ACM VPN Configuration
Rev 3 Nov 17
23
4119855
IKE Group Configuration
The procedure for configuring IKE groups varies depending on the IKE version
being used.
To configure IKE groups for:
•
oMG/MG90 routers, and NCP Client for Windows—See
•
AirLink gateways—See
Configure IKE Groups with IKEv1
Configure IKE Groups with MOBIKE (IKEv2)
Note: Not all AirLink devices support IKEv2. IKEv2 is supported on oMG2000/500 and
MG90 routers—see
Configure IKE Groups with IKEv1
on page 24 to configure IKE groups
for other AirLink devices.
When used on supported devices, the MOBIKE (IKEv2 Mobility and Multihoming)
protocol allows for fast, seamless VPN tunnel switching. Combining the oMG/
MG90’s intelligent WAN management with MOBIKE ensures the delivery of
secure and extremely high performance mobile communications.
To enable this switching feature, both the ACM and the peer (supported device)
must:
·
Enable IKEv2 as the Key Exchange Mechanism
·
Enable MOBIKE
Use the
set vpn ipsec ike-group
command to configure the IKE group parameters,
as described below.
Note: The attribute values used in the commands below are examples only; use values
that are appropriate for your configuration. Valid values for some IKE group configurations
are described in
1.
Configure the IKE group(s)—There can be more than one IKE group and
they can be called independently for different peers. The IKE group name can
be any string.
set vpn ipsec ike-group <IKE-GRP-NAME>
2.
After configuring your IKE group(s), configure Dead Peer Detection (DPD):
a.
For each group, enable DPD:
set vpn ipsec ike-group <IKE-GRP-NAME> dead-peer-
detection action clear
Important:
Always enable DPD, and always use “action clear”—do NOT use
“action hold” or “action restart”.