Information Technology Reference
In-Depth Information
Using the Command-Line Interface
The
mmsecmethods =
switch requires a specific syntax to specify custom security methods, but
it's quite logical once you break it into its component parts. You can specify multiple security
methods at the same time, each one separated by spaces:
> mmsecmethods =
SecMethod1
SecMethod2
SecMethod3
The syntax to specify each method is as follows:
EncryptionAlgorithm IntegrityAlgorithm GroupNumber
The
EncryptionAlgorithm
setting can be either
DES
or
3DES
. The
IntegrityAlgorithm
can be
either
MD5
or
SHA1
. The
GroupNumber
setting can be one of the following:
1
specifies a 768-bit key length (low)
2
specifies a 1024-bit key length (medium)
3
specifies a 2048-bit key length (high)
For example, the following snippet specifies two security methods: the 3DES encryption
algorithm with the SHA integrity algorithm, using group number 1, and the 3DES encryption algo-
rithm with the MD5 integrity algorithm, using group number 2.
> mmsecmethods = "3DES-SHA1-1 3DES-MD5-2"
See Also
Recipe 7-6 for configuring IPSec security methods
Cisco Press, “IPSec Overview Part Four, Internet Key Exchange” (
http://www.ciscopress.
com/articles/article.asp?p=25474&rl=1
)
RSA Security, “What is Diffie-Hellman?” (
http://www.rsasecurity.com/rsalabs/
node.asp?id=2248
)
Microsoft TechNet: “Define IPSec Key Exchange Settings” (
http://www.microsoft.com/
technet/prodtechnol/windowsserver2003/library/ServerHelp/
acf4a4e2-687d-4b3e-8446-8a56731d879a.mspx
)
7-8. Managing Authentication Methods
Problem
You want to configure the authentication method that is used by an IPSec rule.