Table of Contents
Advertisement
Virtual Private Networks (VPN)
The default is 3des.
iv. Set the type of hash to use during phase 2 to verify communication integrity:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> hash
value
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
where value is one of:
The default is sha1.
v. Set the type of Diffie-Hellman group to use for key exchange during phase 2:
i. Use the ? to determine available Diffie-Hellman group types:
ii. Set the Diffie-Hellman group type:
The default is modp2048.
vi. (Optional) Add additional phase 2 proposals:
i. Move back one level in the schema:
ii. Add an additional proposal:
iii. Repeat to add more phase 2 proposals.
Digi Connect IT® 4 User Guide
md5
n
sha1
n
sha256
n
sha384
n
sha512
n
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
dh_group ?
curve25519
curve448
ecp192
ecp224
...
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
dh_group value
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
..
(config vpn ipsec tunnel ipsec_example ike phase2_proposal)>
(config vpn ipsec tunnel ipsec_example ike phase2_proposal)> add
end
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 1)>
Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman
group for the additional proposal.
IPsec
330
Advertisement
Table of Contents
