Virtual Private Networks (VPN)
IPsec
IX20 User Guide
281
Set the ID as an FQDN:
(config vpn ipsec tunnel ipsec_example)> remote id rfc822_id
id
(config vpn ipsec tunnel ipsec_example)>
n
keyid
: The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity.
Set the key ID:
(config vpn ipsec tunnel ipsec_example)> remote id keyid_id
id
(config vpn ipsec tunnel ipsec_example)>
15. Configure IKE settings:
a. Set the IKE version:
(config vpn ipsec tunnel ipsec_example)> ike version
value
(config vpn ipsec tunnel ipsec_example)>
where
value
is either
ikev1
or
ikev2
. This setting must match the peer's IKE version.
b. Determine whether the device should initiate the key exchange, rather than waiting for an
incoming request. By default, the device will initiate the key exchange. This must be
disabled if
is set to
any
. To disable:
(config vpn ipsec tunnel ipsec_example)> ike initiate false
(config vpn ipsec tunnel ipsec_example)>
c. Set the IKE phase 1 mode:
(config vpn ipsec tunnel ipsec_example)> ike mode
value
(config vpn ipsec tunnel ipsec_example)>
where
value
is either
aggressive
or
main
.
d. Padding of IKE packets is enabled by default and should normally not be disabled except
for compatibility purposes. To disable:
(config vpn ipsec tunnel ipsec_example)> ike pad false
(config vpn ipsec tunnel ipsec_example)>
e. Set the amount of time that the IKE security association expires after a successful
negotiation and must be re-authenticated:
(config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime
value
(config vpn ipsec tunnel ipsec_example)>
where
value
is any number of weeks, days, hours, minutes, or seconds, and takes the
format
number
{
w|d|h|m|s
}.
For example, to set
phase1_lifetime
to ten minutes, enter either
10m
or
600s
:
(config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime 600s
(config vpn ipsec tunnel ipsec_example)>
The default is three hours.