The peer sends the configured ISAKMP policy to other peer. The other peer compares the received policies with it's local policies starting from highest to lowest priority. The first match it picked up.
With regards Kings On Wed, Mar 2, 2011 at 3:27 PM, Serious CCIE <[email protected]> wrote: > Folks, > I was wondering, how does the tunnel decide which crypto isakmp policy to > pickup? > in other words, how do we marry ISAKMP profile with end points? > > Let's say this is my scenario: > > R1----R2 > > | > | > R3 > > 1. Both R2 and R3 connects to R1. > 2. R2 want to pick policy with 3DES > 3. R3 want to pick policy with DES > > Typically, all the example that I came across have the matching policy number > in this scenario with ISAKMP policy. > > in this case R2 will be configured with "cry isakmp policy 100" and R3 will > be configured "cry isakmp policy 200". > > Is that assumption correct? or there is a criteria re how does it pick up? > > > On R1: > ------- > crypto isakmp policy 100 > encr 3des > <------------------ 3DES > hash md5 > authentication pre-share > group 2 > > crypto isakmp policy 200 > encr des <--------------------Just DES > hash md5 > authentication pre-share > group 1 <---Group1 > > > what is the tie breaker? > > > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
