crypto policy encryption

To configures Phase 1 encryption for the IKE policy, hash, DH group, mode and lifetime configuration, use the isakmp policy command in Crypto Map Configuration Mode.

isakmp policy

isakmp policy encryption { {des | } { triple-des | } { aes | } { aes-192 | } { aes-256} } hash { {md5 | } { sha 1 | } { sha256 | } { sha384 | } { sha 512} } dh { {group 1| } { group 2| } { group 14 | } { group 16 | } { group 17 | } { group 18} } exch { {main | } { aggressive} } lifetime <lifetime> { {secs | } { min | } { hrs} }

Parameters

Parameter	Type	Description
`encryption`		selects encryption algorithm
`des`		sets the Encapsulating Security Payload (ESP) algorithm type as DES-CBS
`triple-des`		sets ESP algorithm type as 3DES
`aes`		sets the AES to 28 bits key-length for encrypting / decrypting a block of message
`aes-192`		sets the AES to 192 bits key-length for encrypting / decrypting a block of message
`aes-256`		sets the AES to 256 bits key-length for encrypting / decrypting a block of message
`blowfish`		sets the symmetric-key block cipher algorithm
`hash`		selects authentication hash algorithm
`md5`		selects md5 algorithm. The message-digest (md5) algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption
`sha1`		sets the hash to Secure Hash Algorithm SHA-1 (160 bit)
`sha256`		sets the hash to Secure Hash Algorithm SHA-2 (256 bit)
`sha384`		sets the hash to Secure Hash Algorithm SHA-3 (384 bit)
`sha512`		sets the hash to Secure Hash Algorithm SHA-1 (512 bit)
`dh`		selects the Diffie-Helman group for the IKE policy
`group1`		specifies use of 768-bit Diffie-Hellman Group 1 cryptography
`group14`		specifies use of 2048-bit Diffie-Hellman Group 14 cryptography. This is the minimum acceptable encryption for protection of sensitive information
`group15`		specifies use of 3072-bit Diffie-Hellman Group 14 cryptography
`group16`		specifies use of 4096-bit Diffie-Hellman Group 14 cryptography
`group17`		specifies use of 6144-bit Diffie-Hellman Group 14 cryptography
`group18`		specifies use of 8192-bit Diffie-Hellman Group 14 cryptography
`group2`		specifies use of 1024-bit Diffie-Hellman Group 2 cryptography
`group5`		specifies use of 1536-bit Diffie-Hellman Group 5 cryptography
`exch`		selects the main exchange mode type
`main`		specifies use of 768-bit Diffie-Hellman Group 1 cryptography
`aggressive`		selects the aggressive exchange mode type
`lifetime <lifetime>`		selects the exchange mode type
`hrs`		specifies lifetime in hours
`mins`		specifies lifetime in mins
`secs`		specifies lifetime in secs

Mode

Crypto Map Configuration Mode

Examples

iS5comm# configure terminal

iS5comm (config)# crypto map cybsec

iS5comm (config-crypto map)# isakmp policy encryption blowfish hash sha1 dh group1 exch main lifetime min 20