cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
773
Views
0
Helpful
1
Replies

IPSEC manual

nitinnigam
Level 1
Level 1

Hi,

I am configuring IPSEC for the first time. I am using the following commands to configure IPSEC

"crypto ipsec transform-set pulse_ipsec esp-3des" and

"crypto map test_ipsec 1 ipsec-manual"

"set peer 10.1.1.1"

"set session-key inbound esp 256 cipher <xxxxxxxxxxxxxx> authenticator <xxxxxxxxxxxxx>"

"set session-key outbound esp 257 cipher <xxxxxxxxxxx> authenticator <xxxxxxxxxxxxx>"

"set transform-set pulse_ipsec"

Can someone please tell me where I have put <xxxx> I have to insert the keys. How should I generate those keys.Is there anyway both peer routers can generate the keys or what should I enter is cipher and authenticator field.

Thanks

1 Accepted Solution

Accepted Solutions

atdhingr
Level 1
Level 1

Hi,

Enter them manually in hexadecimal format.

This is an arbitrary hexadecimal string of 8, 16, or 20 bytes.

If the crypto map's transform set includes a DES algorithm, specify at least 8 bytes per key.

If the crypto map's transform set includes an MD5 algorithm, specify at least 16 bytes per key.

If the crypto map's transform set includes an SHA algorithm, specify 20 bytes per key.

Keys longer than the above sizes are simply truncated.

Thanks

Atul.

View solution in original post

1 Reply 1

atdhingr
Level 1
Level 1

Hi,

Enter them manually in hexadecimal format.

This is an arbitrary hexadecimal string of 8, 16, or 20 bytes.

If the crypto map's transform set includes a DES algorithm, specify at least 8 bytes per key.

If the crypto map's transform set includes an MD5 algorithm, specify at least 16 bytes per key.

If the crypto map's transform set includes an SHA algorithm, specify 20 bytes per key.

Keys longer than the above sizes are simply truncated.

Thanks

Atul.