Configuring isakmp policy in Cisco PIX firewall.

johnleeee · ‎08-22-2004

Hi all,

I need help with configuring isakmp policy on PIX

to set up VPN connection from another PIX.

What is true? When I configure same policy in both PIXs (PIX to PIX)they establish VPN connection. Thats true.

When I connfigure different policy in both, they dont establish VPN connection.

Thats true again.

And on PIX is default isakmp policy preconfigured.

Will this policy play role in setting VPN connection up when configured didnt.

I ask this question because on each PIX isakmp policy is same.

rg

jl

rguyler · ‎08-23-2004

JL, each PIX can have multiple ISAKMP policies but there must be at least one match on both sides. By design, if there are multiple matching policies then they should agree on the "best" one which will ususally be the most secure. If they don't have at least one matching policy then the tunnel will not be established.

I have never seen a default policy defined on a PIX but who knows with future code and/or models.

Rik

johnleeee · ‎08-23-2004

Hi Rik,

first thanks for communication.

After you put in CLI on PIX command

sh isakmp policy you can see policies you configured

(I mean me) an at the end is default policy

Default protection suite

encryption algorithm: DES - Data Encryption Standard (56 bit keys).

hash algorithm: Secure Hash Standard

authentication method: Rivest-Shamir-Adleman Signature

Diffie-Hellman group: #1 (768 bit)

lifetime: 86400 seconds, no volume limit

So my question is for which reason is there.?

rg

jl