Enabling Ikev2 Preshared Key Authentication; Setting Up A Key Policy - Lenovo Flex System Fabric CN4093 Application Manual

Enabling IKEv2 Preshared Key Authentication

1. Enter the local preshared key.
2. If asymmetric authentication is supported, enter the remote key:
3. Set up the IKEv2 identification type by entering one of the following commands:

Setting Up a Key Policy

1. To define which encryption and authentication algorithms are used, create a
424
CN4093 Application Guide for N/OS 8.4
To set up IKEv2 preshared key authentication:
CN 4093(config)# ikev2 preshare-key local <preshared key, a string of 1‐256 chars>
CN 4093(config)# ikev2 preshare-key remote <preshared key> <IPv6 host>
where the following parameters are used:
 preshared key
IPv6 host

CN 4093(config)# ikev2 identity local address (use an IPv6 address)
CN 4093(config)# ikev2 identity local email <email address>
CN 4093(config)# ikev2 identity local fqdn <domain name>
To disable IKEv2 RSA‐signature authentication method and enable preshared
key authentication, enter:
CN 4093(config)# no access https
When configuring IPsec, you must define a key policy. This key policy can be either
manual or dynamic. Either way, configuring a policy involves the following steps:
 Create a transform set—This defines which encryption and authentication algo‐
rithms are used.
 Create a traffic selector—This describes the packets to which the policy applies.
 Establish an IPsec policy.
 Apply the policy.
transform set:
CN 4093(config)# ipsec transform-set <transform ID> <encryption method> <integrity
algorithm> <AH authentication algorithm>
where the following parameters are used:
 transform ID
 encryption method
 integrity algorithm
AH authentication algorithm

A string of 1‐256 characters
An IPv6‐format host, such as "3000::1"
A number from 1‐10
One of the following: esp-des | esp-3des |
esp-aes-cbc | esp-null
One of the following: esp-sha1 | esp-md5 |
none
One of the following: ah-sha1 | ah-md5 | none