Table of Contents
Advertisement
Virtual Private Networks (VPN)
iii. Set the type of encryption to use during phase 2:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
cipher value
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des.
iv. Set the type of hash to use during phase 2 to verify communication integrity:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
hash value
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
where value is one of md5, sha1, sha256, sha384, or sha512. The default is sha1.
v. Set the type of Diffie-Hellman group to use for key exchange during phase 2:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> dh_
group value
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
where value is one of ecp384, modp768, modp1024, modp1536, modp2048,
modp3072, modp4096, modp6144, or modp8192, . The default is modp1024.
vi. (Optional) Add additional phase 2 proposals:
ii. Add an additional proposal:
iii. Repeat to add more phase 2 proposals.
16. (Optional) Configure dead peer detection:
Dead peer detection is enabled by default. Dead peer detection uses periodic IKE
transmissions to the remote endpoint to detect whether tunnel communications have failed,
allowing the tunnel to be automatically restarted when failure occurs.
a. Change to the root of the configuration schema:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> ...
(config)>
IX20 User Guide
i. Move back one level in the schema:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
..
(config vpn ipsec tunnel ipsec_example ike phase2_proposal)>
(config vpn ipsec tunnel ipsec_example ike phase2_proposal)>
add end
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 1)>
Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman
group for the additional proposal.
IPsec
310
Advertisement
Table of Contents
