Table of Contents
Advertisement
Virtual Private Networks (VPN)
n
n
n
15. Configure IKE settings:
a. Set the IKE version:
(config vpn ipsec tunnel ipsec_example)> ike version value
(config vpn ipsec tunnel ipsec_example)>
where value is either ikev1 or ikev2. This setting must match the peer's IKE version.
b. Determine whether the device should initiate the key exchange, rather than waiting for an
incoming request. By default, the device will initiate the key exchange. This must be
disabled if
(config vpn ipsec tunnel ipsec_example)> ike initiate false
(config vpn ipsec tunnel ipsec_example)>
c. Set the IKE phase 1 mode:
(config vpn ipsec tunnel ipsec_example)> ike mode value
(config vpn ipsec tunnel ipsec_example)>
where value is either aggressive or main.
d. Set the IKE fragmentation:
(config vpn ipsec tunnel ipsec_example)> ike fragmentation value
(config vpn ipsec tunnel ipsec_example)>
where value is one of:
n
n
n
n
The default is always.
e. Padding of IKE packets is enabled by default and should normally not be disabled except
for compatibility purposes. To disable:
Digi Connect EZ Mini User Guide
keyid: The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity.
Set the key ID:
(config vpn ipsec tunnel ipsec_example)> remote id type keyid_id
id
(config vpn ipsec tunnel ipsec_example)>
mac_address: The device's MAC address will be used for the Key ID and sent as an
ID_KEY_ID IKE identity.
serial_number: The ID device's serial number will be used for the Key ID and sent
as an ID_KEY_ID IKE identity.
remote hostname
is set to any. To disable:
if_supported: Send oversized IKE messages in fragments, if the peer supports
receiving them.
always: Always send IKEv1 messages in fragments. For IKEv2, this option is
equivalent to if supported.
never: Do not send oversized IKE messages in fragments.
accept: Do not send oversized IKE messages in fragments, but announce support
for fragmentation to the peer.
IPsec
141
Advertisement
Table of Contents
