | Specifies a protection suite for the IKE negotiation. You can enter this command multiple times within this section, in which case the concentrator proposes all of the specified protection suites. The tunnel peer accepts one of the options for the negotiation. The first piece of each option is the authentication algorithm to be used for the negotiation:
The second piece is the encryption algorithm:
The third piece is the Diffie-Hellman group to be used for key exchange:
|
Posted: Wed Sep 27 10:01:40 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.