https://community.cisco.com/t5/network-security/configuring-isakmp-policy-in-cisco-pix-firewall/m-p/276364#M562875 <HTML><HEAD></HEAD><BODY><P>Hi Rik,</P><P></P><P>first thanks for communication.</P><P>After you put in CLI on PIX command</P><P>sh isakmp policy you can see policies you configured</P><P>(I mean me) an at the end is default policy</P><P></P><P>Default protection suite</P><P> encryption algorithm: DES - Data Encryption Standard (56 bit keys).</P><P> hash algorithm: Secure Hash Standard</P><P> authentication method: Rivest-Shamir-Adleman Signature</P><P> Diffie-Hellman group: #1 (768 bit)</P><P> lifetime: 86400 seconds, no volume limit</P><P></P><P></P><P>So my question is for which reason is there.?</P><P></P><P>rg</P><P>jl</P><P></P></BODY></HTML> Mon, 23 Aug 2004 14:15:29 GMT johnleeee 2004-08-23T14:15:29Z https://community.cisco.com/t5/network-security/configuring-isakmp-policy-in-cisco-pix-firewall/m-p/276362#M562873 <P>Hi all,</P><P></P><P>I need help with configuring isakmp policy on PIX</P><P>to set up VPN connection from another PIX.</P><P>What is true? When I configure same policy in both PIXs (PIX to PIX)they establish VPN connection. Thats true.</P><P></P><P>When I connfigure different policy in both, they dont establish VPN connection.</P><P>Thats true again.</P><P></P><P>And on PIX is default isakmp policy preconfigured.</P><P>Will this policy play role in setting VPN connection up when configured didnt.</P><P>I ask this question because on each PIX isakmp policy is same.</P><P></P><P>rg</P><P></P><P>jl</P><P></P> Fri, 21 Feb 2020 07:35:15 GMT https://community.cisco.com/t5/network-security/configuring-isakmp-policy-in-cisco-pix-firewall/m-p/276362#M562873 johnleeee 2020-02-21T07:35:15Z https://community.cisco.com/t5/network-security/configuring-isakmp-policy-in-cisco-pix-firewall/m-p/276363#M562874 <HTML><HEAD></HEAD><BODY><P>JL, each PIX can have multiple ISAKMP policies but there must be at least one match on both sides. By design, if there are multiple matching policies then they should agree on the "best" one which will ususally be the most secure. If they don't have at least one matching policy then the tunnel will not be established.</P><P></P><P>I have never seen a default policy defined on a PIX but who knows with future code and/or models.</P><P></P><P>Rik</P></BODY></HTML> Mon, 23 Aug 2004 12:29:16 GMT https://community.cisco.com/t5/network-security/configuring-isakmp-policy-in-cisco-pix-firewall/m-p/276363#M562874 rguyler 2004-08-23T12:29:16Z https://community.cisco.com/t5/network-security/configuring-isakmp-policy-in-cisco-pix-firewall/m-p/276364#M562875 <HTML><HEAD></HEAD><BODY><P>Hi Rik,</P><P></P><P>first thanks for communication.</P><P>After you put in CLI on PIX command</P><P>sh isakmp policy you can see policies you configured</P><P>(I mean me) an at the end is default policy</P><P></P><P>Default protection suite</P><P> encryption algorithm: DES - Data Encryption Standard (56 bit keys).</P><P> hash algorithm: Secure Hash Standard</P><P> authentication method: Rivest-Shamir-Adleman Signature</P><P> Diffie-Hellman group: #1 (768 bit)</P><P> lifetime: 86400 seconds, no volume limit</P><P></P><P></P><P>So my question is for which reason is there.?</P><P></P><P>rg</P><P>jl</P><P></P></BODY></HTML> Mon, 23 Aug 2004 14:15:29 GMT https://community.cisco.com/t5/network-security/configuring-isakmp-policy-in-cisco-pix-firewall/m-p/276364#M562875 johnleeee 2004-08-23T14:15:29Z