Jerome, >>there could still be a match between default isakmp policies.>
that was exactly my point. How do we protect this from happening (choosing default policy). On Thu, Mar 3, 2011 at 9:35 PM, Jerome Dolphin <[email protected]> wrote: > Also, > > If there is no match between the user-defined isakmp policies, there could > still be a match between default isakmp policies. On a 12.4(15)T router with > no user-defined isakmp config there is already an isakmp policy built into > the IOS: > > ------------------------------------------ > Router#show crypto isakmp policy > > Global IKE policy > Default protection suite > encryption algorithm: DES - Data Encryption Standard (56 bit > keys). > hash algorithm: Secure Hash Standard > authentication method: Rivest-Shamir-Adleman Signature > Diffie-Hellman group: #1 (768 bit) > lifetime: 86400 seconds, no volume limit > Router# > ------------------------------------------ > > The later versions of IOS have multiple built in policies: > > http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s3.html#wp1164552 > > > Cheers : ) > Jerome > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
