Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
2
Replies

IPSEC Default Authentication with Peer

Go to solution
mahesh18
Level 6
Level 6

‎09-07-2013 07:43 AM - edited ‎02-21-2020 07:08 PM

Hi Everyone,

Need to understand the output below

3550SMIA#                             sh crypto isakmp policy

Global IKE policy

Protection suite of priority 50

        encryption algorithm:   AES - Advanced Encryption Standard (128 bit keys).

        hash algorithm:         Secure Hash Standard

        authentication method:  Pre-Shared Key

        Diffie-Hellman group:   #2 (1024 bit)

        lifetime:               86400 seconds, no volume limit

Default protection suite

        encryption algorithm:   DES - Data Encryption Standard (56 bit keys).

        hash algorithm:         Secure Hash Standard

        authentication method:  Rivest-Shamir-Adleman Signature

        Diffie-Hellman group:   #1 (768 bit)

        lifetime:               86400 seconds, no volume limit

For the Phase 1 Authentication with peer what does this device use  preshared key or digital signature?

Also whats difference between Protection Suite and default pretection suite?

Regards

Mahesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jeet Kumar
Cisco Employee
Cisco Employee

‎09-07-2013 11:17 PM

Hi Mahesh,

Let me try to answer your question. For phase 1 authentication in a site to site VPN both the peer exchange the ike policy started with the lower number. Lower the number higher is the priority.

In your case if the other end is an initiator and send his set of ike policy, it will match against the IKE policy 50. IF it doesn't match then it will go to the next one.

The difference between Protection suite and the default protection suite is that protection suite is the one your configured and default protection suite is the one that comes with the device.

I hope that answers your question.

Thanks

Jeet Kumar

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jeet Kumar
Cisco Employee
Cisco Employee

‎09-07-2013 11:17 PM

Hi Mahesh,

Let me try to answer your question. For phase 1 authentication in a site to site VPN both the peer exchange the ike policy started with the lower number. Lower the number higher is the priority.

In your case if the other end is an initiator and send his set of ike policy, it will match against the IKE policy 50. IF it doesn't match then it will go to the next one.

The difference between Protection suite and the default protection suite is that protection suite is the one your configured and default protection suite is the one that comes with the device.

I hope that answers your question.

Thanks

Jeet Kumar

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jeet Kumar

‎09-10-2013 09:17 AM

Many thanks Jeet.

Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents