10-18-2013 06:56 AM
Hello All,
Wondering if the policies shown in:
"show crypto isakmp default policy" command
are in force and can potentially be negotiated, even when I have an isakmp policy defined on the configruation explicitly, allowing only needed security protocols.
IOS is 15.2(3)T3
Thanks!
Solved! Go to Solution.
10-18-2013 11:25 AM
I think this will be key to understanding:
If you have neither manually configured IKE policies with thecrypto isakmp policy command nor disabled the default IKE policies with the no crypto isakmp default policy command, the default IKE policies will be used during peer IKE negotiations.
10-18-2013 11:25 AM
I think this will be key to understanding:
If you have neither manually configured IKE policies with thecrypto isakmp policy command nor disabled the default IKE policies with the no crypto isakmp default policy command, the default IKE policies will be used during peer IKE negotiations.
10-18-2013 11:32 AM
Following your link found another key to understanding :
You may configure IKE policies with the crypto isakmp policy command. User configured IKE policies are uniquely identified and configured with a priority number ranging from 1-10000, where 1 is the highest priority and 10000 the lowest priority.
Once you have configured one or more IKE policies with a priority of 1-10000:
10-18-2013 11:34 AM
if you re-read the sentence I quoted it will claim the same
Anyway, you should just go with IKEv2 and smart defaults ;-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide