IPSEC, Peer-To-Peer, Polcies.

Unanswered Question
Jun 9th, 2009

Hi all,

From this following text,

"Peers need to negotiate a common ISAKMP policy in order to establish an IPsec peer relationship. So depending on the devices you expect to peer with, you may need multiple ISAKMP policies. Each ISAKMP policy is assigned a unique priority number between 1 and 10,000.

"

Question_1: Is it so that each policy would be towards one peer? Or what is the policy about?

Question_2: What is the role of the priority number?

Thanks a lot.

Kind regards.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Todd Pula Tue, 06/09/2009 - 06:18

The ISAKMP policies are not specific to a peer. They are configured globally and identify what phase 1 attributes the security device supports. The priority number is used to uniquely identify each respective ISAKMP policy.

network_enginee... Tue, 06/09/2009 - 06:53

Hello!

Thanks for that reply. Further question: On one gateway, only one ISAKMP policy is supported right? Or more? What is the relation between the ISAKMP policy, peer and the priority?

Sorry, but I am still a bit confused.

Thanks again.

Kind regards.

Actions

This Discussion