05-01-2006 03:04 AM - edited 02-21-2020 02:23 PM
Hello
I was just curious if there is actually a default if you have the key exchange set as below:-
crypto isakmp policy 1
authentication pre-share
crypto isakmp key xxx address 10.x.x.1
Would this make the exchange in plain text?
If i adjust the setting so thet the keys use MD5 as below :-
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key xxx address 10.x.x.1
Then the router will create a PKI certificate. I was just wondering on the behaviour of key authentication without using MD5.
thanks in advance!
05-01-2006 05:25 PM
Hi .. these are the default if you don't specify an attribute on the policy .. it will take its value form the default policy.
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
I hope it helps ... please rate it if it does !!!
05-02-2006 06:20 AM
Hi and thanks!!
Ok so the encryption and authentication are a combination of DES and Diffie-Hellman group. My concerns in this area are that the other end of the link will be mobile and moving from site to site. When using MD5 a PKI certificate is created which i am assuming makes security more robust as the key doesnt need to be sent each time (which has to go through the internet).
I am therefore interested if there is any history of spoofing when if only using the default protection suite.
thankyou again in advance !
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: