Table of Contents
Advertisement
Virtual Private Networks (VPN)
where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des.
iii. Set the type of hash to use during phase 1 to verify communication integrity:
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
hash value
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
where value is one of md5, sha1, sha256, sha384, or sha512. The default is sha1.
iv. Set the type of Diffie-Hellman group to use for key exchange during phase 1:
ii. Set the Diffie-Hellman group type:
The default is modp2048.
v. (Optional) Add additional phase 1 proposals:
ii. Add an additional proposal:
iii. Repeat to add more phase 1 proposals.
j. Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 2:
i. Move back two levels in the schema:
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> ..
..
(config vpn ipsec tunnel ipsec_example ike)>
IX30 User Guide
i. Use the ? to determine available Diffie-Hellman group types:
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
dh_group ?
curve25519
curve448
ecp192
ecp224
...
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
dh_group value
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
i. Move back one level in the schema:
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
..
(config vpn ipsec tunnel ipsec_example ike phase1_proposal)>
(config vpn ipsec tunnel ipsec_example ike phase1_proposal)>
add end
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 1)>
Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman
group for the additional proposal.
IPsec
359
Advertisement
Table of Contents
