From: Amanjot Singh (Amanjot.Singh@selection.co.uk)
Date: Fri Nov 17 2006 - 10:59:44 ART
Hi,
As far as I know you cannot remove the default ISAKMP policy but this
should not cause any issues to you as if you configure a policy specific
for your environment the router will try the both and the tunnel should
get setup if everything else is configured correctly.
-Aman
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Curt Girardin
Sent: 17 November 2006 13:46
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: remove default isakmp policy
Team,
Does anyone know how to remove the default isakmp policy that is on the
2600 or 3600 series routers?
For example:
Rack1R3#show crypto isakmp policy
Global IKE policy
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit
keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
How do we either get rid of this policy, or make the router not OFFER or
USE it?
Thanks,
Curt
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART