Filter
Top Products
25-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 25 Configuring IKE and IPsec Policies
Understanding IKE
Tip You can also access this dialog box when configuring the IKE Proposal policy as explained in
Configuring an IKE Proposal, page 25-9.
Related Topics
• Configuring IKEv2 Proposal Policy Objects, page 25-13
• Creating Policy Objects, page 6-9
• Policy Object Manager, page 6-4
• Configuring IPSec IKEv1 or IKEv2 Transform Set Policy Objects, page 25-25
Field Reference
Table 25-1 IKEv1 Proposal Dialog Box
Element Description
Name The name of the policy object. A maximum of 128 characters is
allowed.
Description A description of the policy object. A maximum of 1024 characters is
allowed.
Priority The priority value of the IKE proposal. The priority value determines
the order of the IKE proposals compared by the two negotiating peers
when attempting to find a common security association (SA). If the
remote IPsec peer does not support the parameters selected in your first
priority policy, the device tries to use the parameters defined in the
policy with the next lowest priority number.
Valid values range from 1 to 10000. The lower the number, the higher
the priority. If you leave this field blank, Security Manager assigns the
lowest unassigned value starting with 1, then 5, then continuing in
increments of 5.
Encryption Algorithm The encryption algorithm used to establish the Phase 1 SA for
protecting Phase 2 negotiations:
• AES-128—Encrypts according to the Advanced Encryption
Standard using 128-bit keys.
• AES-192—Encrypts according to the Advanced Encryption
Standard using 192-bit keys.
• AES-256—Encrypts according to the Advanced Encryption
Standard using 256-bit keys.
• DES—Encrypts according to the Data Encryption Standard using
56-bit keys.
• 3DES—Encrypts three times using 56-bit keys. 3DES is more
secure than DES, but requires more processing for encryption and
decryption. It is less secure than AES. A 3DES license is required
to use this option.