Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
How and when to configure an ISAKMP profile for VPN tunnels on routers
The Internet Security Association and Key Management Protocol (ISAKMP) profile is an enhancement to ISAKMP configurations. It enables the modularity of the ISAKMP configuration for Phase 1 negotiations. This modularity allows mapping different ISAKMP parameters to different IPsec tunnels, and mapping different IPsec tunnels to different VPN forwarding and routing (VRF) instances.
ISAKMP profile enhancement was released as part of the VRF-aware IPsec feature in Cisco IOS Software Release 12.2(15)T. Today, many applications and enhancements use the ISAKMP profile, including quality of service (QoS), router certificate management, and Multiprotocol Label Switching (MPLS) VPN configurations.
This list explains when to use an ISAKMP profile:
Any router with two or more IPsec connections that requires different Phase 1 parameters for different sites (for example, configuring site-to-site and remote access on the same router).
It is recommended to use the ISAKMP profile with Easy VPN Remote or Easy VPN Server configurations.
If custom Internet Key Exchange (IKE) Phase 1 policies are needed for different peers. For example, whether XAUTH is to be applied to a specific peer, rather than being applied on every connection.
An IPsec configuration using VRF-aware IPsec, which allows the use of a single IP address to connect to different peers with different IKE Phase 1 parameters.