Digi IX14 User Manual page 442

Virtual Private Networks (VPN)
n
n
n
15. Configure IKE settings:
a. Set the IKE version:
(config vpn ipsec tunnel ipsec_example)> ike version value
(config vpn ipsec tunnel ipsec_example)>
where value is either ikev1 or ikev2. This setting must match the peer's IKE version.
b. Determine whether the device should initiate the key exchange, rather than waiting for an
incoming request. By default, the device will initiate the key exchange. This must be
disabled if
(config vpn ipsec tunnel ipsec_example)> ike initiate false
(config vpn ipsec tunnel ipsec_example)>
c. Set the IKE phase 1 mode:
(config vpn ipsec tunnel ipsec_example)> ike mode value
(config vpn ipsec tunnel ipsec_example)>
where value is either aggressive or main.
d. Padding of IKE packets is enabled by default and should normally not be disabled except
for compatibility purposes. To disable:
(config vpn ipsec tunnel ipsec_example)> ike pad false
(config vpn ipsec tunnel ipsec_example)>
e. Set the amount of time that the IKE security association expires after a successful
negotiation and must be re-authenticated:
(config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime value
(config vpn ipsec tunnel ipsec_example)>
IX14 User Guide
rfc822: The ID will be interpreted as an RFC822 (email address).
Set the ID in internet email address format:
(config vpn ipsec tunnel ipsec_example)> remote id rfc822_id id
(config vpn ipsec tunnel ipsec_example)>
fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as
an ID_FQDN IKE identity.
Set the ID as an FQDN:
(config vpn ipsec tunnel ipsec_example)> remote id rfc822_id id
(config vpn ipsec tunnel ipsec_example)>
keyid: The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity.
Set the key ID:
(config vpn ipsec tunnel ipsec_example)> remote id keyid_id id
(config vpn ipsec tunnel ipsec_example)>
remote hostname is set to any. To disable:
IPsec
442