Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Understanding IKE VPN3000

Hi all together,

I still have a problem understanding the IKE settings in the VPN 3000 Concentrator. Can someone tell me for what purpose the IKE Parameters under Configuration | Policy Management | Traffic Manangement | SAs are good for?

In my understanding the order of establishing a tunnel is:

1. Client sends IKE proposals to the concentrator. The concentrator looks in the active proposals (Configuration | Tunneling and Security | IPSec | IKE Proposals) and uses the first matching proposal to handle IKE Phase 1

2. The user group's IPSec SA (Configuration | User Management | groups | IPSec tab | IPSec SA) is used for IKE Phase 2. These IPSec Parameters are configured in the section "IPSec Paramters" in Configuration | Policy Management | Traffic Management | SAs.

I don't understand for what the IKE parameters are good for. Perhaps someone can tell me.

Thanks a lot for your help.



Re: Understanding IKE VPN3000

IKE provides these benefits:

1.Eliminates the need to manually specify all the IPSec security parameters in the crypto maps at both peers.

2.Allows you to specify a lifetime for the IPSec security association.

3.Allows encryption keys to change during IPSec sessions.

4.,Allows IPSec to provide anti-replay services.

5.Permits CA support for a manageable, scalable IPSec implementation.

6.Allows dynamic authentication of peers.

CreatePlease login to create content