cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
460
Views
0
Helpful
4
Replies

How to use different Policies in VPN setup

TRACKME_2
Level 1
Level 1

Hello,

I'm trying to setup two different policies in a cisco 1760 VPN router. Say Policy 10 and 20 as below

------------------------

crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2

-----------------

What i want to know is, how can i use different policies for different peers since some customers want 3DES/MD5 and some 3DES/SHA with group 2 etc.

For example, for customer A, i need to use Policy 10 and for customer B, i need to policy 20.

Let me know how i can bind the policy according to my needs as currently all defaults to one single policy. I have this option in Nortel and other Firewall boxes and i'm not sure how i can do this.

1 Accepted Solution

Accepted Solutions

we do not have any such binding as far as ikakmp policies are concerned

probably you can just play with the order of the isakmp polices and who initiates first, these are the only 2 ways of achieving this as i see

first play with the order of isakmp policies

second it also depends on who is initiating it

View solution in original post

4 Replies 4

Jitendriya Athavale
Cisco Employee
Cisco Employee

you can just configure all the policies and it will present all proposals to the other

end and depending on whichever policy matches, the policy is selected

Thanks for the reply. Do you mean to say that the router will check what response it gets from the remote peer and bind accordingly.

If that is the case, how this scenario will work for me

In router A, i have policy 10 and policy 20 and similarly in Remote end router called B, i have same policy settings like 10 and 20.

What i should so that router A and B peers with policy 20 instead of 10.

As per your reply, router will send both policy 10 and 20 for peering and both policies will match but i dont want policy 10 to be used, so how can we force so that the VPN should be up with policy 20 only and not with 10???

We have this option in Nortel and Juniper where we can specify the encryption settings to each specific VPN as we need.

Please advise.

we do not have any such binding as far as ikakmp policies are concerned

probably you can just play with the order of the isakmp polices and who initiates first, these are the only 2 ways of achieving this as i see

first play with the order of isakmp policies

second it also depends on who is initiating it

Thanks and i think this is the only way we can use to force the encryption settings. Thanks again for your kind help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: