Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IPsec security


I was just curious if there is actually a default if you have the key exchange set as below:-

crypto isakmp policy 1

authentication pre-share

crypto isakmp key xxx address 10.x.x.1

Would this make the exchange in plain text?

If i adjust the setting so thet the keys use MD5 as below :-

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key xxx address 10.x.x.1

Then the router will create a PKI certificate. I was just wondering on the behaviour of key authentication without using MD5.

thanks in advance!


Re: IPsec security

Hi .. these are the default if you don't specify an attribute on the policy .. it will take its value form the default policy.

Default protection suite

encryption algorithm: DES - Data Encryption Standard (56 bit keys).

hash algorithm: Secure Hash Standard

authentication method: Rivest-Shamir-Adleman Signature

Diffie-Hellman group: #1 (768 bit)

lifetime: 86400 seconds, no volume limit

I hope it helps ... please rate it if it does !!!

New Member

Re: IPsec security

Hi and thanks!!

Ok so the encryption and authentication are a combination of DES and Diffie-Hellman group. My concerns in this area are that the other end of the link will be mobile and moving from site to site. When using MD5 a PKI certificate is created which i am assuming makes security more robust as the key doesnt need to be sent each time (which has to go through the internet).

I am therefore interested if there is any history of spoofing when if only using the default protection suite.

thankyou again in advance !

CreatePlease to create content