Digi IX10 User Manual page 183

Virtual Private Networks (VPN)
(config vpn ipsec tunnel ipsec_example)> ike phase2_lifetime 600s
(config vpn ipsec tunnel ipsec_example)>
The default is one hour.
g. Set a randomizing amount of time before the IPsec tunnel is renegotiated:
(config vpn ipsec tunnel ipsec_example)> ike lifetime_margin value
(config vpn ipsec tunnel ipsec_example)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set lifetime_margin to ten minutes, enter either 10m or 600s:
(config vpn ipsec tunnel ipsec_example)> ike lifetime_margin 600s
(config vpn ipsec tunnel ipsec_example)>
The default is nine minutes.
h. Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 1:
i. Add a phase 1 proposal:
(config vpn ipsec tunnel ipsec_example)> add ike phase1_proposal end
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
ii. Set the type of encryption to use during phase 1:
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
cipher value
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des.
iii. Set the type of hash to use during phase 1 to verify communication integrity:
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> hash
value
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
where value is one of md5, sha1, sha256, sha384, or sha512. The default is sha1.
iv. Set the type of Diffie-Hellman group to use for key exchange during phase 1:
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> dh_
group value
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
where value is one of ecp384, modp768, modp1024, modp1536, modp2048,
modp3072, modp4096, modp6144, or modp8192, . The default is modp1024.
v. (Optional) Add additional phase 1 proposals:
IX10 User Guide
i. Move back one level in the schema:
IPsec
183