Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSEC Default Authentication with Peer

Hi Everyone,

Need to understand the output below

3550SMIA#                             sh crypto isakmp policy

Global IKE policy

Protection suite of priority 50

        encryption algorithm:   AES - Advanced Encryption Standard (128 bit keys).

        hash algorithm:         Secure Hash Standard

        authentication method:  Pre-Shared Key

        Diffie-Hellman group:   #2 (1024 bit)

        lifetime:               86400 seconds, no volume limit

Default protection suite

        encryption algorithm:   DES - Data Encryption Standard (56 bit keys).

        hash algorithm:         Secure Hash Standard

        authentication method:  Rivest-Shamir-Adleman Signature

        Diffie-Hellman group:   #1 (768 bit)

        lifetime:               86400 seconds, no volume limit

For the Phase 1 Authentication with peer what does this device use  preshared key or digital signature?

Also whats difference between Protection Suite and default pretection suite?

Regards

Mahesh

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

IPSEC Default Authentication with Peer

Hi Mahesh,

Let me try to answer your question. For phase 1 authentication in a site to site VPN both the peer exchange the ike policy started with the lower number. Lower the number higher is the priority.

In your case if the other end is an initiator and send his set of ike policy, it will match against the IKE policy 50. IF it doesn't match then it will go to the next one.

The difference between Protection suite and the default protection suite is that protection suite is the one your configured and default protection suite is the one that comes with the device.

I hope that answers your question.

Thanks

Jeet Kumar

2 REPLIES
Cisco Employee

IPSEC Default Authentication with Peer

Hi Mahesh,

Let me try to answer your question. For phase 1 authentication in a site to site VPN both the peer exchange the ike policy started with the lower number. Lower the number higher is the priority.

In your case if the other end is an initiator and send his set of ike policy, it will match against the IKE policy 50. IF it doesn't match then it will go to the next one.

The difference between Protection suite and the default protection suite is that protection suite is the one your configured and default protection suite is the one that comes with the device.

I hope that answers your question.

Thanks

Jeet Kumar

New Member

IPSEC Default Authentication with Peer

Many thanks Jeet.

Regards

Mahesh

152
Views
0
Helpful
2
Replies